| |
| |||||||
Log-Analyse und Auswertung: ilivid entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.09.2012, 17:34
| #1 |
 |  ilivid entfernen Hi ich habe hier einen PC, auf dem ilivid installiert und benutzt wurde. Da dieses Programm ja nicht nicht gerade freundliche Absichten hat, wollte ich nun um eure Hilfe bitten um das Problem zu beseitigen. Ebenfalls wurde "SweetIM", "Games" und "Facebook Chat" Verlinkungen heruntergeladen (keine Ahung wozu "SweetIM" da ist und ob es installiert ist) Im Internet Explorer wird gefragt ob eine Toolbar aktiviert werden soll. (habe ich bissher ignoriert/IE wird nicht benutzt) Habe " Malwarebytes Anti-Malware " heruntergeladen und installiert. In den ersten Schritten ganz oben auf dieser Seite steht man soll nichts löschen. Allerdings steht in der Anleitung zu Malwarebytes Anti-Malware, dass man alle gefundenen Dateien nach dem Scann mit dem Programm entfernen soll. Ist dieser Schritt in Malwarebytes Anti-Malware ok? Zur Situation: -Windows Vista Home Premium -ilivid wurde heruntergeladen, um einen Stream anzuschauen. -Kaspersky Internet Security 2012 -als Browser wird Apples Safari benutzt (keine Toolbar in Safari) Schonmal vielen Dank fürs Lesen. Würde mich über eure Hilfe wirklich sehr freuen. Gruß Dani PS: wenn das hier thematisch nicht reinpasst bitte verschieben. hi nocheinmal habe mittlerweile bemerkt, dass ich mich etwas verlesen habe.  Nun habe ich mir defogger, OTL und GMER heruntergeladen. defogger: -keine Meldungen ausgegeben -kein Neustart verlangt OTL: OTL.txt Code:
ATTFilter OTL logfile created on: 06.09.2012 11:07:21 - Run 1 OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Hannes\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 70,31% Memory free 7,20 Gb Paging File | 6,01 Gb Available in Paging File | 83,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,29 Gb Total Space | 39,09 Gb Free Space | 33,62% Space Free | Partition Type: NTFS Drive E: | 115,13 Gb Total Space | 109,85 Gb Free Space | 95,41% Space Free | Partition Type: NTFS Computer Name: HANNES-PC | User Name: Hannes | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.06 10:38:08 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Hannes\Desktop\OTL.exe PRC - [2012.09.02 13:21:22 | 001,890,744 | ---- | M] (Bandoo Media, inc) -- C:\Programme\Searchqu Toolbar\Datamngr\datamngrUI.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.08.01 05:32:20 | 000,020,880 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2010.05.01 08:51:28 | 000,217,088 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.08.26 15:27:04 | 000,103,824 | ---- | M] (Toshiba Europe GmbH) -- C:\Programme\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe PRC - [2008.08.26 15:26:44 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Programme\Toshiba TEMPRO\TempoSVC.exe PRC - [2008.08.25 09:58:20 | 000,077,824 | ---- | M] (Toshiba) -- C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe PRC - [2008.04.24 13:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe PRC - [2008.04.17 00:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe PRC - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2008.04.17 00:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe PRC - [2008.04.11 00:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe PRC - [2008.04.08 15:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.03.19 13:35:42 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe PRC - [2008.01.25 13:33:50 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\SmoothView\SmoothView.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.17 16:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe PRC - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe PRC - [2007.12.03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe PRC - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe PRC - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2006.03.21 14:19:40 | 000,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Programme\ScanSoft\OmniPageSE4.0\OpWareSE4.exe ========== Modules (No Company Name) ========== MOD - [2012.06.15 11:55:18 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll MOD - [2012.06.15 11:53:58 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll MOD - [2012.06.15 11:53:54 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll MOD - [2012.06.15 11:51:43 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.06.15 11:51:30 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.06.15 11:50:03 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll MOD - [2012.06.15 11:15:01 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll MOD - [2012.06.15 11:07:10 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll MOD - [2012.06.15 11:06:40 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll MOD - [2012.06.15 11:05:57 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll MOD - [2012.06.15 11:05:47 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll MOD - [2012.05.15 21:51:59 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll MOD - [2012.05.15 21:26:07 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll MOD - [2012.05.15 21:25:53 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll MOD - [2012.05.15 21:20:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll MOD - [2012.05.15 21:20:19 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll MOD - [2012.05.15 21:15:45 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012.05.15 21:13:39 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll MOD - [2012.05.15 21:13:31 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.05.15 21:12:30 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2012.05.15 20:20:12 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll MOD - [2012.05.15 20:11:22 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll MOD - [2012.05.15 20:11:18 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll MOD - [2012.05.15 20:11:11 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll MOD - [2012.05.15 20:10:56 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll MOD - [2012.05.15 20:10:45 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll MOD - [2011.09.24 14:06:37 | 000,115,137 | ---- | M] () -- C:\Users\Hannes\AppData\Local\Temp\3dcf2df1-2a83-477c-a7dd-858967792357\CliSecureRT.dll MOD - [2011.08.01 05:32:20 | 000,020,880 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.03.30 06:42:12 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.10.07 16:38:01 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3034.36901__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2008.10.07 16:38:00 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3034.36909__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2008.10.07 16:38:00 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3034.36868__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2008.10.07 16:38:00 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3034.36922__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2008.10.07 16:38:00 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3034.37102__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2008.10.07 16:38:00 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3034.37066__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2008.10.07 16:38:00 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3034.37022__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2008.10.07 