| |
| |||||||
Log-Analyse und Auswertung: ihavenet - VirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.11.2012, 14:37
| #1 |
 |  ihavenet - Virus Hallo Leute, ich habe mir auch einen ihavenet-Virus eingehandelt. Kann mir jemand helfen? Vielen Dank Volker |
|
03.11.2012, 14:42
| #2 |
| /// Malware-holic   | ihavenet - Virus hi
__________________na ich nems zumindest an. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
03.11.2012, 15:52
| #3 |
| | ihavenet - Virus Danke erstmal für die schnelle Antwort.
__________________Hier die erbetenen Dateien: OTL.TxtOTL Logfile: Code:
ATTFilter OTL logfile created on: 03.11.2012 15:10:05 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Volker\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 59,21% Memory free 6,15 Gb Paging File | 4,72 Gb Available in Paging File | 76,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,44 Gb Total Space | 17,29 Gb Free Space | 14,85% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 84,61 Gb Free Space | 36,33% Space Free | Partition Type: NTFS Drive F: | 114,98 Gb Total Space | 109,60 Gb Free Space | 95,32% Space Free | Partition Type: NTFS Computer Name: VOLKER-1-K | User Name: Volker | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.03 13:17:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Volker\Desktop\OTL.exe PRC - [2012.10.26 19:57:48 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Volker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.08.08 20:46:33 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.24 01:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.03.18 16:50:58 | 002,271,608 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.01.25 18:13:16 | 001,678,704 | ---- | M] (SMART Technologies ULC) -- C:\Programme\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe PRC - [2010.10.27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010.08.25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009.11.13 12:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe PRC - [2009.06.16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe PRC - [2009.04.11 07:28:06 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.08.26 14:27:04 | 000,103,824 | ---- | M] (Toshiba Europe GmbH) -- C:\Programme\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe PRC - [2008.08.26 14:26:44 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Programme\Toshiba TEMPRO\TempoSVC.exe PRC - [2008.08.25 08:58:20 | 000,077,824 | ---- | M] (Toshiba) -- C:\Programme\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe PRC - [2008.08.19 21:34:32 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe PRC - [2008.08.18 22:22:56 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\Power Saver\TPwrMain.exe PRC - [2008.08.18 22:22:02 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\Power Saver\TosCoSrv.exe PRC - [2008.07.30 09:02:08 | 000,667,648 | ---- | M] (TOSHIBA Corporation.) -- C:\Programme\Toshiba\HDMICtrlMan\HCMSoundChanger.exe PRC - [2008.07.15 19:12:00 | 000,726,904 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\FlashCards\TCrdMain.exe PRC - [2008.07.15 15:16:58 | 000,106,496 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe PRC - [2008.07.10 16:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe PRC - [2008.07.10 16:57:30 | 000,634,880 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\NDSTray.exe PRC - [2008.06.24 09:06:14 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\SmoothView\SmoothView.exe PRC - [2008.05.20 13:42:00 | 000,716,800 | ---- | M] (TOSHIBA Corporation.) -- C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe PRC - [2008.04.16 23:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSwMgr.exe PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 03:25:32 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe PRC - [2008.01.21 03:23:50 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe PRC - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe PRC - [2006.11.06 16:14:44 | 000,034,352 | ---- | M] () -- C:\Programme\Toshiba\Utilities\KeNotify.exe PRC - [2006.10.05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2006.08.23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe ========== Modules (No Company Name) ========== MOD - [2012.09.12 12:12:24 | 002,098,200 | ---- | M] () -- c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll MOD - [2012.06.14 03:55:45 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll MOD - [2012.06.14 03:49:53 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll MOD - [2012.06.14 03:42:59 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.06.14 03:42:23 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.06.14 03:39:42 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll MOD - [2012.05.11 05:30:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll MOD - [2012.05.11 05:29:27 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll MOD - [2012.05.11 05:27:33 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012.05.11 05:18:36 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll MOD - [2012.05.11 05:18:20 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.05.11 05:16:37 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.10.12 10:48:34 | 000,877,056 | ---- | M] () -- C:\Programme\SMART Technologies\SMART Product Drivers\QtNetwork4.dll MOD - [2010.10.12 10:48:24 | 007,462,912 | ---- | M] () -- C:\Programme\SMART Technologies\SMART Product Drivers\QtGui4.dll MOD - [2010.10.12 10:48:22 | 002,011,648 | ---- | M] () -- C:\Programme\SMART Technologies\SMART Product Drivers\QtCore4.dll MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2008.07.31 23:47:28 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2008.07.14 09:36:58 | 000,095,544 | ---- | M] () -- C:\Programme\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll MOD - [2008.07.14 09:35:32 | 005,121,336 | ---- | M] () -- C:\Programme\Toshiba\FlashCards\BlackPng.dll MOD - [2007.12.25 11:03:40 | 000,015,184 | ---- | M] () -- C:\Programme\Toshiba\PCDiag\NotifyPCD.dll MOD - [2006.12.01 16:55:42 | 000,009,216 | ---- | M] () -- C:\Programme\Toshiba\TBS\NotifyTBS.dll MOD - [2006.11.06 16:14:44 | 000,034,352 | ---- | M] () -- C:\Programme\Toshiba\Utilities\KeNotify.exe MOD - [2006.10.10 10:44:16 | 000,009,728 | ---- | M] () -- C:\Programme\Toshiba\TOSHIBA Assist\NotifyX.dll MOD - [2006.10.07 11:57:04 | 000,053,248 | ---- | M] () -- C:\Programme\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2012.10.30 16:24:43 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.27 08:23:46 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.03.18 16:50:58 | 002,271,608 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.11.13 12:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService) SRV - [2009.06.16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService) SRV - [2008.08.26 14:26:44 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Programme\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService) SRV - [2008.08.25 08:58:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Programme\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv) SRV - [2008.08.19 21:34:32 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv) SRV - [2008.08.18 22:22:02 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2008.07.15 15:16:58 | 000,106,496 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service) SRV - [2008.07.10 16:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2008.04.16 15:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Programme\Jumpstart\jswpsapi.exe -- (jswpsapi) SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2006.08.23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\TpChoice.sys -- (TpChoice) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom) DRV - File not found [File_System | On_Demand | Stopped] -- -- (StarOpen) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.04.27 09:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.24 23:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 20:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.01.25 18:14:16 | 000,011,632 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys -- (SMARTMouseFilterx86) DRV - [2011.01.25 18:14:02 | 000,021,872 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys -- (SMARTVTabletPCx86) DRV - [2011.01.25 18:13:52 | 000,014,704 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys -- (SMARTVHidMini2000x86) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM) DRV - [2008.08.19 21:01:44 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32) DRV - [2008.08.07 16:01:44 | 000,097,536 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008.08.06 15:26:08 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.08.01 01:40:28 | 003,894,272 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.07.28 15:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.07.15 18:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR) DRV - [2008.05.07 10:30:12 | 000,025,896 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter) DRV - [2008.04.28 16:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf) DRV - [2008.04.28 08:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2008.02.06 23:23:46 | 000,166,448 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007.12.14 10:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2007.11.09 13:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ) DRV - [2007.10.04 02:14:16 | 000,024,448 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emAudio.sys -- (emAudio) DRV - [2007.10.04 02:14:12 | 000,484,736 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA) DRV - [2007.10.04 02:13:54 | 000,038,656 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM) DRV - [2006.11.28 14:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.23 18:20:06 | 000,018,432 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\synasUSB.sys -- (SynasUSB) DRV - [2006.11.10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) DRV - [2006.10.23 15:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nixat.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.funmoods.com/results.php?f=4&a=make&q={searchTerms} IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} IE - HKLM\..\SearchScopes\{45328456-68AD-4A3D-8A8F-1757F94EC750}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA; IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=331121&systemid=426&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=115284&tt=3712_7&babsrc=HP_ss&mntrId=080c4bf800000000000000234e83fe26 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA; IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=114435&tt=021012_ccp_4012_3&babsrc=HP_ss&mntrId=080c4bf800000000000000234e83fe26 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.funmoods.com/?a=make&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=115284&tt=3712_7&babsrc=SP_ss&mntrId=080c4bf800000000000000234e83fe26 IE - HKCU\..\SearchScopes\{45328456-68AD-4A3D-8A8F-1757F94EC750}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA_deDE336 IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=KtjdIn8LWQTMzcUdQm8DgTHcQRY?q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=331121&systemid=426&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948 IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6OyMpXWWSS&i=26 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=115284&tt=3712_7&babsrc=HP_ss&mntrId=080c4bf800000000000000234e83fe26" FF - prefs.js..extensions.enabledItems: dictionary-switcher@design-noir.de:1.3.2 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31 FF - prefs.js..extensions.enabledItems: {37483b40-c254-4a72-bda4-22ee90182c1e}:3.12.2.3 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.02.12 14:30:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 07:49:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 07:49:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.30 16:24:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.10.30 16:24:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.02.12 14:30:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\specialsavings@superfish.com: C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles/x6ufwgec.default\extensions\specialsavings@superfish.com FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 07:49:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 07:49:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.30 16:24:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.10.30 16:24:20 | 000,000,000 | ---D | M] [2012.07.17 13:14:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Volker\AppData\Roaming\mozilla\Extensions [2010.09.06 14:50:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Volker\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.08.28 17:49:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Volker\AppData\Roaming\mozilla\Firefox\Profiles\extensions [2012.11.03 12:07:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Volker\AppData\Roaming\mozilla\Firefox\Profiles\x6ufwgec.default\extensions [2012.09.26 07:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Volker\AppData\Roaming\mozilla\Firefox\Profiles\x6ufwgec.default\extensions\{af6ac4f2-9825-4fb6-a600-92bc5361f209}-trash [2012.11.03 11:48:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Volker\AppData\Roaming\mozilla\Firefox\Profiles\x6ufwgec.