|
Log-Analyse und Auswertung: Bundespolizei Virus, wpbt0.dll FensterWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
26.11.2011, 16:30 | #1 |
| Bundespolizei Virus, wpbt0.dll Fenster Hallo, ich habe mir heute vormittag auch den Bundespolizei Virus eingefangen. Danach habe ich sofort den Laptop ausgeschaltet (durch langes Drücken auf die Einschalttaste). Beim nächsten hochfahren ging ein Hinweis auf, das ich im Begriff bin eine dll-Datei zu öffnen. Es handelte sich dabei um die "wpbt0.dll" Datei. Zunächst habe ich mit der Systemwiederherstellungsfunktion mein System auf den Stand vor ca. einer Woche zurückgesetzt und gehofft, dass sich damit das Problem lösen lässt. Beim Neustart aber wieder das bekannte Fenster mit der dll-Datei. Nach dieser habe ich dann gegoogelt und bin auf die Trojaner-Board Seite mit vergleichbaren Problemlösungen gestossen. Davor habe ich noch einen Scanlauf mit MCAfee SecurityScanPlus (ohne Befund) und mit SpywareTerminator 2012 (mit 41 Infectionen, cookies und spyware ??? (Logdatei und Screenshot anbei) die ich aber bisher noch nicht gelöscht habe!!!) durchgeführt. Ich habe die beschriebenen Massnahmen von Trojaner-Board Schritt für Schritt durchgeführt, und die Programme "defogger" und "otl" ausgeführt. Die Screenshots und Log-Dateien hänge ich an. Ausserdem habe ich das Programm "Malwarebytes" installiert und die beim Systemscan gefundenen Schädlinge entfernt. Beim nächsten Neustart ist nun das wpbt0.dll-Fenster verschwunden! Meine Internetverbindung war die ganze Zeit online (musste mir ja die Tips zum Problem besorgen), ausserdem musste ich zum installieren der neuen Programmen mein Admin-Passwort eingeben. Hoffe ich habe damit keinen Fehler gemacht! Vielen Dank schon mal für eure Hilfe! |
26.11.2011, 17:29 | #2 |
/// Selecta Jahrusso | Bundespolizei Virus, wpbt0.dll FensterEine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 Downloade dir bitte dds ( von sUBs ) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop. dds.com dds.scr dds.pif
Bitte poste in deiner nächsten Antwort dds.txt attach.txt
__________________ |
26.11.2011, 17:50 | #3 |
| Bundespolizei Virus, wpbt0.dll Fenster Hallo Daniel,
__________________hoffe ich hab dich richtig verstanden. Ich kopiere also die dds.txt direkt in dieses Nachrichtenfenster: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29 Run by Master of Puppets at 17:43:46 on 2011-11-26 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3933.2553 [GMT 1:00] . AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\WINDOWS\SYSTEM32\SPOOLSV.EXE C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\SCHED.EXE C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVGUARD.EXE C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\conhost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\PROGRAM FILES (X86)\MICROSOFT\BINGBAR\SEAPORT.EXE C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe C:\Windows\system32\svchost.exe -k imgsvc C:\PROGRAM FILES (X86)\TOSHIBA TEMPRO\TEMPROSVC.EXE C:\Windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\TOSHIBA\TECO\TecoService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\WINDOWS\EXPLORER.EXE C:\PROGRAM FILES (X86)\TOSHIBA TEMPRO\TEMPROTRAY.EXE C:\Windows\system32\svchost.exe -k HPService C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\WINDOWS\SYSTEM32\SEARCHINDEXER.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\TECO\TEco.exe C:\PROGRAM FILES\TOSHIBA\REGISTRATION\TOSHIBAREMINDER.EXE C:\Windows\system32\igfxext.exe C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe C:\PROGRAM FILES (X86)\COMMON FILES\PANASONIC\PHOTOFUNSTUDIO AUTOSTART\AUTOSTARTUPSERVICE.EXE C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORUPDATE.EXE C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\PROGRAM FILES (X86)\TOSHIBA\UTILITIES\KENOTIFY.EXE C:\PROGRAM FILES (X86)\TOSHIBA\TOSHIBA WEB CAMERA APPLICATION\TWEBCAMERA.EXE C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVGNT.EXE C:\PROGRAM FILES (X86)\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE C:\PROGRAM FILES (X86)\COMMON FILES\LEXWARE\UPDATE MANAGER\LXUPDATEMANAGER.EXE C:\PROGRAM FILES (X86)\FREEPDF_XP\FPASSIST.EXE C:\PROGRAM FILES (X86)\ASK.COM\UPDATER\UPDATER.EXE C:\PROGRAM FILES (X86)\ITUNES\ITUNESHELPER.EXE C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\BIN\HPQSTE08.EXE C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\BIN\HPQBAM08.EXE C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\BIN\HPQGPC01.EXE C:\PROGRAM FILES\IPOD\BIN\IPODSERVICE.EXE C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\WINDOWS\SYSTEM32\DLLHOST.EXE C:\PROGRAM FILES (X86)\TOSHIBA\CONFIGFREE\CFIWMXSVCS64.EXE C:\PROGRAM FILES (X86)\TOSHIBA\CONFIGFREE\CFPROCSRVC.EXE C:\PROGRAM FILES (X86)\TOSHIBA\CONFIGFREE\CFSVCS.EXE C:\PROGRAM FILES\TOSHIBA\TOSHIBA HDD SSD ALERT\TOSSMARTSRV.EXE C:\PROGRAM FILES\TOSHIBA\TOSHIBA HDD SSD ALERT\TOSSENOTIFY.EXE C:\PROGRAM FILES\TOSHIBA\TPHM\TPCHSRV.EXE C:\PROGRAM FILES\TOSHIBA\TPHM\TPCHWMSG.EXE C:\WINDOWS\SYSTEM32\SEARCHPROTOCOLHOST.EXE C:\WINDOWS\SYSTEM32\SEARCHFILTERHOST.EXE C:\WINDOWS\SYSTEM32\DLLHOST.EXE C:\WINDOWS\SYSTEM32\DLLHOST.EXE C:\WINDOWS\SYSWOW64\CMD.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE C:\WINDOWS\SYSWOW64\CSCRIPT.EXE . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: IE5BarLauncherBHO Class: {78f3a323-798e-4aea-9a57-88f4b05fd5dd} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: VShareToolBar: {7ac3e13b-3bca-4158-b330-f66dbb03c1b5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRunOnce: [scan_after_setup] "c:\program files (x86)\avira\antivir desktop\avcenter.exe" /SCANAFTERSETUP="scan setup2date wait newprocess" mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL mRun: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun mRun: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60 mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart mRun: [FreePDF Assistant] "C:\Program Files (x86)\FreePDF_XP\fpassist.exe" mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHOTOF~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{AEE1E8A3-1E8A-4DB7-A22B-6656A12B5D19} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{AEE1E8A3-1E8A-4DB7-A22B-6656A12B5D19}\4727575666562786F66613 : DhcpNameServer = 10.0.0.138 TCP: Interfaces\{F6556F80-DEDB-4C79-BEDB-9EB447F983CF} : DhcpNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll {0347C33E-8762-4905-BF09-768834316C61} {18DF081C-E8AD-4283-A596-FA578C2EBDC3} {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} {9030D464-4C02-4ABF-8ECC-5164760863C6} {9FDDE16B-836F-4806-AB1F-1455CBEFF289} {AA58ED58-01DD-4d91-8333-CF10577473F7} {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} {B4F3A835-0E21-4959-BA22-42B3008E02FF} {d2ce3e00-f94a-4740-988e-03dc2f38c34f} {D4027C7F-154A-4066-A1AD-4243D8127440} {DBC80044-A445-435b-BC74-9C25C1C588A9} {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} {8dcb7100-df86-4384-8842-8fa844297b3f} {2318C2B1-4965-11d4-9B18-009027A5CD4F} {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} {D4027C7F-154A-4066-A1AD-4243D8127440} EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL mRun-x64: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun mRun-x64: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60 mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [(Standard)] mRun-x64: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart mRun-x64: [FreePDF Assistant] "C:\Program Files (x86)\FreePDF_XP\fpassist.exe" mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Master of Puppets\AppData\Roaming\Mozilla\Firefox\Profiles\quick9bn.default\ FF - prefs.js: browser.search.selectedEngine - Web Search FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=1 FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&src=sp&cf=20e9a526-071c-11e1-b092-705ab680be32&q= FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\system32\DRIVERS\tos_sps64.sys --> C:\Windows\system32\DRIVERS\tos_sps64.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-8-5 136360] R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-8-5 269480] R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?] R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688] R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368] R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448] R2 sp_rsdrv2;Spyware Terminator Driver Filter;C:\Windows\system32\DRIVERS\stflt.sys --> C:\Windows\system32\DRIVERS\stflt.sys [?] R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2011-11-26 1148632] R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-8-6 116104] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-27 251760] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\system32\DRIVERS\TVALZFL.sys --> C:\Windows\system32\DRIVERS\TVALZFL.sys [?] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?] R3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560] R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-5 135664] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-5 135664] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-6-23 51512] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 AntiVirWebService;Avira AntiVir WebGuard;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2011-6-28 428200] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2011-11-26 11:10:04 -------- d-----w- C:\Users\Master of Puppets\AppData\Roaming\Malwarebytes 2011-11-26 11:09:56 -------- d-----w- C:\ProgramData\Malwarebytes 2011-11-26 11:09:52 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-11-26 11:09:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-11-26 09:58:57 51496 ----a-w- C:\Windows\System32\drivers\stflt.sys 2011-11-26 09:58:56 -------- d-----w- C:\Users\Master of Puppets\AppData\Roaming\Spyware Terminator 2011-11-26 09:58:56 -------- d-----w- C:\ProgramData\Spyware Terminator 2011-11-26 09:57:08 -------- d-----w- C:\Program Files (x86)\Spyware Terminator 2011-11-12 17:38:23 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll 2011-11-12 17:38:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2011-11-12 16:11:19 -------- d-----w- C:\ProgramData\McAfee Security Scan 2011-11-12 16:11:18 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan 2011-11-12 07:41:30 -------- d-----w- C:\Program Files\iPod 2011-11-12 07:41:29 -------- d-----w- C:\Program Files\iTunes 2011-11-12 07:41:29 -------- d-----w- C:\Program Files (x86)\iTunes 2011-11-12 07:39:27 -------- d-----w- C:\Program Files\Bonjour 2011-11-12 07:39:27 -------- d-----w- C:\Program Files (x86)\Bonjour 2011-11-11 19:34:16 -------- d-----w- C:\Program Files (x86)\Ask.com 2011-11-09 19:56:12 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll 2011-11-09 19:56:12 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll 2011-11-09 19:56:12 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2011-11-09 19:55:59 3144704 ----a-w- C:\Windows\System32\win32k.sys 2011-11-05 18:50:02 -------- d-----w- C:\Windows\SysWow64\Adobe 2011-11-04 19:35:38 -------- d-----w- C:\Program Files (x86)\vShare.tv plugin 2011-11-02 21:28:30 87040 ----a-w- C:\Windows\System32\redmonnt.dll 2011-11-02 21:28:30 46080 ----a-w- C:\Windows\System32\unredmon.exe 2011-11-02 21:28:29 -------- d-----w- C:\Users\Master of Puppets\AppData\Roaming\FreePDF 2011-11-02 21:28:29 -------- d-----w- C:\Program Files (x86)\FreePDF_XP 2011-11-02 21:24:43 -------- d-----w- C:\Program Files\gs 2011-10-30 18:27:40 -------- d-----w- C:\Windows\SysWow64\Wat 2011-10-30 18:27:39 -------- d-----w- C:\Windows\System32\Wat 2011-10-30 06:26:23 -------- d-----w- C:\Users\Master of Puppets\AppData\Roaming\RavensburgerTipToi 2011-10-30 06:26:23 -------- d-----w- C:\ProgramData\RavensburgerTipToi 2011-10-30 06:19:59 -------- d-----w- C:\Program Files (x86)\Ravensburger tiptoi 2011-10-28 21:26:26 -------- d-----w- C:\ProgramData\WEBREG 2011-10-28 21:15:17 -------- d-----w- C:\Users\Master of Puppets\OJ6500vE709_Full_14 2011-10-28 20:52:56 -------- d-----w- C:\Users\Master of Puppets\AppData\Local\ElevatedDiagnostics . ==================== Find3M ==================== . 