16:38:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3034.36888__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2008.10.07 16:37:59 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3034.37132__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2008.10.07 16:37:40 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3034.37074__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2008.10.07 16:37:40 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3034.37131__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2008.10.07 16:37:40 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3034.37138__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2008.10.07 16:37:40 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3034.37080__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2008.10.07 16:37:40 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3034.36881__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2008.10.07 16:37:40 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3034.37073__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2008.10.07 16:37:40 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3034.37130__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2008.10.07 16:37:39 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3034.37030__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2008.10.07 16:37:39 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3034.36935__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2008.10.07 16:37:39 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3034.36889__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2008.10.07 16:37:39 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3034.37094__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2008.10.07 16:37:39 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3034.37059__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2008.10.07 16:37:39 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3034.36941__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2008.10.07 16:37:39 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3034.36928__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2008.10.07 16:37:39 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3034.37045__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2008.10.07 16:37:39 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3034.37030__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2008.10.07 16:37:39 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3034.36941__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2008.10.07 16:37:39 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3034.37044__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2008.10.07 16:37:38 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3034.37023__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2008.10.07 16:37:38 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3034.37022__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2008.10.07 16:37:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3034.37030__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2008.10.07 16:37:38 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3034.37058__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2008.10.07 16:37:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2008.10.07 16:37:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2008.10.07 16:37:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2008.10.07 16:37:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2008.10.07 16:37:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2008.10.07 16:37:38 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2008.10.07 16:37:37 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll MOD - [2008.10.07 16:37:37 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2008.10.07 16:37:37 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2008.10.07 16:37:37 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2008.10.07 16:37:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2008.10.07 16:37:37 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll MOD - [2008.10.07 16:37:37 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2008.10.07 16:37:37 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2008.10.07 16:37:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2008.10.07 16:37:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2008.10.07 16:37:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2008.10.07 16:37:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2008.10.07 16:37:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll MOD - [2008.10.07 16:37:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll MOD - [2008.10.07 16:37:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2008.10.07 16:37:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll MOD - [2008.10.07 16:37:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2008.10.07 16:37:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2008.10.07 16:37:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2008.10.07 16:37:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2008.10.07 16:37:36 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2008.10.07 16:37:36 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2008.10.07 16:37:36 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2008.10.07 16:37:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2008.10.07 16:37:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2008.10.07 16:37:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2008.10.07 16:37:36 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2008.10.07 16:37:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2008.10.07 16:37:35 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2008.10.07 16:37:35 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2008.10.07 16:37:35 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2008.10.07 16:37:35 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2008.10.07 16:37:35 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll MOD - [2008.10.07 16:37:35 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2008.10.07 16:37:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll MOD - [2008.10.07 16:37:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2008.10.07 16:37:28 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3034.36895__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2008.10.07 16:37:28 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3034.37123__90ba9c70f846762e\MOM.Implementation.dll MOD - [2008.10.07 16:37:28 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3034.37122__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2008.10.07 16:37:28 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2008.10.07 16:37:28 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3034.37150__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2008.10.07 16:37:28 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2008.10.07 16:37:28 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2008.10.07 16:37:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2008.10.07 16:37:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2008.10.07 16:37:28 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3034.36860__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2008.10.07 16:37:27 | 