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(26) [2012.09.26 06:51:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Volker\AppData\Roaming\mozilla\Firefox\Profiles\xjdpofl5.default-1348582397378\extensions [2012.09.26 18:02:46 | 000,002,101 | ---- | M] () -- C:\Users\Volker\AppData\Roaming\mozilla\firefox\profiles\x6ufwgec.default\searchplugins\googlede.xml [2012.09.26 18:01:39 | 000,001,030 | ---- | M] () -- C:\Users\Volker\AppData\Roaming\mozilla\firefox\profiles\x6ufwgec.default\searchplugins\wikipedia-de.xml [2012.10.27 07:49:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.27 07:49:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.10.27 07:49:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2012.10.27 07:49:31 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.03.19 08:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll [2012.10.22 17:19:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.03 13:41:13 | 000,002,360 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.10.22 17:19:57 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.10.22 17:19:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.08.12 16:37:17 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src [2012.10.22 17:19:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.22 17:19:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.22 17:19:57 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://search.babylon.com/?affID=115284&tt=3712_7&babsrc=HP_ss&mntrId=080c4bf800000000000000234e83fe26 CHR - Extension: No name found = C:\Users\Volker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found. O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~1\Funmoods\1.5.23.22\bh\escort.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll File not found O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O4 - HKLM..\Run: [00TCrdMain] C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart File not found O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( ) O4 - HKLM..\Run: [HDMICtrlMan] C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.) O4 - HKLM..\Run: [HSON] C:\Programme\Toshiba\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START File not found O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe" File not found O4 - HKLM..\Run: [KeNotify] C:\Programme\Toshiba\Utilities\KeNotify.exe () O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [SMART SNMP Agent] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC) O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\Toshiba\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [Toshiba TEMPO] C:\Programme\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH) O4 - HKLM..\Run: [TPwrMain] C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Gytoywehe] C:\Users\Volker\AppData\Roaming\Ofydt\ogapf.exe () O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Volker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKCU..\Run: [vwdpohh] C:\Users\Volker\AppData\Roaming\KBDUR1P.dll () O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{423FD622-8252-43C1-8A53-B849FF88C24D}: NameServer = 80.58.61.250,80.58.61.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73D08BEA-B224-456F-BACA-3199B2769A7E}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () O20 - AppInit_DLLs: (c:\progra~1\google\google~2\goec62~1.dll) - c:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: D:\Fotos\Madrid\Madrid mit Nina um den 01.05.09 008.jpg O24 - Desktop BackupWallPaper: D:\Fotos\Madrid\Madrid mit Nina um den 01.05.09 008.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{a6fd1c93-080b-11df-9606-00235a00acad}\Shell - "" = AutoRun O33 - MountPoints2\{a6fd1c93-080b-11df-9606-00235a00acad}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.11.03 13:17:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Volker\Desktop\OTL.exe [2012.11.03 13:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE [2012.11.03 12:43:48 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Roaming\Ugow [2012.11.03 12:43:48 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Roaming\Ofydt [2012.11.03 12:43:48 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Roaming\Egpo [2012.10.30 16:24:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2012.10.27 07:49:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.03 14:31:27 | 000,000,000 | ---- | M] () -- C:\Users\Volker\defogger_reenable [2012.11.03 14:29:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.03 14:28:11 | 000,050,477 | ---- | M] () -- C:\Users\Volker\Desktop\Defogger.exe [2012.11.03 14:24:02 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.03 14:24:02 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.03 14:24:02 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.03 14:24:02 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.03 14:17:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.03 14:17:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.03 14:17:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.03 14:17:34 | 3186,016,256 | -HS- | M] () -- C:\hiberfil.sys [2012.11.03 13:17:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Volker\Desktop\OTL.exe [2012.11.01 11:43:25 | 000,102,400 | RHS- | M] () -- C:\Users\Volker\AppData\Roaming\KBDUR1P.dll [2012.10.31 10:01:02 | 000,002,631 | ---- | M] () -- C:\Users\Volker\Desktop\Microsoft Office Word 2007.lnk [2012.10.30 21:14:25 | 000,147,968 | ---- | M] () -- C:\Users\Volker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.06 16:24:42 | 000,380,928 | ---- | M] () -- C:\Windows\System32\lame_enc.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.03 14:31:27 | 000,000,000 | ---- | C] () -- C:\Users\Volker\defogger_reenable [2012.11.03 14:28:11 | 000,050,477 | ---- | C] () -- C:\Users\Volker\Desktop\Defogger.exe [2012.11.01 11:43:25 | 000,102,400 | RHS- | C] () -- C:\Users\Volker\AppData\Roaming\KBDUR1P.dll [2012.10.06 16:24:40 | 000,380,928 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2012.09.08 23:24:17 | 004,503,728 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.08.04 16:21:13 | 000,075,502 | ---- | C] () -- C:\Users\Volker\AppData\Roaming\WavePad.dmp [2012.08.04 12:34:37 | 000,031,465 | ---- | C] () -- C:\Users\Volker\AppData\Local\funmoods.crx [2012.05.08 19:31:59 | 000,000,552 | ---- | C] () -- C:\Users\Volker\AppData\Local\d3d8caps.dat [2012.04.29 20:43:28 | 000,037,607 | ---- | C] () -- C:\Program Files\Common Files\license.rtf [2012.04.29 20:43:28 | 000,008,046 | ---- | C] () -- C:\Program Files\Common Files\setupBanner.jpg [2012.02.12 13:58:40 | 000,182,800 | ---- | C] () -- C:\Windows\hpoins36.dat [2011.09.20 14:58:41 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.07.01 09:28:18 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys [2009.08.16 18:46:35 | 000,001,356 | ---- | C] () -- C:\Users\Volker\AppData\Local\d3d9caps.dat [2009.07.18 16:09:18 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.07.17 23:16:09 | 000,147,968 | ---- | C] () -- C:\Users\Volker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.07.17 20:55:55 | 000,000,000 | ---- | C] () -- C:\Users\Volker\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.10.06 15:26:03 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\Ableton [2012.05.05 11:42:45 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\Anvil Studio [2012.08.07 14:55:16 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\Babylon [2009.10.24 14:24:07 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\Canneverbe_Limited [2011.08.08 17:59:34 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\com.prezi.PreziDesktop [2012.05.20 12:09:45 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\Digiarty [2010.07.06 14:16:29 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\digital publishing [2011.04.03 08:48:05 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\Dropbox [2012.08.05 07:52:39 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\DVDVideoSoft [2012.11.03 12:43:48 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\Egpo [2012.08.07 14:55:37 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\ExpressFiles [2011.04.07 21:28:13 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\GetRightToGo [2011.01.13 22:39:45 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\Gutscheinmieze [2009.10.27 20:21:28 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\IuM [2012.05.12 23:33:13 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\MakeMusic [2012.05.12 22:05:50 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\MusE [2009.07.18 12:25:21 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\myphotobook [2012.11.03 12:43:48 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\Ofydt [2012.05.20 11:43:38 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\OpenCandy [2011.09.21 18:26:00 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\OpenOffice.org [2012.05.05 19:53:23 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\PerformerSoft [2011.07.12 14:50:44 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\SMART Technologies [2011.04.06 16:46:38 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\SMART Technologies Inc [2012.11.03 12:54:32 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\Spotify [2011.07.01 09:59:19 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\Steinberg [2012.05.01 19:00:25 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\SuperUtils.com [2011.03.31 16:58:18 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\TeamViewer [2010.09.06 14:50:33 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\Thunderbird [2012.07.16 21:27:25 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\Toshiba [2012.08.04 12:31:45 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\TuneUp Software [2012.05.27 10:59:21 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\TuneUpMedia [2012.11.03 15:16:35 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\Ugow [2011.05.30 13:22:35 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\Ulead Systems [2010.01.24 00:25:03 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\Western Digital [2012.10.03 21:03:15 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\YourFileDownloader ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.10.31 22:13:09 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2010.05.23 11:02:44 | 000,000,000 | ---D | M] -- C:\aeat [2010.01.11 19:08:19 | 000,000,000 | -HSD | M] -- C:\Boot [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.07.17 20:25:09 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2008.09.18 08:44:34 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.09.20 23:09:21 | 000,000,000 | ---D | M] -- C:\MyVideos [2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.11.03 13:13:17 | 000,000,000 | R--D | M] -- C:\Program Files [2012.11.03 13:13:08 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.07.17 20:25:09 | 000,000,000 | -HSD | M] -- C:\Programme [2012.05.12 23:25:55 | 000,000,000 | ---D | M] -- C:\PSFONTS [2012.11.03 15:15:55 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.07.17 20:37:13 | 000,000,000 | ---D | M] -- C:\Toshiba [2009.07.17 20:29:04 | 000,000,000 | R--D | M] -- C:\Users [2012.11.03 12:04:07 | 000,000,000 | ---D | M] -- C:\Windows [2008.09.18 08:41:44 | 000,000,000 | ---D | M] -- C:\Works < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009.04.11 07:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] [2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006.11.02 14:01:49 | 000,032,542 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.05.03 14:04:08 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2008.03.25 04:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_3e1ecd89\AGP440.sys [2008.03.25 04:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.22142_none_ba734aead7ed1bb6\AGP440.sys [2008.03.26 04:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_e4087235\AGP440.sys [2008.03.26 04:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20800_none_b8b64d46daa7e57a\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.06.03 04:29:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys [2008.06.03 04:29:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys [2008.06.03 04:27:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys [2008.06.03 04:27:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2012.11.03 14:31:27 | 000,000,000 | ---- | M] () -- C:\Users\Volker\defogger_reenable [2012.11.03 15:42:42 | 004,194,304 | -HS- | M] () -- C:\Users\Volker\ntuser.dat [2012.11.03 15:42:42 | 000,262,144 | -H-- | M] () -- C:\Users\Volker\ntuser.dat.LOG1 [2009.07.17 20:29:04 | 000,000,000 | -H-- | M] () -- C:\Users\Volker\ntuser.dat.LOG2 [2012.11.03 12:00:03 | 000,065,536 | -HS- | M] () -- C:\Users\Volker\ntuser.dat{00a64d69-45ad-11e0-90ce-00235a00acad}.TM.blf [2012.11.03 12:00:03 | 000,524,288 | -HS- | M] () -- C:\Users\Volker\ntuser.dat{00a64d69-45ad-11e0-90ce-00235a00acad}.TMContainer00000000000000000001.regtrans-ms [2011.03.03 17:33:23 | 000,524,288 | -HS- | M] () -- C:\Users\Volker\ntuser.dat{00a64d69-45ad-11e0-90ce-00235a00acad}.TMContainer00000000000000000002.regtrans-ms [2011.03.03 16:56:47 | 000,065,536 | -HS- | M] () -- C:\Users\Volker\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2011.03.03 16:56:47 | 000,524,288 | -HS- | M] () -- C:\Users\Volker\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2009.07.17 20:41:24 | 000,524,288 | -HS- | M] () -- C:\Users\Volker\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2009.07.17 20:29:06 | 000,000,020 | -HS- | M] () -- C:\Users\Volker\ntuser.ini [2012.10.31 10:35:55 | 000,015,133 | ---- | M] () -- C:\Users\Volker\Stadtrallye.docx < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < End of report > Extra.TxtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 03.11.2012 15:10:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Volker\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,97 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 59,21% Memory free