2011-11-12 16:12:13 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-24 13:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2011-10-24 13:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2011-10-14 16:34:54 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2011-10-14 16:34:52 175616 ----a-w- C:\Windows\System32\msclmd.dll 2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-08-30 22:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe 2011-08-30 22:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll 2011-08-30 22:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll 2011-08-30 22:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll 2011-08-30 22:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe 2011-08-30 22:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll 2011-08-30 22:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll 2011-08-30 22:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll . ============= FINISH: 17:44:35,10 =============== als 2. die attach.txt genauso: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12.07.2010 18:41:05 System Uptime: 26.11.2011 17:30:54 (0 hours ago) . Motherboard: TOSHIBA | | KSWAA Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz | U2E1 | 2200/mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 233 GiB total, 101,941 GiB free. D: is FIXED (NTFS) - 232 GiB total, 225,672 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Officejet 6500 E709a Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Officejet 6500 E709a PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . ==== System Restore Points =================== . RP77: 26.10.2011 10:11:40 - Windows Update RP78: 28.10.2011 22:41:17 - Installed HP Update RP79: 30.10.2011 19:27:09 - Windows Update RP80: 02.11.2011 22:28:44 - Gerätetreiber-Paketinstallation: freepdfxp.de Drucker RP81: 09.11.2011 22:32:05 - Windows Update RP82: 11.11.2011 21:43:08 - Windows Update RP83: 12.11.2011 18:20:20 - Removed Java(TM) 6 Update 13 (64-bit) RP84: 12.11.2011 18:26:21 - Removed Java(TM) 6 Update 14 RP85: 12.11.2011 18:37:47 - Installed Java(TM) 6 Update 29 RP86: 26.11.2011 10:23:16 - Wiederherstellungsvorgang RP87: 26.11.2011 12:53:15 - OTL Restore Point - 26.11.2011 12:53:09 . ==== Installed Programs ====================== . 6500_E709_eDocs 6500_E709_Help 6500_E709a 7-Zip 9.20 Adobe AIR Adobe Flash Player ActiveX Adobe Reader 9.1 - Deutsch Adobe Shockwave Player 11.6 Amazon.de Apple Application Support Apple Software Update Ask Toolbar Avira AntiVir Personal - Free Antivirus Bautagebuch Mobile für Pocket PC 2009-10 Standard Bing Bar bpd_scan BPDSoftware BPDSoftware_Ini BufferChm Canon Camera WIA Driver Canon G.726 WMP-Decoder CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Internet Library for ZoomBrowser EX Canon IXY 320, PowerShot S230, IXUS v3 WIA-Treiber Canon MovieEdit Task for ZoomBrowser EX Canon RAW Image Task for ZoomBrowser EX Canon Utilities CameraWindow Canon Utilities CameraWindow DC Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX Canon Utilities MyCamera Canon Utilities MyCamera DC Canon Utilities PhotoStitch Canon Utilities RemoteCapture DC Canon Utilities RemoteCapture Task for ZoomBrowser EX Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility Compatibility Pack für 2007 Office System D3DX10 Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition Designer 2.0 Destinations DeviceDiscovery dm-Fotowelt DocMgr DocProc eBay Fax fotokasten comfort FreePDF (Remove only) Google Toolbar for Internet Explorer Google Update Helper GPBaseService2 HP Update HPProductAssistant HPSSupply Java Auto Updater Java(TM) 6 Update 29 Junk Mail filter update Lexware buchhalter 2011 Lexware Elster Lexware Info Service Malwarebytes' Anti-Malware Version 1.51.2.1300 MarketResearch McAfee Security Scan Plus Mesh Runtime Messenger Companion Microsoft Office Access MUI (German) 2010 Microsoft Office Excel MUI (German) 2010 Microsoft Office Home and Student 2010 Microsoft Office OneNote MUI (German) 2010 Microsoft Office Outlook MUI (German) 2010 Microsoft Office PowerPoint MUI (German) 2010 Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proof (Italian) 2010 Microsoft Office Proofing (German) 2010 Microsoft Office Publisher MUI (German) 2010 Microsoft Office Shared MUI (German) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (German) 2010 Microsoft Project 2000 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Microsoft WSE 3.0 Runtime Mozilla Firefox 7.0.1 (x86 de) MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) PHOTOfunSTUDIO 5.2 HD Edition ProductContext QuickTime Ravensburger tiptoi Realtek 8136 8168 8169 Ethernet Driver Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Realtek WLAN Driver RENESIS® Player Browser Plugins Scan Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Security Update for Microsoft Excel 2010 (KB2553070) Security Update for Microsoft Office 2010 (KB2289078) Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft PowerPoint 2010 (KB2519975) Security Update for Microsoft Publisher 2010 (KB2409055) Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Word 2010 (KB2345000) Servicepack Datumsaktualisierung