001,511,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3034.36876__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2008.10.07 16:37:27 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3034.36861__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2008.10.07 16:37:27 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3034.36861__90ba9c70f846762e\ATIDEMOS.dll MOD - [2008.10.07 16:37:27 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3034.36859__90ba9c70f846762e\APM.Server.dll MOD - [2008.10.07 16:37:27 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2008.10.07 16:37:27 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2008.10.07 16:37:27 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3034.37123__90ba9c70f846762e\CCC.Implementation.dll MOD - [2008.10.07 16:37:27 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2008.10.07 16:37:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2008.10.07 16:37:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2008.10.07 16:37:26 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3034.36860__90ba9c70f846762e\AEM.Server.dll MOD - [2008.04.22 22:05:08 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2008.03.06 10:14:54 | 005,121,912 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\BlackPng.dll MOD - [2007.12.25 12:03:40 | 000,015,184 | ---- | M] () -- C:\Programme\TOSHIBA\PCDiag\NotifyPCD.dll MOD - [2007.12.14 21:40:00 | 000,090,112 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll MOD - [2006.12.01 17:55:42 | 000,009,216 | ---- | M] () -- C:\Programme\TOSHIBA\TBS\NotifyTBS.dll MOD - [2006.10.10 11:44:16 | 000,009,728 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Assist\NotifyX.dll MOD - [2006.10.07 12:57:04 | 000,053,248 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Samsung\Kies\WiselinkPro\WiselinkPro.exe -- (KiesAllShare) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP) SRV - [2010.05.01 08:51:28 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.08.26 15:26:44 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Programme\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService) SRV - [2008.08.25 09:58:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv) SRV - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2008.04.16 15:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Programme\Jumpstart\jswpsapi.exe -- (jswpsapi) SRV - [2008.04.11 00:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2007.12.03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service) SRV - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\GigasetGenericUSB.sys -- (GigasetGenericUSB) DRV - [2012.09.01 21:29:23 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.01.02 20:33:46 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio) DRV - [2011.06.07 11:13:36 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2011.03.10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2) DRV - [2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1) DRV - [2010.05.01 08:51:28 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.04.27 04:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdm.sys -- (sscemdm) DRV - [2010.04.27 04:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscebus.sys -- (sscebus) DRV - [2010.04.27 04:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdfl.sys -- (sscemdfl) DRV - [2010.04.27 04:25:14 | 000,132,608 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_mdm.sys -- (ssm_mdm) DRV - [2010.04.27 04:25:14 | 000,104,448 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_bus.sys -- (ssm_bus) DRV - [2010.04.27 04:25:14 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_mdfl.sys -- (ssm_mdfl) DRV - [2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.07.15 19:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR) DRV - [2008.04.28 16:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf) DRV - [2008.04.23 00:36:32 | 003,551,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.04.18 00:54:16 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.04.15 10:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.04.10 21:25:30 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32) DRV - [2008.02.27 19:36:02 | 000,141,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2007.11.09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ) DRV - [2007.10.17 23:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006.11.20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk) DRV - [2006.10.30 11:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2006.10.18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE; IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=164&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{AA10A7DF-9B6D-40FB-820F-304C99CAF88E}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEE; IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE; IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/406 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=164&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{AA10A7DF-9B6D-40FB-820F-304C99CAF88E}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEE_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Search Results" FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=164&systemid=406&sr=0&q=" FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.09.06 10:39:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.09.06 10:39:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.09.06 10:39:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.27 20:21:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.02 17:42:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hannes\AppData\Roaming\mozilla\Extensions [2012.09.02 17:42:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hannes\AppData\Roaming\mozilla\Firefox\Profiles\i01u8l27.default\extensions [2012.09.02 17:42:44 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Hannes\AppData\Roaming\mozilla\Firefox\Profiles\i01u8l27.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2012.09.02 17:42:32 | 000,002,519 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\mozilla\firefox\profiles\i01u8l27.default\searchplugins\Search_Results.xml [2012.09.02 17:42:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.11.29 17:49:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2012.09.01 21:32:29 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2012.09.01 21:32:03 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2012.09.02 17:42:49 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION [2011.11.21 06:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.11.21 03:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.21 03:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.11.21 03:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.11.21 03:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.02 17:42:32 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2011.11.21 03:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.21 03:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll () O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe" File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [Toshiba TEMPO] C:\Programme\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH) O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D794D70-4308-468E-8D0D-DEDBD0259843}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Programme\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Programme\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop WallPaper: C:\Users\Hannes\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Hannes\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.06 10:37:59 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Hannes\Desktop\OTL.exe [2012.09.05 18:03:34 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Roaming\Malwarebytes [2012.09.05 18:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.05 18:02:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.05 18:02:30 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.05 18:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.09.02 17:43:43 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Local\Ilivid Player [2012.09.02 17:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid [2012.09.02 17:42:33 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2012.09.02 17:42:29 | 000,000,000 | ---D | C] -- C:\Program Files\Searchqu Toolbar [2012.09.01 21:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012 [2012.09.01 21:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2012.09.01 21:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012.09.01 21:29:23 | 000,570,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2012.08.31 20:50:47 | 145,446,840 | ---- | C] (Kaspersky Lab) -- C:\Users\Hannes\Documents\kis12.0.0.374de_de.exe [2012.08.27 10:42:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.07.24 12:05:50 | 006,492,895 | ---- | C] (Gigaset Communications GmbH ) -- C:\Users\Hannes\setup_Gigaset_QuickSync_6.1.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.06 10:38:08 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Hannes\Desktop\OTL.exe [2012.09.06 10:36:03 | 000,000,000 | ---- | M] () -- C:\Users\Hannes\defogger_reenable [2012.09.06 10:26:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.06 10:26:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.06 10:26:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.06 10:26:06 | 3755,831,296 | -HS- | M] () -- C:\hiberfil.sys [2012.09.05 18:02:36 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.02 18:00:52 | 000,001,818 | ---- | M] () -- C:\Users\Hannes\Desktop\Continue SweetIM Installation.lnk [2012.09.02 17:43:43 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Upgrade Facebook Chat Experience.lnk [2012.09.02 17:43:43 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\Play Games.lnk [2012.09.02 17:43:43 | 000,000,803 | ---- | M] () -- C:\Users\Public\Desktop\iLivid.lnk [2012.09.01 21:50:11 | 000,116,189 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat [2012.09.01 21:50:10 | 000,098,168 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat [2012.09.01 21:29:23 | 000,570,160 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2012.08.31 20:54:18 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.31 20:54:18 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.31 20:54:18 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.31 20:54:18 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.27 10:56:37 | 000,058,708 | ---- | M] () -- C:\Users\Hannes\Documents\RG150025825433-082012.pdf [2012.08.26 20:55:50 | 000,010,924 | ---- | M] () -- C:\Users\Hannes\Desktop\Südwestring (Sahin) 1.odt [2012.08.26 20:54:57 | 000,012,459 | ---- | M] () -- C:\Users\Hannes\Desktop\Sahin1.odt [2012.08.18 10:28:14 | 000,349,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.06 10:36:03 | 000,000,000 | ---- | C] () -- C:\Users\Hannes\defogger_reenable [2012.09.05 18:02:36 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.02 17:56:24 | 000,001,818 | ---- | C] () -- C:\Users\Hannes\Desktop\Continue SweetIM Installation.lnk [2012.09.02 17:43:43 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Upgrade Facebook Chat Experience.lnk [2012.09.02 17:43:43 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\Play Games.lnk [2012.09.02 17:42:03 | 000,000,803 | ---- | C] () -- C:\Users\Public\Desktop\iLivid.lnk [2012.09.01 21:32:36 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2012.09.01 21:32:35 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2012.08.27 10:56:37 | 000,058,708 | ---- | C] () -- C:\Users\Hannes\Documents\RG150025825433-082012.pdf [2012.08.26 20:55:48 | 000,010,924 | ---- | C] () -- C:\Users\Hannes\Desktop\Südwestring (Sahin) 1.odt [2012.08.26 20:54:55 | 000,012,459 | ---- | C] () -- C:\Users\Hannes\Desktop\Sahin1.odt [2011.09.25 15:35:29 | 000,851,968 | -HS- | C] () -- C:\Users\Hannes\ehthumbs_vista.db [2011.09.24 12:23:57 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011.09.24 12:23:57 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2011.08.08 13:11:01 | 000,017,408 | ---- | C] () -- C:\Users\Hannes\AppData\Local\WebpageIcons.db [2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat [2010.05.03 15:33:11 | 000,000,680 | ---- | C] () -- C:\Users\Hannes\AppData\Local\d3d9caps.dat [2009.09.10 00:07:36 | 000,029,696 | ---- | C] () -- C:\Users\Hannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.09.09 17:58:51 | 000,000,000 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\wklnhst.dat ========== LOP Check ========== [2012.04.18 08:45:03 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Canon [2011.09.29 08:56:58 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\iolo [2010.07.25 16:05:21 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\myphotobook [2011.11.29 17:54:09 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\OpenOffice.org [2009.09.10 08:15:49 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Panasonic [2011.09.24 12:51:35 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\PC Suite [2011.09.24 13:25:51 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Samsung [2009.11.16 17:43:37 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\ScanSoft [2009.09.30 10:05:48 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\TeamViewer [2009.09.09 17:58:55 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Template [2012.09.03 10:02:28 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 06.09.2012 11:07:21 - Run 1
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Hannes\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 70,31% Memory free
7,20 Gb Paging File | 6,01 Gb Available in Paging File | 83,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,29 Gb Total Space | 39,09 Gb Free Space | 33,62% Space Free | Partition Type: NTFS
Drive E: | 115,13 Gb Total Space | 109,85 Gb Free Space | 95,41% Space Free | Partition Type: NTFS
Computer Name: HANNES-PC | User Name: Hannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Müller Foto\Müller Foto\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Müller Foto] -- "C:\Program Files\Müller Foto\Müller Foto\Müller Foto.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08BB1967-524D-4596-92B4-780624BB7989}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0AD18D6B-8546-4327-9DC7-85B1658D7C44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0BCE23D8-E82D-44DB-AD0E-47FE1D633C49}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0C3B4139-DC3A-4D72-B602-A9A80B2784E1}" = lport=138 | protocol=17 | dir=in | app=system |
"{1CD91F93-5091-47D1-90A4-17E1AC7B5D82}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{22DE9745-839D-4FB1-BF20-E243F4CD6273}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2F79F1B1-601B-49C8-B790-8B8656F03A72}" = lport=445 | protocol=6 | dir=in | app=system |