6,15 Gb Paging File | 4,72 Gb Available in Paging File | 76,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 17,29 Gb Free Space | 14,85% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 84,61 Gb Free Space | 36,33% Space Free | Partition Type: NTFS
Drive F: | 114,98 Gb Total Space | 109,60 Gb Free Space | 95,32% Space Free | Partition Type: NTFS
Computer Name: VOLKER-1-K | User Name: Volker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{147C253B-736C-40C2-A60F-85D219D954B1}" = rport=139 | protocol=6 | dir=out | app=system |
"{1DE59135-CB81-42A4-956E-F19D52D6F376}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{52A22740-532B-478B-8422-9627A2A19091}" = rport=138 | protocol=17 | dir=out | app=system |
"{6DC5DB9A-37F2-4982-BC69-1A37D1BD58C2}" = lport=137 | protocol=17 | dir=in | app=system |
"{72C577A7-2F22-42FC-A153-9B1E92819368}" = lport=138 | protocol=17 | dir=in | app=system |
"{9B62E0CB-92B8-4684-B0CC-70B06821EFEF}" = rport=445 | protocol=6 | dir=out | app=system |
"{9F486D91-EBB4-4D66-888E-55D3D0B763AF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A29BA48C-B47B-4C8E-BEFF-7F7C141FCF92}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{ABB79EF3-069C-4B61-8561-39F59383B680}" = lport=445 | protocol=6 | dir=in | app=system |
"{D7156D68-C344-47F4-BD5D-59B903A2733F}" = rport=137 | protocol=17 | dir=out | app=system |
"{DAC81CFE-5D26-4A28-AD23-6BF66D82CA7D}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01148488-CC61-4BC0-A5ED-7F6DD60FE81B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{01C28C40-4D0B-42D8-8C9C-1073A2D7178B}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{075E6639-B325-4B0E-84E9-00DF731CB67C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{0B145919-2403-47B9-A562-93389823B003}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{1033FCCE-DB80-413F-A0A7-5DD43EF38897}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{10964190-1EBE-412A-A276-EBAD3D9AE331}" = protocol=6 | dir=in | app=c:\users\volker\appdata\roaming\dropbox\bin\dropbox.exe |
"{17F9F2C8-5D7E-4D4F-8FD7-F654268D5E4E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{1973E93E-56A3-4DC1-9936-42AB83F70164}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{1A943125-BD10-45F2-BA2E-8D8A680F8948}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{1CDF98E9-3331-4D2A-A0AE-4FEC9AD55049}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2BBEF008-C978-4E76-BC73-ADA626AD5B9D}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{2C7A8E96-B636-4A4C-A800-5B1FF06807B1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{364D1DCA-D8AE-442D-B366-94CC55D7FE8C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{3CF3B339-4A64-4A9A-BE41-2F3F8227E531}" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucgui.exe |
"{406E8E19-0603-48AC-8877-11639D8EA465}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{41EFEF8F-CE82-4EBE-A116-550E4783F295}" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\smartsnmpagent.exe |
"{535BBD17-7266-46A4-AA09-F4D5A7BB600A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{61B40E42-6193-457A-A097-025389E03B68}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{6454469D-D2C0-4691-BCE7-48CB498C8DAE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{68E20ADE-C841-46BC-A0E8-F71D661EB5A5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{723CD3D6-5851-48A9-A613-2D4B1D44CB7C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{81E0B8E3-C98D-48F7-9555-0B3643514D06}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{8656F03F-7AA4-42C3-B7E5-863CBF76CFCF}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{8835802C-3384-4C3B-8F43-102B3F70942E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{884C3610-0B51-4D30-BEB6-3D78EACA8470}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{8BE95F49-73F1-4263-B65A-56266A5ECBE7}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{8F11401D-3E73-4192-ADC7-9E45182F48DB}" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\smartsnmpagent.exe |
"{8F9477AC-5B4E-40E3-AC0A-A604FCE9E2CE}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{A358FE78-88B0-474C-81B8-853F73D10CB6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{A7F8968A-E641-4879-8E8D-50300C60A2C2}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{AD7A166C-3106-4B1C-B731-6BAD8BF047DD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{ADA4E9D5-F810-4958-A9EB-8A207C15263F}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{B320E06A-5578-4775-804B-FBDCC3E1D930}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{B3B3458E-6FEC-4FE9-8D4D-474C5D46688C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{B612402E-8B86-4909-9C4A-892FDCDFA510}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{B8877334-3063-4614-BD71-CD4EAC37317E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{B88E3969-FE1B-47AC-B5BE-6326971CA45E}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{BF2F1098-7AEF-44D5-9403-4C6116F963A6}" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucgui.exe |
"{C0776990-94A8-49F8-87C0-BE65866F822C}" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucservice.exe |
"{C2CBB5E1-C416-4A13-A16A-C0A9FAC1E788}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{C9C52B8A-7B35-4363-9CE1-5A721F9DD02C}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{CE592E30-5371-4AFE-9F45-4480D38FE664}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{D0CE4C65-2E08-4FD4-97DB-FF2209EFFC64}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D82E311F-A1B9-430F-BF85-AB90AE91B446}" = protocol=17 | dir=in | app=c:\users\volker\appdata\roaming\dropbox\bin\dropbox.exe |
"{DB4ECB5A-C6CF-44E8-A5D2-CD948EFCF319}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DECAA38E-5A9C-4EA6-949D-41FAC43C382F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E486F929-90E1-4B5A-9A10-143EF06438F1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{EA6A6671-2122-48BC-983E-03EFCD67AC25}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{F0CD706F-D786-44A4-9427-02E1F932C4D2}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{F5C20CA0-3710-4F74-87F3-37827F7DEBEF}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{F76AADEE-D3AD-46EB-9BF8-11AC3FBC3729}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FCB5A800-C931-4253-9E9A-7885C833E3FD}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{FE59BE2E-6B6B-46B6-B0BA-6EAF4F9B3108}" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucservice.exe |