SILKYPIX Developer Studio 3.1 SE Skype(TM) Launcher SmartWebPrinting SolutionCenter Spyware Terminator 2012 Status swMSM Toolbox Toshiba Assist TOSHIBA Bulletin Board TOSHIBA ConfigFree TOSHIBA DVD PLAYER TOSHIBA eco Utility TOSHIBA Extended Tiles for Windows Mobility Center TOSHIBA Face Recognition TOSHIBA Flash Cards Support Utility TOSHIBA Hardware Setup TOSHIBA HDD/SSD Alert Toshiba Manuals Toshiba Online Product Information Toshiba Photo Service - powered by myphotobook TOSHIBA Recovery Media Creator Reminder TOSHIBA ReelTime TOSHIBA Service Station TOSHIBA Supervisor Password TOSHIBA Supervisorkennwort Toshiba TEMPRO TOSHIBA Value Added Package TOSHIBA Web Camera Application TrayApp TRORMCLauncher Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft Office 2010 (KB2202188) Update for Microsoft Office 2010 (KB2413186) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2523113) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition Update for Microsoft Outlook Social Connector (KB2583935) Utility Common Driver vShare.tv plugin 1.3 WebReg WildTangent-Spiele Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalerie Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX control for remote connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== End Of File =========================== freundliche Grüße, Karsten |
26.11.2011, 18:03 | #4 |
/// Selecta Jahrusso | Bundespolizei Virus, wpbt0.dll Fenster Ja, hast du richtig verstanden Schritt 1 Deinstalliere bitte Ask Toolbar Schritt 2 Poste mir bitte die aktuelle Logfile von Malwarebytes Starte Malwarebytes--> Reiter Scan-Berichte--> klick auf den aktuellsten Bericht--> es öffnet sich automatisch ein Text-Dokument Poste den Inhalt bitte hier. Schritt 3 ESET Online Scanner
Bitte poste in deiner nächsten Antwort MBAM Log log.txt Eventuell vorhandene Probleme mit dem Rechner.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
26.11.2011, 18:49 | #5 |
| Bundespolizei Virus, wpbt0.dll Fenster Hallo Daniel, habe schon Probleme mit Schritt 1 "Deinstalliere bitte Ask Toolbar": über die Systemsteuerung Programme deinstallieren finde ich keinen Eintrag, der irgendwas mit aks toolbar zu tun hat und im Windows Programme(x86) Ordner gibt es zwar einen ask.com Ordner, aber ohne eine uninstall-Datei. Wie soll ich also genau vorgehen um ask Toolbar zu deinstallieren??? Zu Schritt 2 gibt es leider auch was: die logfile Datei vom letzten Suchlauf ist aus dem Programm verschwunden... Beim Neustart und anschliessendem Öffnen von Malewarebytes war die Einstellung von Deutsch wieder auf Englisch zurückgestellt und die logfile Datei war auch verschwunden?? Soll ich nochmal einen neuen Scanlauf durchführen??? Bitte melde dich, ich warte mit Schritt 3, bis ich von dir Antwort habe, Danke Karsten. |
26.11.2011, 18:59 | #6 |
/// Selecta Jahrusso | Bundespolizei Virus, wpbt0.dll Fenster Hy, Um die ASK Toolbar kümmern wir uns dann mit OTL. Ja, bitte update Malwarebytes und lass einen Quick Scan laufen und poste mir das Log
__________________ --> Bundespolizei Virus, wpbt0.dll Fenster |
26.11.2011, 19:20 | #7 |
| Bundespolizei Virus, wpbt0.dll Fenster Hallo Daniel, also hier zunächst die logfile zu Schritt 2: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8245 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 26.11.2011 19:17:28 mbam-log-2011-11-26 (19-17-28).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 157127 Laufzeit: 4 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Stürze mich gleich auf Schritt 3. Bis bald, Karsten |
26.11.2011, 21:00 | #8 |
| Bundespolizei Virus, wpbt0.dll Fenster Hy Daniel, bin immer noch beim eset Online Scanner; nach 1:20 Std. hat er erst 21% gescannt. Hängt das von der Geschwindigkeit der Onlineverbindung ab? Da ist mein WLAN nämlich nicht sehr schnell! Oder funktioniert das Scannen auch offline??? Dann könnte ich den Router abschalten (wegen den deaktivierten Schutzprogrammen). Vielleicht kannst du mir hier nochmal weiterhelfen. Danke und Gruß, Karsten |
26.11.2011, 21:18 | #9 |
/// Selecta Jahrusso | Bundespolizei Virus, wpbt0.dll Fenster Die Online Scans können schon etwas Zeit in Anspruch nehmen.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
26.11.2011, 21:25 | #10 |
| Bundespolizei Virus, wpbt0.dll Fenster Also verstehe ich richtig, die Online-Verbindung halten? Grüße, Karsten |
26.11.2011, 21:25 | #11 |
/// Selecta Jahrusso | Bundespolizei Virus, wpbt0.dll Fenster A sorry, Ja
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
27.11.2011, 05:07 | #12 |
| Bundespolizei Virus, wpbt0.dll Fenster Hallo Daniel, hier die logfile (nach 4 Stunden Arbeit) ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=c2f283c277e6d74693854499cb90d06b # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-11-26 10:56:52 # local_time=2011-11-26 11:56:52 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1797 16775165 100 94 92847 58869450 31201 0 # compatibility_mode=5893 16776574 100 94 3722057 73962444 0 0 # compatibility_mode=7937 16777214 28 75 34650 404142 0 0 # compatibility_mode=8192 67108863 100 0 3854 3854 0 0 # scanned=513614 # found=6 # cleaned=0 # scan_time=15617 C:\$RECYCLE.BIN\S-1-5-21-3633859669-4015403969-3044513885-1000\$RNSXB1J.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I C:\Users\Karsten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5BD33U0K\calc[1].exe a variant of Win32/Kryptik.WCR trojan (unable to clean) 00000000000000000000000000000000 I F:\090109_Sicherung Daten Alter Desktop\Karsten\Mail`s\NaoSejaCurioso.com Win32/Cursor joke (unable to clean) 00000000000000000000000000000000 I F:\090109_Sicherung Daten Alter Desktop\Karsten\Mail`s\Gute Laune\besorger.exe Win32/BadGame joke (unable to clean) 00000000000000000000000000000000 I F:\091215_Sicherung Daten Alter Desktop\Karsten\Mail`s\NaoSejaCurioso.com Win32/Cursor joke (unable to clean) 00000000000000000000000000000000 I F:\091215_Sicherung Daten Alter Desktop\Karsten\Mail`s\Gute Laune\besorger.exe Win32/BadGame joke (unable to clean) 00000000000000000000000000000000 I mfg, Karsten |