"{345851FF-BB47-4405-951C-54BCBF0A8C90}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{3B9FAAC1-8C5F-4BCD-B860-AB8A5E1E1B09}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3FB0546C-C0B4-4E3B-A61C-6B089E45A745}" = lport=10244 | protocol=6 | dir=in | app=system |
"{45A4B00A-0739-495B-98B0-F4ACB642D64C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{47A0D4DE-6A4D-427F-8DAD-7E57BCA6F1B3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4B137192-8424-42B6-A20D-457AE347EA56}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{501662E1-32B6-46FA-848F-9E836B907F4F}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{55CF1BA5-1CE3-4ACA-B4F5-2B8E17551635}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{616576DD-9C46-4913-8FC2-815ABD45F83E}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{61A98985-338A-47B4-A7A3-4A2EC3B46509}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{622EFADE-464D-4295-BE87-944060169E29}" = lport=3390 | protocol=6 | dir=in | app=system |
"{7CECE0FB-30D6-40CC-AED8-808E7F19FD76}" = lport=139 | protocol=6 | dir=in | app=system |
"{81B4B84E-4D6C-4A8C-8743-6F5366312776}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8D0DDC51-48B5-4F3F-A983-A1EAA3DC35F0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8E38C515-E9CC-43CB-9D97-C125EBE91498}" = rport=139 | protocol=6 | dir=out | app=system |
"{9178A847-1314-4C5A-80BF-31FB30605DF2}" = rport=445 | protocol=6 | dir=out | app=system |
"{98D83E11-2A29-4375-AD7C-75D597D4ABBD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9943CA3E-0CAB-446E-8E05-EEAC230F56F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A866D218-FB4D-485F-AA7D-EECC3B8BF13D}" = rport=10244 | protocol=6 | dir=out | app=system |
"{AA0A0C36-40E3-4BA5-87D5-F3EACE8C43B1}" = rport=137 | protocol=17 | dir=out | app=system |
"{AAF87FD9-84B8-46A0-B8A0-5319E3144F93}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BB0B718E-3537-4F60-B9A5-468577280CAC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BDF6B372-9FF7-4754-AB58-68BB06286BC0}" = rport=138 | protocol=17 | dir=out | app=system |
"{CAA8E007-CE1F-44D4-82E6-491519C4C02B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CB426AF7-39F1-4369-BAFA-D7364DC5F001}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CE39AF05-CF9B-495E-9914-E2F2E211ED94}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D075D633-96DB-4A29-B20C-86883991E696}" = lport=3390 | protocol=6 | dir=in | app=system |
"{D5AE65DB-54E8-4201-B0F2-E262474CBEB4}" = rport=10244 | protocol=6 | dir=out | app=system |
"{DE8F6317-7FCE-4AC9-8F72-38BE4A953E2A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F6719D43-62BF-4827-924A-8939267A0064}" = lport=10244 | protocol=6 | dir=in | app=system |
"{F6971C22-7EC5-4F94-A930-526C3414B4D4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FA9BC458-73F2-487F-A075-48997806869B}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{FEB41A91-FFAD-4A71-B3E3-5091BABF252A}" = lport=137 | protocol=17 | dir=in | app=system |
"{FFC9C095-A8A4-49A0-9246-0455527312D9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{076022A8-586F-4186-B1C9-1E343BB6FA3E}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{07783718-5633-4CFE-81FA-173A4FF46F45}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{090349A5-B742-4E95-9DA6-5D45768D8E18}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0C176963-2B77-4B63-BFA0-3F534737554F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1028411E-EF4F-4DC8-AF01-C122B222F490}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1CEEBB8C-D913-4F36-AC10-33EED1632F65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1E158162-A822-4DE4-9108-BD1ADD2ABB2E}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{2E56C6BF-3CCB-422B-A33E-E63445FA1500}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3AF420E9-5406-4AE8-A37A-FF2CF71F7940}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{42330557-7E5E-414E-9DA3-DDE0668D2549}" = protocol=6 | dir=out | app=system |
"{4BFB7EFA-E1DE-4373-B79C-70028E8330F8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4EF8C982-B32B-4F39-B7CC-DC4E25E7546F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{502B9630-2C98-4A77-BEAA-006510614CAB}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{517DF273-2A91-4131-BC93-78E3AC9C0A73}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{536D333F-A2CA-4CB7-A988-3A017BBBAA2A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5B1423F1-13F6-44F3-822C-55D4890E82F1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5CED3584-C7C9-43A8-9DD4-66390FDE5BAE}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{5E0EC9A5-0960-475F-B2B3-2D0CC20054ED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{67EBA6CC-979E-49C1-BCA1-7200AA507EA0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6A7B0F3B-2A64-4B2A-9BF1-FDCC34FA5084}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7BB542FF-00AA-44F2-AB2A-0ADBA5F9EB22}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{7E5F03B0-5BFC-49B8-A386-C5F0B6877A71}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9A145960-96E3-4CF1-8BED-77451460810D}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{9B6F1FD6-5925-4F96-8A65-4BE29014B162}" = protocol=17 | dir=in | app=c:\users\hannes\appdata\local\apps\2.0\4m46c9yl.ocp\gx2cytkq.kq9\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{A8D2C722-F953-4DDF-B48E-9995D3C8A41D}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{B9385709-70C0-404E-B858-C76874866982}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{BD897C91-8B5F-4027-A5F6-E85BB1B456ED}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CD46859E-F8BF-45CC-94C8-64090516C6F7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CEE37DEF-8052-45D0-84EF-3481CE8E01FE}" = protocol=6 | dir=in | app=c:\users\hannes\appdata\local\apps\2.0\4m46c9yl.ocp\gx2cytkq.kq9\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{D8E9BA21-1996-4991-A4AC-76081FE7E4E9}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{E2B2D58A-3A6C-4996-B53B-396E656D1DCA}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{E71A30F5-07B0-44B6-A770-3771411CEBCB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EAA470CB-0E2C-4A67-918C-F776D6BF3E74}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EEF41D6F-CD08-45A4-8775-3B1246C6D649}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F0A85AF2-60CE-4E17-98F4-9FE4EE141F75}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{F2B3BA4E-C2CE-4088-BE63-F474929CC67E}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{F34566CE-834E-4E0F-8D2C-8E633426FD46}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F79C77E1-25B7-4F0E-B1EE-90AD69C1C135}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F820EE0A-64CF-4EAA-9E0E-56B117D9F333}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{AA86E741-83C2-4EC1-8630-C3C8968BC884}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe |
"TCP Query User{C13F9FDB-01C2-4B4D-819F-30310C84A464}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{3BBF182E-6087-40C4-8CA6-8D6014ECA5AD}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4F6B4B94-8084-4994-9F1B-C4AB62590D6C}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07C9627A-CA0B-2AA2-062E-204359DF7BA1}" = Catalyst Control Center Core Implementation
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0EFB2016-41D2-5F30-8F60-25250F6DABDD}" = CCC Help Thai
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600" = Canon MP600
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{146E206D-7D2C-493A-B431-1F1D16E822AF}" = MobileMe Control Panel