"TCP Query User{13CED71F-03A4-4A45-AF78-77D3F771760E}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{43EDE42E-BB48-49BA-BB79-201CEABB295E}C:\program files\smart technologies\smart product drivers\smartsnmpagent.exe" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\smartsnmpagent.exe |
"TCP Query User{5D82DEB1-9AAE-4064-9F49-DDEB22A365E7}C:\users\volker\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\volker\appdata\roaming\spotify\spotify.exe |
"TCP Query User{648C2C45-CCBF-4428-A404-F4989BB272C2}C:\windows\system32\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe |
"TCP Query User{84E0880A-A8FE-40F8-9478-710F07EBCDC2}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{AA253288-701F-4A14-B1D7-F9DE23AA72A1}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{AAE3973F-0367-4816-BFFE-520B3B1FD57B}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{AD73DA3F-DC22-45FC-8253-73F18FF4F005}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{C6A4AA31-728B-4F4E-A50B-1C7D47B4F9F8}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{E7258CAC-8849-430B-8F35-E90AD037FAC3}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{41082621-31BA-4FB0-BBB3-4BA11297DADB}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{42BB6DC7-7985-4502-A770-6E36BFF36706}C:\program files\smart technologies\smart product drivers\smartsnmpagent.exe" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\smartsnmpagent.exe |
"UDP Query User{5174FA0E-A9B5-4542-8611-A38B286817AF}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{56011E56-A06A-45D9-8369-7B0D3C40DE89}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{56E58528-BFA2-4D0D-ACF2-5B9D9D259454}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{7D25CCD6-FE84-456E-87E5-BA29EF41830C}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{A3C61277-8E13-47CC-8531-56A9D791FC26}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{C2DC10B9-DA37-40C0-B007-8A5E2AE78739}C:\users\volker\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\volker\appdata\roaming\spotify\spotify.exe |
"UDP Query User{C9CFEA10-6E8A-4543-9D3A-D920C0E1F259}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{EB09215E-E461-4A61-9FFD-2B27D307EF72}C:\windows\system32\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{}_is1" = Ares 3.1.5.3033
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{0024E176-B245-2CFA-FD95-99170C8CE1DA}" = ATI Catalyst Install Manager
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00405945-70C1-4B1D-9A3C-45A2883366AF}" = PS_AIO_05_C4600_Software_Min
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{04441EE4-3631-43DB-813A-9D031380C8E5}" = MarketingReg
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0B775D7D-3AA7-F85A-58EF-56D68DE41799}" = CCC Help German
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{0FEAB98A-EA81-BA2E-D8B4-A337DB86AE18}" = Catalyst Control Center Localization Italian
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22CDA084-FA28-69D4-2EBE-D7EFB908565E}" = Catalyst Control Center Localization Korean
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{29207089-371F-A329-B585-7F1A1725A31C}" = Catalyst Control Center Localization Spanish
"{2D1551BB-4356-2A3F-6930-EB576DA7FAAF}" = Catalyst Control Center Localization Thai
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B6ADFDD-17D1-F657-517E-349FDB13A4D4}" = CCC Help Norwegian
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{415CD877-0970-4CB6-B178-1E72F7DC60E7}" = MyScript HWR (German)
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44C81D1A-0520-49BB-B510-98B8DD414EA1}" = HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5
"{46A7DED5-2ACB-B759-5692-9F110E9B367A}" = Catalyst Control Center Localization Norwegian
"{48D245E0-AEE7-B940-C5EB-AC04740806A2}" = Catalyst Control Center Graphics Full Existing
"{49D73FB2-FCDE-70CE-C33E-386289088D32}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C450198-527B-719F-FA10-F1C5195F5E00}" = CCC Help Chinese Traditional
"{4C818AB1-8D06-443B-1464-FE65F91A0E88}" = CCC Help Greek
"{4CE6C6E8-0DAD-4757-86ED-7FB4035BA98B}" = SMART Product Drivers
"{4DF6D6EB-C560-3537-EF4D-F2837913E612}" = Catalyst Control Center Graphics Previews Vista
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5626EF23-7E2F-7744-1635-BA01EB5DD385}" = Catalyst Control Center Localization Chinese Standard
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58A0BECD-E983-64DD-F496-E06D1859992D}" = Catalyst Control Center Localization Finnish
"{5D650E32-36AA-1E93-EBB1-62BCAD4CA1DA}" = CCC Help Czech
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F71BBC5-01D0-ACD8-71F4-6612EC307434}" = Catalyst Control Center Localization German
"{611EF8A2-4613-9D14-8227-9BBF183B4A83}" = CCC Help Russian
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61F1F765-9CE2-4CA1-7A61-EEA035A461DF}" = CCC Help Hungarian
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6326AAD3-9A54-9E3A-6523-B0CC6EC61CFC}" = CCC Help Thai
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6C6DB10B-A3B1-AF9A-8112-7E29A11865BE}" = Catalyst Control Center Localization Turkish
"{6C76599B-5E89-F9BC-D997-010D3CAF73BD}" = CCC Help Chinese Standard
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A80DE7-A133-9B2A-CDEF-32CF4D93DAB3}" = Catalyst Control Center Localization French
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{788741FE-8F03-4DB2-A76C-43D748E81B67}" = Catalyst Control Center - Branding
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B3425E6-6D8A-C439-7E29-16EDCAF20940}" = Catalyst Control Center Localization Japanese
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CDD7C4C-5224-40E4-951F-51C12FEAB8AB}" = C4600
"{7EAEB757-4D63-481C-9765-F2F55D76A869}" = Anvil Studio 2012
"{7F40CE93-E345-E5D0-AA47-01B3E9C7A51E}" = CCC Help French
"{80EB34C1-4D7D-E462-6A78-D6DCE9DED0A4}" = CCC Help Italian
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{87725CEF-1BC6-47C5-B2CD-96DD6D392EE3}" = Dolby Control Center
"{8780B0B9-1D49-C9EF-0E9D-204276558193}" = Catalyst Control Center Graphics Light
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91954330-C8C1-7708-093C-65A5BEF0DDBD}" = Catalyst Control Center Localization Chinese Traditional
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9550F8A6-3D21-4544-8B87-F9FE7E01B964}" = SMART Notebook
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9BFF3BEA-16EE-6A4D-5290-87BAE80B7860}" = Search Assistant Precisead
"{9EC9754D-CA34-4293-B5DB-3BD245A88A43}" = ArcSoft MediaImpression
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A1A9DB17-BE08-8998-88DA-9AF66121B307}" = ccc-utility