27.11.2011, 11:05 | #13 |
| Bundespolizei Virus, wpbt0.dll Fenster Hallo Daniel, mir ist noch was zum Thema "Eventuell vorhandene Probleme mit dem Rechner" eingefallen: durch die Systemwiederherstellung von gestern morgen habe ich ein Java Update wieder runtergeschmissen (glaube ich zumindest) Ausserdem läuft der Rechner von Anfang an sehr langsam, damit meine ich, das das Hochfahren eine gefühlte Ewigkeit dauert und auch beim Öffnen von Firefox, LiveMail oder Officeprogrammen dauert es immer sehr lange, bis die Sanduhr verschwunden ist (liegt vermutlich an den ganzen Hintergrundprogrammen, die mir beim Kauf gratis untergejubelt wurden). Mein alter Desktop mit Windows XP war da jedenfalls schneller, obwohl ich da keinen i3 Processor hatte. Ausserdem kommt immer folgende Fehlermeldung beim Hochfahren: "Toshiba Service Station funktioniert nicht mehr - Windows kann online nach der Lösung des Problems suchen...." mfg, Karsten |
27.11.2011, 15:31 | #14 |
/// Selecta Jahrusso | Bundespolizei Virus, wpbt0.dll Fenster Hy, Versuchen wir mal folgendes. Downloade Dir bitte StartUpLite.exe und speichere die Datei auf dem Desktop. Starte die StartUpLite.exe und stelle alle gefundenen Einträge auf Disabled. Klicke Continue und OK. Starte den Rechner neu auf. Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
Bitte poste in deiner nächsten Antwort OTL.txt Extras.txt
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
27.11.2011, 18:32 | #15 |
| Bundespolizei Virus, wpbt0.dll Fenster Hallo Daniel, habe StartUpLite wie gewünscht angewendet, nach Drücken vom Continue-Butten kamen folgende Fehlermelungen, die ich immer mit OK bestätigt habe: "Error on value: SunJavaUpdate Sched. There was an error creating a MS Config key." "Error on value: Quick Time Task. There was an error creating a MS Config key." "Error on value: HP Software Update. There was an error creating a MS Config key." "Error on value: swg. There was an error creating a MS Config key." und zum Schluss die folgende Meldung: "All actions executed succesfully! Changes will take effect, after the system is restarted. Denke das war soweit i.O. danach habe ich einen Neustart durchgeführt. Mein OTL.exe ist mit Deutscher Sprache, habe aber deine Einstellungen wiedergefunden. Hier poste ich die OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.11.2011 18:14:17 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Karsten\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,84 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 62,37% Memory free 7,68 Gb Paging File | 5,94 Gb Available in Paging File | 77,41% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,88 Gb Total Space | 102,42 Gb Free Space | 43,98% Space Free | Partition Type: NTFS Drive D: | 232,49 Gb Total Space | 225,67 Gb Free Space | 97,07% Space Free | Partition Type: NTFS Drive F: | 465,76 Gb Total Space | 421,29 Gb Free Space | 90,45% Space Free | Partition Type: NTFS Drive G: | 298,09 Gb Total Space | 186,55 Gb Free Space | 62,58% Space Free | Partition Type: NTFS Computer Name: KARSTEN-TOSH | User Name: Master of Puppets | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Karsten\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) PRC - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName}) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation) PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\4ede0fecbdb3795efa9dca6b77c2031b\System.Messaging.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\d938c625a49016a9d8f605cd749766c0\System.Data.SqlServerCe.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation) SRV - (ST2012_Svc) -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe (Crawler.com) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (sp_rsdrv2) -- C:\Windows\SysNative\drivers\stflt.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Web Search" FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.order.1: "Web Search" FF - prefs.js..browser.search.selectedEngine: "Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://startsear.ch/?aff=1" FF - prefs.js..keyword.URL: "hxxp://startsear.ch/?aff=1&src=sp&cf=20e9a526-071c-11e1-b092-705ab680be32&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.11.29 20:04:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.12 08:43:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.26 10:26:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.11.29 20:04:47 | 000,000,000 | ---D | M] [2010.08.05 21:48:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Master of Puppets\AppData\Roaming\mozilla\Extensions [2011.11.11 20:34:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Master of Puppets\AppData\Roaming\mozilla\Firefox\Profiles\quick9bn.default\extensions [2011.11.12 17:12:19 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Master of Puppets\AppData\Roaming\mozilla\Firefox\Profiles\quick9bn.default\extensions\toolbar@ask.com [2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Master of Puppets\AppData\Roaming\Mozilla\Firefox\Profiles\quick9bn.default\searchplugins\startsear.xml [2011.11.12 18:38:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.11.26 10:26:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011.10.30 07:14:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.11.12 18:38:14 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.10.03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll [2011.10.30 07:14:23 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.30 07:14:23 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.10.30 07:14:23 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.30 07:14:23 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.30 07:14:23 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.30 07:14:23 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName}) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKCU..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4:64bit: - HKLM..\RunOnce: [*Restore] C:\Windows\SysNative\rstrui.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\RunOnce: [scan_after_setup] c:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira GmbH) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEE1E8A3-1E8A-4DB7-A22B-6656A12B5D19}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6556F80-DEDB-4C79-BEDB-9EB447F983CF}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.11.26 19:32:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.11.26 15:39:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2011.11.26 15:39:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2011.11.26 12:10:04 | 000,000,000 | ---D | C] -- C:\Users\Master of Puppets\AppData\Roaming\Malwarebytes [2011.11.26 12:09:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.26 12:09:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.11.26 12:09:52 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.11.26 12:09:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.11.26 10:58:57 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2011.11.26 10:58:56 | 000,000,000 | ---D | C] -- C:\Users\Master of Puppets\AppData\Roaming\Spyware Terminator [2011.11.26 10:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator [2011.11.26 10:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012 [2011.11.26 10:57:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator [2011.11.12 18:41:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011.11.12 18:41:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.11.12 18:38:23 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2011.11.12 18:38:23 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.11.12 18:38:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.11.12 18:38:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.11.12 17:22:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2011.11.12 17:11:19 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2011.11.12 17:11:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan [2011.11.12 08:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011.11.12 08:43:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2011.11.12 08:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.11.12 08:41:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.11.12 08:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.11.12 08:41:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2011.11.12 08:39:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011.11.12 08:39:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2011.11.11 20:34:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2011.11.05 19:50:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe [2011.11.05 19:47:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2011.11.04 20:35:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\vShare.tv plugin [2011.11.02 22:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreePDF [2011.11.02 22:28:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreePDF_XP [2011.11.02 22:28:29 | 000,000,000 | ---D | C] -- C:\Users\Master of Puppets\AppData\Roaming\FreePDF [2011.11.02 22:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript [2011.11.02 22:24:43 | 000,000,000 | ---D | C] -- C:\Program Files\gs [2011.10.30 19:27:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2011.10.30 19:27:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2011.10.30 07:26:23 | 000,000,000 | ---D | C] -- C:\Users\Master of Puppets\AppData\Roaming\RavensburgerTipToi [2011.10.30 07:26:23 | 000,000,000 | ---D | C] -- C:\ProgramData\RavensburgerTipToi [2011.10.30 07:19:59 | 000,000,000 | ---D | C] -- C:\Users\Master of Puppets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tiptoi® Manager [2011.10.30 07:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ravensburger tiptoi [2011.10.28 22:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG [2011.10.28 22:26:26 | 000,000,000 | ---D | C] -- C:\Users\Master of Puppets\AppData\Roaming\HP [2011.10.28 22:15:17 | 000,000,000 | ---D | C] -- C:\Users\Master of Puppets\OJ6500vE709_Full_14 [2011.10.28 21:52:56 | 000,000,000 | ---D | C] -- C:\Users\Master of Puppets\AppData\Local\ElevatedDiagnostics [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.27 18:08:22 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.27 18:08:22 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.27 18:06:37 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.11.27 18:00:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.27 18:00:43 | 3092,938,752 | -HS- | M] () -- C:\hiberfil.sys [2011.11.27 17:49:43 | 001,512,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.11.27 17:49:43 | 000,659,238 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.11.27 17:49:43 | 000,620,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.11.27 17:49:43 | 000,132,776 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.11.27 17:49:43 | 000,108,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.11.27 04:33:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.11.26 12:34:33 | 000,000,000 | ---- | M] () -- C:\Users\Master of Puppets\defogger_reenable [2011.11.26 12:09:57 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.26 10:58:57 