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1E57A11B-AB65-C6D1-F999-B3B37AB2298E}" = Catalyst Control Center Localization Japanese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{27265B80-303E-EFFF-6052-B11F91B634C3}" = Catalyst Control Center Localization Italian
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2920435D-CE92-5024-1694-DFD43A5FF074}" = Catalyst Control Center Localization Greek
"{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0
"{2CD6D3D2-1EFC-F0B4-1761-FD4FA7F8750F}" = CCC Help Finnish
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{358004B9-3A16-87FF-4487-4D6F0C70E52F}" = Catalyst Control Center Localization Russian
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{38A3E884-313A-7AE0-11BC-482DE0C8766A}" = CCC Help Czech
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3BB12DBC-0A8E-ECE2-F179-D06B99B8CD02}" = Catalyst Control Center Localization Czech
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E0E28DC-DA90-1BA2-FA36-AA3C2E4FB74A}" = Catalyst Control Center Graphics Previews Vista
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1" = System Checkup 3.0
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4C90501F-864B-5AC4-867D-6AC35BE50721}" = ccc-utility
"{50ABF86D-0BDB-31AD-97FD-E8A55564EBF9}" = Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - DEU
"{55398A75-13E0-570F-BD16-2EE5D9E5523D}" = Catalyst Control Center Localization Norwegian
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5F131988-3326-AD64-1817-D76A2FE3C2D3}" = CCC Help Chinese Traditional
"{5FBF37CD-B7F9-564C-BDFC-73D970CF7AF2}" = CCC Help Italian
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61C63422-E5E2-8576-2B82-0E01F5AD2538}" = CCC Help English
"{61F90A4F-AD49-7FFB-F027-5B2CB64F0A70}" = Catalyst Control Center Graphics Light
"{629044C7-745A-64B8-467F-2F93ED50008B}" = CCC Help Chinese Standard
"{65BF23C0-4EF9-27CC-7B6F-190F4008A569}" = Catalyst Control Center Localization Polish
"{65D602E4-DCDE-0743-6A0A-F1A203449F47}" = CCC Help German
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B4874CA-13CF-2477-B697-B448201B56B6}" = CCC Help Norwegian
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6EB0B23B-AA51-6F4E-C94C-C1015ED61EEC}" = CCC Help Japanese
"{70495081-1DC8-AD4B-C197-12138B8FBC9E}" = CCC Help Danish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71B929E2-3556-93DB-DEC0-FD56D3EFB473}" = Catalyst Control Center Localization Chinese Traditional
"{71C47830-182D-79FA-0790-0366E6E2C2EB}" = Catalyst Control Center Localization Spanish
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{77CAD946-C573-6647-B222-B6870C072932}" = CCC Help Korean
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E83516C-931B-870F-5CDF-01FDF9A4AEF0}" = Catalyst Control Center Localization Turkish
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86728841-C151-B8E4-43C6-DD289DE570B6}" = Catalyst Control Center Localization Swedish
"{86DBA852-5D5E-1856-D828-620E792EDC0D}" = Catalyst Control Center Localization Chinese Standard
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{88BA2601-8A62-7AB7-DB8A-7AA2840B7C87}" = Catalyst Control Center Localization Thai
"{8B587895-7716-1B99-5D85-3CA4AAF8A0F4}" = Catalyst Control Center Localization Dutch
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9244F321-0BBD-9D4A-C1FB-6437E3D0550D}" = Catalyst Control Center Localization German
"{93F3EBDD-4007-C233-7320-977AC0941054}" = CCC Help Turkish
"{94AB6CE0-DB26-7048-2A5B-4647EA1FC693}" = ccc-core-static
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A103C127-2168-4493-8D01-4BF180BED12C}" = CCC Help Portuguese
"{A7F27ADB-3C56-0F2B-6B4B-0B8E02A49186}" = ATI Catalyst Install Manager
"{AC2EE52D-05CD-8140-5D29-5AA29590971E}" = CCC Help French
"{B02A78AE-EA3B-8261-AEBC-8221E22DCC1E}" = CCC Help Polish
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B1D67B62-35A8-A9A1-AA74-F6A495C8271A}" = Catalyst Control Center Localization Danish
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BC2EA92A-A5A9-A137-5204-F150EDB05DB3}" = CCC Help Hungarian
"{BC713970-8C3C-852B-4139-636F21114B7F}" = CCC Help Dutch
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C5F1A9C4-C041-2E95-5D7E-EF56CED2B522}" = Skins
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D7CC05AF-067D-0D1A-1E4D-9DCBCDCC2D41}" = Catalyst Control Center Graphics Full New
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0FC3A5D-CF52-ABA7-92EF-D9794F372121}" = Catalyst Control Center Graphics Full Existing
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{EA7D1919-A6BF-979A-E3A2-F753E23D45FA}" = Catalyst Control Center Localization Hungarian
"{ED2BC5D9-20EE-FBB6-8483-240F19EFCAA5}" = CCC Help Swedish
"{F0345A2F-1D78-0AEA-7CBB-CEF48622EB44}" = Catalyst Control Center Localization Portuguese
"{F0646787-1A2F-34E9-A61D-9DAD69F606F8}" = CCC Help Spanish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F50E4D66-5280-FDF8-7F55-2E47FCF23E7D}" = Catalyst Control Center Localization Korean
"{F67E6AE5-F87B-025F-2D6B-26491304393F}" = CCC Help Russian
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9DAAC4B-5E3F-1D39-9D4B-6998664EF402}" = Catalyst Control Center Localization Finnish
"{F9F66B99-C1B3-ACEA-1F80-404CC4DD96BF}" = Catalyst Control Center Localization French
"{FA493449-3E34-4E05-8CA7-26A42E9F180E}" = CCC Help Greek
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"iLivid" = iLivid
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - DEU" = Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - DEU
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"Müller Foto" = Müller Foto
"Picasa2" = Picasa 2
"Searchqu Toolbar" = Searchqu Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.08.2012 03:20:42 | Computer Name = Hannes-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.08.2012 03:20:46 | Computer Name = Hannes-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.08.2012 03:20:46 | Computer Name = Hannes-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.08.2012 03:20:46 | Computer Name = Hannes-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.08.2012 03:20:46 | Computer Name = Hannes-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.08.2012 03:20:46 | Computer Name = Hannes-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.08.2012 03:20:46 | Computer Name = Hannes-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.08.2012 03:20:46 | Computer Name = Hannes-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 24.08.2012 02:12:16 | Computer Name = Hannes-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.08.2012 01:35:53 | Computer Name = Hannes-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 27.08.2012 04:49:34 | Computer Name = Hannes-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 01.09.2012 13:56:39 | Computer Name = Hannes-PC | Source = DCOM | ID = 10005
Description =
Error - 01.09.2012 13:56:40 | Computer Name = Hannes-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 01.09.2012 13:56:40 | Computer Name = Hannes-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 01.09.2012 15:43:24 | Computer Name = Hannes-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 02.09.2012 05:43:10 | Computer Name = Hannes-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 06.09.2012 04:26:12 | Computer Name = Hannes-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 06.09.2012 um 09:12:04 unerwartet heruntergefahren.