"{A2A2D9CF-9A10-61BE-C41F-E64CF3EEFAF2}" = Catalyst Control Center Localization Greek
"{A498B88E-3DA4-653A-F9EB-8F278953DDC0}" = CCC Help Spanish
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{ACA85783-8EEA-4f0a-B2A3-A8173F30209F}" = C4200_doccd
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2A158F7-FC5E-B589-AA64-5D273BABCB68}" = Catalyst Control Center Core Implementation
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6070448-A831-E202-0F1F-3EA58D6A4BEE}" = CCC Help Dutch
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BFA0E709-923C-4906-C62F-E08F5E5C6442}" = CCC Help Polish
"{BFDE4176-5DFE-4db9-AA00-8F30CB001BDA}" = c4200_Help
"{C10B1F0F-3B27-ECC1-A199-32DBFA86488C}" = Catalyst Control Center Graphics Full New
"{C2BAB668-2C3B-938D-741A-3B8F21D7F24D}" = CCC Help Danish
"{C39E671D-0528-4c5e-A034-8470C5BC393A}" = C4200
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C408D954-254D-ECBF-6A0E-77A3949B184A}" = CCC Help Turkish
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C76A79CB-5D4C-2F9D-1ECE-A14A4D152973}" = ccc-core-static
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB319AA8-61A5-9BB5-B3D0-EC37061D6DF9}" = CCC Help Portuguese
"{CB382DF4-E0F0-2A6E-00EC-4F3B65510F76}" = Catalyst Control Center Localization Russian
"{CB5BB134-66AA-0AA9-CBCE-2ABB0528DD8F}" = Catalyst Control Center Localization Dutch
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0ACE207-0F90-402C-8CFA-2CB3D44CE689}" = Adobe Photoshop Lightroom 3.6
"{D249C9A4-8030-9E94-0F84-A8657478CF0B}" = Catalyst Control Center Localization Czech
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E0D47A97-8861-EEA0-C989-5E229F33A7C7}" = Catalyst Control Center Localization Portuguese
"{E2142733-460B-4BC8-0C06-B5E860312908}" = Catalyst Control Center Localization Danish
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5D2A8BB-9FFA-B33A-CC20-CFD7F33EAC52}" = Catalyst Control Center Localization Swedish
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{EA47FA11-B0DE-AB2E-3097-505E457F5AA5}" = Catalyst Control Center Localization Hungarian
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{ECE423CF-CD10-60DD-4A3A-8B7B3EA6AD03}" = CCC Help Finnish
"{EDAC6E0D-F93B-4B80-9377-F57D3BB5E6B1}" = MyScript HWR (Spanish)
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4431ADE-A53E-70B9-CEE3-CF4B00CF3421}" = CCC Help Swedish
"{F44A9E2F-79FA-9421-A4FD-3942462B085D}" = CCC Help Korean
"{F4DFFE61-3F61-A61A-698F-A4C62D8F46F9}" = Catalyst Control Center InstallProxy
"{F56C72A0-AC46-35A1-1C37-B80C1A3ABE7D}" = Skins
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F80608B5-CBEF-A963-08E7-A1170B4FDC9C}" = Catalyst Control Center Localization Polish
"{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}" = HDMI Control Manager
"{FD111943-7A14-F1F8-393B-02B5ABED3E8A}" = CCC Help Japanese
"{FD7F242B-9AA0-40c3-941E-3A9821D19C09}" = PS_AIO_ProductContext
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1ClickDownload" = 1ClickDownloader
"3971-4815-1971-1205" = Renta2009 1.23
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ares" = Ares 2.1.8
"Audacity_is1" = Audacity 1.2.6
"AudibleDownloadManager" = Audible Download Manager
"Audio Speed Changer Pro" = Audio Speed Changer Pro 1.4
"Avira AntiVir Desktop" = Avira Free Antivirus
"BIMPLite" = BIMP Lite 1.62
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"Dany's Virtual Drum 2 (Beta 3)" = Dany's Virtual Drum 2 (Beta 3)
"DivX Setup.divx.com" = DivX-Setup
"e5d34685-b287-d0ba-6f4e-11a54427f2e2" = Contextual Tool Precisead
"fjvwqglgcsyqfvegv" = RON Too1 Precisead
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = HP OCR Software 9.0
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Live 8.2.2" = Live 8.2.2
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Pistonsoft BPM Detector_is1" = Pistonsoft BPM Detector 1.0
"Shop for HP Supplies" = Shop for HP Supplies
"Syncrosoft License Control" = Syncrosoft Lizenz Kontrolle
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 6" = TeamViewer 6
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TuneUpMedia" = TuneUp Companion 2.4.4.3
"VLC media player" = VLC media player 1.0.0
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.09.2011 11:37:31 | Computer Name = Volker-1-K | Source = Windows Search Service | ID = 3013
Description =
Error - 27.09.2011 14:30:30 | Computer Name = Volker-1-K | Source = WDSmartWareBackgroundService | ID = 0
Description =
Error - 27.09.2011 14:31:17 | Computer Name = Volker-1-K | Source = WinMgmt | ID = 10
Description =
Error - 28.09.2011 09:43:47 | Computer Name = Volker-1-K | Source = WDSmartWareBackgroundService | ID = 0
Description =
Error - 28.09.2011 09:44:17 | Computer Name = Volker-1-K | Source = WinMgmt | ID = 10
Description =
Error - 28.09.2011 10:12:00 | Computer Name = Volker-1-K | Source = Windows Search Service | ID = 3013
Description =
Error - 28.09.2011 16:13:51 | Computer Name = Volker-1-K | Source = WDSmartWareBackgroundService | ID = 0
Description =
Error - 28.09.2011 16:14:20 | Computer Name = Volker-1-K | Source = WinMgmt | ID = 10
Description =
Error - 28.09.2011 16:23:23 | Computer Name = Volker-1-K | Source = EventSystem | ID = 4621
Description =
Error - 29.09.2011 09:36:19 | Computer Name = Volker-1-K | Source = WDSmartWareBackgroundService | ID = 0
Description =
[ OSession Events ]
Error - 16.01.2010 06:47:13 | Computer Name = Volker-1-K | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8737
seconds with 2100 seconds of active time. This session ended with a crash.
Error - 05.10.2010 14:51:54 | Computer Name = Volker-1-K | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 35
seconds with 0 seconds of active time. This session ended with a crash.
Error - 02.12.2010 11:07:06 | Computer Name = Volker-1-K | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1973
seconds with 0 seconds of active time. This session ended with a crash.
Error - 12.02.2012 08:45:02 | Computer Name = Volker-1-K | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2529
seconds with 780 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 03.11.2012 07:39:17 | Computer Name = Volker-1-K | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X MS Host Controller" (PCI\VEN_197B&DEV_2383&SUBSYS_FF021179&REV_00\4&21d1b20d&0&0328)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 03.11.2012 07:39:17 | Computer Name = Volker-1-K | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X xD Host Controller" (PCI\VEN_197B&DEV_2384&SUBSYS_FF021179&REV_00\4&21d1b20d&0&0428)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 03.11.2012 09:17:43 | Computer Name = Volker-1-K | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 03.11.2012 um 13:50:22 unerwartet heruntergefahren.