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2011.11.26 10:58:55 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk [2011.11.12 18:38:14 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2011.11.12 18:38:14 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.11.12 18:38:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.11.12 18:38:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.11.12 17:22:38 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2011.11.12 17:22:38 | 000,001,864 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2011.11.12 17:12:13 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.11.12 08:43:30 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011.11.12 08:42:00 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.11.12 08:31:15 | 000,405,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.11.05 18:35:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.10.30 07:38:10 | 000,001,083 | ---- | M] () -- C:\Users\Master of Puppets\Desktop\tiptoi.lnk [2011.10.28 22:24:32 | 000,262,584 | ---- | M] () -- C:\Windows\hpwins23.dat [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.26 12:34:33 | 000,000,000 | ---- | C] () -- C:\Users\Master of Puppets\defogger_reenable [2011.11.26 12:09:57 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.26 10:58:55 | 000,001,049 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk [2011.11.12 17:11:18 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2011.11.12 17:11:18 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2011.11.12 08:43:30 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011.11.12 08:42:00 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.11.05 18:35:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.11.02 22:28:30 | 000,087,040 | ---- | C] () -- C:\Windows\SysNative\redmonnt.dll [2011.11.02 22:28:30 | 000,046,080 | ---- | C] () -- C:\Windows\SysNative\unredmon.exe [2011.10.30 07:20:00 | 000,001,083 | ---- | C] () -- C:\Users\Master of Puppets\Desktop\tiptoi.lnk [2011.10.28 21:43:16 | 000,262,489 | ---- | C] () -- C:\Windows\hpwins23.dat.temp [2011.06.28 19:20:31 | 000,000,429 | ---- | C] () -- C:\Users\Master of Puppets\AppData\Roaming\mdbu.bin [2011.06.26 20:02:48 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2011.06.26 20:02:48 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2011.06.26 20:02:48 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2011.06.26 20:02:48 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2011.06.26 20:02:48 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2011.06.26 20:02:48 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2011.06.26 20:02:48 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2011.06.26 20:02:48 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2011.06.26 20:02:48 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2011.06.26 20:02:48 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2011.06.26 20:02:48 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2011.06.26 20:02:48 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2011.06.26 20:02:48 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2011.06.26 20:02:48 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2011.06.26 20:02:48 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2011.06.26 20:02:48 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2011.06.26 20:02:48 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2011.06.26 20:02:48 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2011.06.26 20:02:48 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2011.05.13 09:04:16 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll [2011.05.13 09:03:16 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll [2011.05.13 09:01:22 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll [2011.05.13 09:01:00 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll [2010.12.02 21:41:14 | 000,007,607 | ---- | C] () -- C:\Users\Master of Puppets\AppData\Local\Resmon.ResmonCfg [2010.11.29 20:10:20 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp [2010.11.29 20:00:02 | 000,262,584 | ---- | C] () -- C:\Windows\hpwins23.dat [2010.11.29 20:00:02 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat [2010.07.12 22:24:30 | 000,001,287 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010.07.12 22:24:30 | 000,000,170 | ---- | C] () -- C:\Windows\ODBC.INI [2009.08.27 07:05:12 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2009.08.27 07:05:12 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2009.08.27 07:05:12 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2009.08.27 07:05:12 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.04.28 03:37:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll [2000.03.21 03:01:18 | 000,061,502 | ---- | C] () -- C:\Windows\SysWow64\ODBCMON.DLL < End of report > und die Extras.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.11.2011 18:14:17 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Karsten\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,84 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 62,37% Memory free 7,68 Gb Paging File | 5,94 Gb Available in Paging File | 77,41% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,88 Gb Total Space | 102,42 Gb Free Space | 43,98% Space Free | Partition Type: NTFS Drive D: | 232,49 Gb Total Space | 225,67 Gb Free Space | 97,07% Space Free | Partition Type: NTFS Drive F: | 465,76 Gb Total Space | 421,29 Gb Free Space | 90,45% Space Free | Partition Type: NTFS Drive G: | 298,09 Gb Total Space | 186,55 Gb Free Space | 62,58% Space Free | Partition Type: NTFS Computer Name: KARSTEN-TOSH | User Name: Master of Puppets | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe -- () "C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety "{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety "{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64 "{58D79E62-CFC8-4331-8469-3A1B16E1769C}" = HP Officejet 6500 E709 Series "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support "{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer "{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "GPL Ghostscript 9.04" = GPL Ghostscript "HDMI" = Intel(R) Graphics Media Accelerator Driver "HP Document Manager" = HP Document Manager 2.0 "HP Imaging Device Functions" = HP Imaging Device Functions 14.0 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0 "HPExtendedCapabilities" = HP Customer Participation Program 14.0 "HPOCR" = OCR Software by I.R.I.S. 14.