Error - 06.09.2012 04:28:36 | Computer Name = Hannes-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 06.09.2012 04:28:36 | Computer Name = Hannes-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 06.09.2012 04:31:25 | Computer Name = Hannes-PC | Source = Service Control Manager | ID = 7022
Description =
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-06 12:13:00
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543225L9SA00 rev.FBEOC43C
Running: p55l9lm2.exe; Driver: C:\Users\Hannes\AppData\Local\Temp\kxlirpog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x956FC28A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x95716342]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x95716678]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x957169EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x956FCD04]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x9571602A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x956FD276]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x956FD164]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x957164E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x956FC046]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x956FD38E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x956FC8BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x957165B0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x956FD74E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x956FCD46]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x956FE750]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x956FD840]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x956FDDAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwNotifyChangeKey [0x95714840]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x956FD308]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x956FD1F0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x956FC4C4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x956FDB90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x956FD420]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x956FC3B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x956FD55C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryObject [0x95714A38]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x956FE0D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x956FD9E0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x957167DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x9571672A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x95716848]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x956FE5F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x957161B2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x956FCBA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x956FD5FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x956FE222]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x956FE316]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x956FE450]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x956FD670]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x956FC664]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x956FC5BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x956FDF8A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x956FC750]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x956FCA2A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x956FD4A6]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 119 868E87DC 4 Bytes [8A, C2, 6F, 95] {MOV AL, DL; OUTSD ; XCHG EBP, EAX}
.text ntkrnlpa.exe!KeSetEvent + 13D 868E8800 8 Bytes [42, 63, 71, 95, 78, 66, 71, ...] {INC EDX; ARPL [ECX-0x6b], SI; JS 0x6c; JNO 0xffffffffffffff9d}
.text ntkrnlpa.exe!KeSetEvent + 181 868E8844 4 Bytes [EE, 69, 71, 95]
.text ntkrnlpa.exe!KeSetEvent + 1A9 868E886C 4 Bytes [04, CD, 6F, 95] {ADD AL, 0xcd; OUTSD ; XCHG EBP, EAX}
.text ntkrnlpa.exe!KeSetEvent + 1C1 868E8884 4 Bytes [2A, 60, 71, 95] {SUB AH, [EAX+0x71]; XCHG EBP, EAX}
.text ...
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x90B50000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x90B99000, 0x510, 0x40000040]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x94A03000, 0x1FB52A, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3100] ntdll.dll!DbgUiRemoteBreakin 76E7CD44 1 Byte [C3]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
---- EOF - GMER 1.0.15 ----
|
|
06.09.2012, 16:17
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | ilivid entfernen Löschen ist was anderes als in die Q schieben!
__________________Oben steht doch was man bei Malwarebytes machen soll Zitat:
__________________ |
|
07.09.2012, 13:03
| #3 |
| | ilivid entfernen Hi cosinus,
__________________mich haben die Begriffe löschen und entfernen etwas verwirrt. Danke für die schnelle Antwort! Habe mit Malwarebytes einen Suchlauf gestartet und es wurde nichts gefunden. Der Bericht dazu: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.05.08 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Hannes :: HANNES-PC [Administrator] Schutz: Aktiviert 07.09.2012 12:37:28 mbam-log-2012-09-07 (12-37-28).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 218802 Laufzeit: 10 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Gruß Dani |
|
09.09.2012, 20:49
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ilivid entfernen Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.09.2012, 00:20
| #5 |
| | ilivid entfernen Nein sorry, das war der erste Scann mit Malwarebytes. |
|
10.09.2012, 16:18
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ilivid entfernen Und warum ist das Log ohne Funde? Du hast doch was von Funden erzählt!