Error - 03.11.2012 09:19:11 | Computer Name = Volker-1-K | Source = Service Control Manager | ID = 7000
Description =
Error - 03.11.2012 09:19:11 | Computer Name = Volker-1-K | Source = Service Control Manager | ID = 7000
Description =
Error - 03.11.2012 09:22:24 | Computer Name = Volker-1-K | Source = PlugPlayManager | ID = 12
Description = Das Gerät "OHCI-konformer IEEE 1394-Hostcontroller" (PCI\VEN_197B&DEV_2380&SUBSYS_FF001179&REV_00\4&21d1b20d&0&0028)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 03.11.2012 09:22:24 | Computer Name = Volker-1-K | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD/MMC Host Controller" (PCI\VEN_197B&DEV_2382&SUBSYS_FF021179&REV_00\4&21d1b20d&0&0128)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 03.11.2012 09:22:24 | Computer Name = Volker-1-K | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD Host Controller" (PCI\VEN_197B&DEV_2381&SUBSYS_FF021179&REV_00\4&21d1b20d&0&0228)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 03.11.2012 09:22:24 | Computer Name = Volker-1-K | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X MS Host Controller" (PCI\VEN_197B&DEV_2383&SUBSYS_FF021179&REV_00\4&21d1b20d&0&0328)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 03.11.2012 09:22:24 | Computer Name = Volker-1-K | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X xD Host Controller" (PCI\VEN_197B&DEV_2384&SUBSYS_FF021179&REV_00\4&21d1b20d&0&0428)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
< End of report >
Gruß Volker |
|
03.11.2012, 16:59
| #4 |
| /// Malware-holic | ihavenet - Virus hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKCU..\Run: [vwdpohh] C:\Users\Volker\AppData\Roaming\KBDUR1P.dll ()
O4 - HKCU..\Run: [Gytoywehe] C:\Users\Volker\AppData\Roaming\Ofydt\ogapf.exe ()
[2012.11.03 12:43:48 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\Egpo
:Files
C:\Users\Volker\AppData\Roaming\KBDUR1P.dll
C:\Users\Volker\AppData\Roaming\Ofydt
:Commands
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
 downloade get info: http://markusg.trojaner-board.de/GetInfo.exe doppelklicke die .exe im selben ordner wird nun eine .txt erstellt: summary-info.txt diese doppelklicken und deren inhalt posten. für eine weitere analyse benötige ich mal folgendes. c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte Trojaner-Board Upload Channel wenn dies erledigt ist, bittemelden. lade und instaliere 7zip: 7-Zip Download - 7-Zip 9.20 gehe dann auf start, ausführen, tippe: regedit enter dort klappe auf der linken seite alles zu. Gehe dann auf datei, exportieren, suche einen ort, den du leicht wiederfindest, und vergib einen dateinamen, den du leicht wieder erkennst. schließe den registrierungseditor nach dem speichern, navigiere zu der datei die du soeben erstellt hast, rechtsklick, 7zip menü aufklappen, zu einem archiv hinzufügen wählen. folgene einstellungen vornemen: archivtyp, 7zip kompressionsstärke: ultra kompress.verfahren: lzma2 wörterbuchgröße: 64 mb wortgröße: 273 größe solider blöcke: solide klicke nun auf ok, archiv wird erstellt. dieses lädst du bei: File-Upload.net - Ihr kostenloser File Hoster! hoch und sendest mir den download link bitte als private nachicht. Frage: hast du zum infektionszeitpunkt, bzw evtl. einen tag davor, etwas runtergeladen und instaliert bzw ausgeführt? wurdest du beim besuch einer seite aufgefordert etwas zu instalieren bzw runterzuladen? diese infos hätte ich auch gern als private nachicht.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.11.2012, 17:22
| #5 |
| | ihavenet - Virus Danke, die Antwort kommt ja sehr schnell. Aber, ich habe keine Text-Datei erhalten. Wo kann die sich eventuell "verstecken"? Gruß |
|
03.11.2012, 17:28
| #6 |
| /// Malware-holic | ihavenet - Virus macht nichts, mach weiter mit dem rest, die textdatei find ich dann schon im upload.
__________________ --> ihavenet - Virus |
|
03.11.2012, 17:35
| #7 |
| | ihavenet - Virus Das Hochladen geht leider nicht. Es wird immer gebeten, den Link zum Thread zu überprüfen, dabei habe ich ihn aus dem Thread selbst herauskopiert. summary-info.txt System volume information: dwHighDateTime = 0x1c927dc,dwLowDateTime = 0x40c20cff System32: dwHighDateTime = 0x1c6fe70,dwLowDateTime = 0xa3cd0a16 dwSerialNumber = 0x80c4bf8 |
|
03.11.2012, 17:42
| #8 |
| /// Malware-holic | ihavenet - Virus dann lad moved files auch bei File-Upload.net - Ihr kostenloser File Hoster! hoch und send mir den link als private nachicht + dem registry export + die info um die ich gebeten hab. danke für getinfo.txt
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.11.2012, 17:45
| #9 |
| | ihavenet - Virus Sorry, du musst bitte ein bisschen langsamer machen. Das Folgende verstehe ich nicht: "gehe dann auf start, ausführen, tippe: regedit enter" An einen bestimmten Dowinload kann ich mich nicht erinnern. Danke wie schicke ich dir denn eine private Nachricht? Hab's gefunden, Sorry |
|
03.11.2012, 17:50
| #10 |
| /// Malware-holic | ihavenet - Virus was verstehst du da nicht genau. wenn du auf start gehst, hast du dort das feld ausführen bzw suchen da schreibst du das genannte rein, und drückst enter. wegen der privaten nachicht. klicke auf meinen namen, dann auf nachicht senden, private nachicht an markusg senden, da trägst du nen betreff ein, und schreibst los :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.11.2012, 17:55
| #11 |
| | ihavenet - Virus Nachricht ist wech ... den Rest mache ich jetzt. ICh wusste nicht, dass "suchen" & "ausführen" das gleiche sind. |
|
03.11.2012, 17:58
| #12 |
| /// Malware-holic | ihavenet - Virus hi hast du evtl. in der zwischenzeit ne meldung deines antivirus programms bekommen? falls ja, poste die mal das erstellen vom archiv kannnst du sein lassen, die dll ist nicht drinn für die ich das archiv benötigt hätte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.11.2012, 20:23
| #13 |
| | ihavenet - Virus Das Programm hat offensichtlich zwei Viren gefunden. Zu einem gibt es mir folgende Angabe: EXP/2012-1723.FP: Verbreitungsmethode: • Keine eigene Verbreitungsroutine • Avast: Java:CVE-2012-1723-PI • Microsoft: Exploit:Java/CVE-2012-1723.BTS • Eset: Java/Exploit.CVE-2012-1723.CT Betriebsysteme: • Windows 2000 • Windows XP • Windows 2003 • Windows Vista • Windows Server 2008 • Windows 7 Auswirkungen: • Kann zur Ausführung von schädlichem Code verwendet werden • Lädt eine Dateien herunter • Macht sich Software Verwundbarkeit zu nutzen • CVE-2012-1723 |
|
03.11.2012, 20:24
| #14 |
| /// Malware-holic | ihavenet - Virus öffne mal avira, verwaltung, quarantäne, poste mir dort alles was gefunden wurde, mit erkennungsname + pfad angabe
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.11.2012, 20:35
| #15 |
| | ihavenet - Virus Avira reagiert sehr langsam... Aber ich bin dran. |
|
| Themen zu ihavenet - Virus |
| ihavenet, ihavenet.com virus, leute, virus |
Linear-Darstellung