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Redirection Port Monitor" = RedMon - Redirection Port Monitor "Shop for HP Supplies" = Shop for HP Supplies "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{0823A2E3-69DD-A37A-7CD9-1CBEB037545C}" = Toshiba Photo Service - powered by myphotobook "{0A04086B-0B71-43C3-95EF-FDFC4C18D161}" = SILKYPIX Developer Studio 3.1 SE "{0AE09EFD-8680-4B14-9643-00AB33BEC6ED}" = PHOTOfunSTUDIO 5.2 HD Edition "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan "{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant "{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1E9678A0-B4C1-11D2-863F-00C04F6E09F2}" = Microsoft Project 2000 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2576AB1E-E597-4481-9388-38542E4D51AA}" = Lexware Elster "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29 "{26D8DF7E-DBF8-43A6-8D42-F37497CE603D}" = Skype(TM) Launcher "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{2B443CC6-7EBE-43FF-91A8-6AC3B5A085FD}" = Lexware buchhalter 2011 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{3BE02281-FCCF-44BB-8413-AC4A633059EB}" = BPDSoftware "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password "{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012 "{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68654483-9629-4CF5-88FF-9FB70B3BECDE}" = ProductContext "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals "{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax "{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{99F67894-9486-413F-94E1-8B12B1606EAB}" = BPDSoftware_Ini "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E4FF410-471F-49E3-9358-74FF0D5E9901}" = Toshiba TEMPRO "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}" = Amazon.de "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA787E05-E835-4812-AA3D-4048C8A46587}" = 6500_E709_eDocs "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station "{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "{B8CD1189-53D6-4C51-8082-14B812EABBA8}" = Canon Camera WIA Driver "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2 "{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C607265F-86AA-4B42-9F9B-D0ED2E4AACA6}" = 6500_E709a "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E83BA61A-5D77-4DD5-9C92-A3447F11E27D}" = eBay "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree "{F53B432E-BD19-4400-BFA0-2BBD16410F8F}" = 6500_E709_Help "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm "7-Zip" = 7-Zip 9.20 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Bautagebuch Mobile für Pocket PC 2009-10 Standard" = Bautagebuch Mobile für Pocket PC 2009-10 Standard "CameraWindowDC" = Canon Utilities CameraWindow DC "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX "CameraWindowLauncher" = Canon Utilities CameraWindow "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "Designer 2.0_is1" = Designer 2.0 "dm-Fotowelt" = dm-Fotowelt "ESET Online Scanner" = ESET Online Scanner v3 "eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Toshiba Photo Service - powered by myphotobook "FKC22153088_is1" = fotokasten comfort "FreePDF_XP" = FreePDF (Remove only) "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "InstallShield_{0A04086B-0B71-43C3-95EF-FDFC4C18D161}" = SILKYPIX Developer Studio 3.1 SE "InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board "InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort "InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder "InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "InstallShield_{B8CD1189-53D6-4C51-8082-14B812EABBA8}" = Canon IXY 320, PowerShot S230, IXUS v3 WIA-Treiber "InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300 "McAfee Security Scan" = McAfee Security Scan Plus "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de) "MyCamera" = Canon Utilities MyCamera "MyCameraDC" = Canon Utilities MyCamera DC "Office14.SingleImage" = Microsoft Office Home and Student 2010 "PhotoStitch" = Canon Utilities PhotoStitch "Ravensburger tiptoi" = Ravensburger tiptoi "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX "RemoteCaptureDC" = Canon Utilities RemoteCapture DC "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX "vShare.tv plugin" = vShare.tv plugin 1.3 "WildTangent toshiba Master Uninstall" = WildTangent-Spiele "WinLiveSuite" = Windows Live Essentials "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > ....die beiden externen Festplatten habe ich übrigends bei den obigen Scans am Rechner angemeldet. Wenn ich die abschalten soll, bitte beim nächstenmal mitteilen! mfg Karsten |
Themen zu Bundespolizei Virus, wpbt0.dll Fenster |
.dll, admin-passwort, fehler, gelöscht, hilfe!, hochfahren, installiert, internetverbindung, laptop, logdatei, malwarebytes, mcafee, neue, neuen, neustart, ohne befund, online, problem, programme, schädlinge, screenshot, seite, spyware, trojaner-board, verbindung, verschwunden, virus, wpbt0.dll |