__________________ --> ilivid entfernen |
|
11.09.2012, 08:53
| #7 |
| | ilivid entfernen Ich glaube da handelt es sich um ein Missverständnis. Ich hatte bissher keine tatsächlichen Vieren Funde, aber eben eine neue Toolbar und eine neue Startseite im Internetexplorer. Da diese auf gefährliche Websites verlinken sollen, habe ich dann euch um Rat gefragt. schoneinmal ein fettes  für deine Bemühungen.Gruß Dani |
|
11.09.2012, 16:11
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ilivid entfernen Bitte ESET ausführen, danach sehen wir weiter! Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden. ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.09.2012, 01:12
| #9 |
| | ilivid entfernen Ok habe das Programm durchlaufen lassen und es hat auch etwas gefunden. Hier das Log: Code:
ATTFilter C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application
C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite.A application
C:\Program Files\Searchqu Toolbar\Datamngr\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite application
C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll a variant of Win32/Toolbar.SearchSuite application
C:\Users\Hannes\AppData\Local\Temp\SetupDataMngr_Searchqu.exe multiple threats
C:\Users\Hannes\AppData\Local\Temp\lh2v007w.tmp\iLividSetupV1.exe Win32/Toolbar.SearchSuite application
C:\Users\Hannes\Downloads\iLividSetupV1-1.exe Win32/Toolbar.SearchSuite application
C:\Users\Hannes\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application
Operating memory a variant of Win32/Toolbar.SearchSuite application
|
|
12.09.2012, 12:59
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ilivid entfernen adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.09.2012, 13:36
| #11 |
| | ilivid entfernen Wirklich super wie schnell du antwortest! Danke! Das Log von AdwCleaner: Code:
ATTFilter # AdwCleaner v2.001 - Datei am 09/12/2012 um 14:34:20 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Hannes - HANNES-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Hannes\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gefunden : C:\Users\Hannes\AppData\Local\Temp\Searchqu.ini
Datei Gefunden : C:\Users\Hannes\AppData\Local\Temp\searchqutoolbar-manifest.xml
Datei Gefunden : C:\Users\Hannes\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
Datei Gefunden : C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\i01u8l27.default\searchplugins\Search_Results.xml
Ordner Gefunden : C:\Program Files\Ilivid
Ordner Gefunden : C:\Program Files\Searchqu Toolbar
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\Users\Hannes\AppData\Local\Ilivid Player
Ordner Gefunden : C:\Users\Hannes\AppData\LocalLow\Searchqutoolbar
Ordner Gefunden : C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\i01u8l27.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Ordner Gefunden : C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\i01u8l27.default\Searchqutoolbar
***** [Registrierungsdatenbank] *****
Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\ilivid
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.useroptions
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\Software\ilivid
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Schlüssel Gefunden : HKLM\Software\SearchquMediabarTb
Schlüssel Gefunden : HKLM\SOFTWARE\Software
Schlüssel Gefunden : HKU\S-1-5-21-194673286-858491809-489919106-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/406
-\\ Mozilla Firefox v8.0.1 (de)
Profilname : default
Datei : C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\i01u8l27.default\prefs.js
Gefunden : user_pref("browser.search.selectedEngine", "Search Results");
Gefunden : user_pref("browser.search.defaultenginename", "Search Results");
Gefunden : user_pref("browser.search.order.1", "Search Results");
Gefunden : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=164&systemid=406&sr=0&q=");
Gefunden : user_pref("browser.startup.homepage", "hxxp://www.searchnu.com/406");
*************************
AdwCleaner[R1].txt - [7075 octets] - [12/09/2012 14:34:20]
########## EOF - C:\AdwCleaner[R1].txt - [7135 octets] ##########
|
|
12.09.2012, 14:48
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ilivid entfernen adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.09.2012, 15:45
| #13 |
| | ilivid entfernen Und ein weiteres Log: Code:
ATTFilter # AdwCleaner v2.001 - Datei am 09/12/2012 um 16:35:42 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Hannes - HANNES-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Hannes\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Users\Hannes\AppData\Local\Temp\Searchqu.ini
Datei Gelöscht : C:\Users\Hannes\AppData\Local\Temp\searchqutoolbar-manifest.xml
Datei Gelöscht : C:\Users\Hannes\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
Datei Gelöscht : C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\i01u8l27.default\searchplugins\Search_Results.xml
Gelöscht mit Neustart : C:\Program Files\Searchqu Toolbar
Ordner Gelöscht : C:\Program Files\Ilivid
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\Hannes\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Hannes\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\i01u8l27.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Ordner Gelöscht : C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\i01u8l27.default\Searchqutoolbar
***** [Registrierungsdatenbank] *****
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.useroptions
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\ilivid
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Schlüssel Gelöscht : HKLM\Software\SearchquMediabarTb
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/406 --> hxxp://www.google.com
-\\ Mozilla Firefox v8.0.1 (de)
Profilname : default
Datei : C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\i01u8l27.default\prefs.js
Gelöscht : user_pref("browser.search.selectedEngine", "Search Results");
Gelöscht : user_pref("browser.search.defaultenginename", "Search Results");
Gelöscht : user_pref("browser.search.order.1", "Search Results");
Gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=164&systemid=406&sr=0&q=");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.searchnu.com/406");
*************************
AdwCleaner[R1].txt - [7204 octets] - [12/09/2012 14:34:20]
AdwCleaner[S1].txt - [7509 octets] - [12/09/2012 16:35:42]
########## EOF - C:\AdwCleaner[S1].txt - [7569 octets] ##########
|
|
12.09.2012, 18:57
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ilivid entfernen Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.09.2012, 13:39
| #15 |
| | ilivid entfernen Also soweit sieht alles gut aus. Habe jetzt noch nichts bemerkt. Top! |
|
| Themen zu ilivid entfernen |
| anleitung, anti-malware, avp.exe, bandoo, browser, canon, chat, continue, dateien, entfernen, explorer, home, ilivid entfernen, install.exe, installiert, internet, internet explorer, malwarebytes, nichts, ntdll.dll, office 2007, plug-in, problem, programm, scan, security, seite, situation, stream, sweetim, thema, usb 2.0, verlinkungen, verschieben, vista, wirklich |
Button.
.
und speichere das Logfile als ESET.txt auf dem Desktop.
Linear-Darstellung
