| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werdenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.01.2013, 20:42
| #1 |
 |  Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werden Hallo Trojaner-board Ich habe ein riesiges Problem mit verschiedenen Wechseldatenträgern vorallem mit meiner externen Festplatte und meinem Smartphone. Habe die Suchfunktion und Google auch schon berfragt aber nichts konnte mir weiter helfen. Mein Problem ist folgendes: 1. Externe Festplatte: Wenn ich die Festplatte anschließe und den Ordner öffne sind alle Ordner auf der Festplatte nur noch Verknüpfungen die ich aber etwas umständlich öffnen kann. Ich Doppelklicke auf irgend einen Ordner und es kommt ein Fester. (Im Anhang Fehlermeldung). Danach öffnet sich kurz die Eingabeaufforderung aber dort steht nichts drin und schließt sich auch gleich wieder. Nun öffnet sich der Ordner und ich kann auf die Datei zugreifen. Das wäre mein erstes Problem. 2.Smartphone: Nun wenn ich mein Handy anstecke und z.B. den Ordner DCIM öffnen will kommt die Fehlermeldung die im Anhang unter Fehlermeldung 2 zu finden ist. Auf meinem Handy sind nicht nur Bilder sondern auch wichtige Daten die ich dringend sichern müsste. Falls es etwas hilft es handelt sich um ein HTC Sensation XL. Ich habe schon alles mögliche ausprobiert trotzdem findet jegliche Software keine Viren bzw. es erscheinen keine Meldungen. Ich hoffe ihr könnt mir helfen.  Lg momo |
|
23.01.2013, 17:06
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werden Hallo und
__________________ Hast du Virenscanner-Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
23.01.2013, 18:40
| #3 |
| | Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werden Gleich mal danke für die schnelle Antwort
__________________Hier sind mal die Logs die ich gefunden habe und die auf dem neuestem Stand sind. Code:
ATTFilter ***** DRIVE/DIRECTORY SCAN *****
Trojan Remover Ver 6.8.5.2611. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 20:02:41 22 Jan 2013
Using Database v7958
Operating System: Windows 7 x64 Professional (SP1) [Build: 6.1.7601]
File System: NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\Schüler\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Users\Schüler\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files (x86)\Trojan Remover\
Running with Administrator privileges
************************************************************
Carrying out scan on E:\
(including subdirectories)
Archive files will be EXCLUDED.
------------------------------
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-AE38E192-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-A1B40A87-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-AE2ACA11-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-A1A5F306-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-100119FB-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-B8D71225-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-B8C8FAA4-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-AE46F913-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-B8BAE323-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-69CCEDAE-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-69BED62D-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-69B0BEAC-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-80D3C64A-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-80C5AEC9-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-AE551094-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-7914096A-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-7162640B-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-88856BA9-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-AE8D6E98-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\HtcPhotoGridWidget3D\EEB7B6D1\0-88775428-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\10-19DA5BAC-555630-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\10-A78BC837-181171-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\10-5547A3EC-612315-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\11-19DA5BAC-555630-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\12-19DA5BAC-555630-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\12-6CDE3664-1548447-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\1355052034886.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\.thumbnails\101-DF7D223F-1206281-800.jpg - this file cannot be found (on unconnected removable drive)
E:\DCIM\100MEDIA - this file cannot be found (on unconnected removable drive)
E:\HTC Sync - this file cannot be found (on unconnected removable drive)
E:\Music - this file cannot be found (on unconnected removable drive)
E:\QSG - this file cannot be found (on unconnected removable drive)
E:\UM - this file cannot be found (on unconnected removable drive)
E:\Video - this file cannot be found (on unconnected removable drive)
E:\My Documents - this file cannot be found (on unconnected removable drive)
E:\tmp - this file cannot be found (on unconnected removable drive)
E:\Android - this file cannot be found (on unconnected removable drive)
E:\media - this file cannot be found (on unconnected removable drive)
E:\Navigon - this file cannot be found (on unconnected removable drive)
E:\leorc - this file cannot be found (on unconnected removable drive)
E:\temp - this file cannot be found (on unconnected removable drive)
------------------------------
1283 files scanned
Directory scan complete - no Malware files detected
Scan completed at: 20:07:04 22 Jan 2013
Total Scan time: 00:04:22
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.5.2611. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 19:58:22 22 Jan 2013
Using Database v7958
Operating System: Windows 7 x64 Professional (SP1) [Build: 6.1.7601]
File System: NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\Schüler\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Users\Schüler\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files (x86)\Trojan Remover\
Running with Administrator privileges
************************************************************
19:58:22: ----- CHECKING DEFAULT FILE ASSOCIATIONS -----
No modified default file associations detected
************************************************************
19:58:22: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
19:58:22: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: C:\windows\Explorer.exe
C:\windows\Explorer.exe
2871808 bytes
Created: 19.06.2011 16:02
Modified: 25.02.2011 07:19
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\Windows\system32\userinit.exe,]
File: C:\Windows\system32\userinit.exe
C:\windows\System32\userinit.exe
30720 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [NBAgent]
Value Data: ["C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart]
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
1406248 bytes
Created: 07.01.2011 17:48
Modified: 07.01.2011 17:48
Company: Nero AG
--------------------
Value Name: [TOSDCR]
Value Data: [%ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe]
C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe - [file not found to scan]
--------------------
Value Name: [ITSecMng]
Value Data: [%ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START]
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe - [file not found to scan]
--------------------
Value Name: [TUSBSleepChargeSrv]
Value Data: [%ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe]
C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
253312 bytes
Created: 05.08.2011 08:34
Modified: 26.10.2009 10:29
Company: TOSHIBA
--------------------
Value Name: [TWebCamera]
Value Data: ["C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun]
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
2454840 bytes
Created: 05.08.2011 08:43
Modified: 01.05.2010 16:02
Company: TOSHIBA CORPORATION.
--------------------
Value Name: [TNRotate]
Value Data: [%ProgramFiles(x86)%\TOSHIBA\TNRotate\TNRotate.exe]
C:\Program Files (x86)\TOSHIBA\TNRotate\TNRotate.exe
607688 bytes
Created: 05.08.2011 08:45
Modified: 25.11.2010 14:00
Company: TOSHIBA Corporation
--------------------
Value Name: [Adobe ARM]
Value Data: ["C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
937920 bytes
Created: 06.06.2011 11:55
Modified: 06.06.2011 11:55
Company: Adobe Systems Incorporated
--------------------
Value Name: [SunJavaUpdateSched]
Value Data: ["C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
254696 bytes
Created: 09.06.2011 12:06
Modified: 09.06.2011 12:06
Company: Sun Microsystems, Inc.
--------------------
Value Name: [AVG_TRAY]
Value Data: ["C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"]
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
2596984 bytes
Created: 31.07.2012 02:37
Modified: 31.07.2012 02:37
Company: AVG Technologies CZ, s.r.o.
--------------------
Value Name: [BCSSync]
Value Data: ["C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices]
C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
91520 bytes
Created: 13.03.2010 13:54
Modified: 13.03.2010 13:54
Company: Microsoft Corporation
--------------------
Value Name: [avgnt]
Value Data: ["C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min]
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
384800 bytes
Created: 11.10.2012 14:28
Modified: 11.12.2012 17:37
Company: Avira Operations GmbH & Co. KG
--------------------
Value Name: [CanonSolutionMenuEx]
Value Data: [C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon]
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
1637496 bytes
Created: 31.10.2012 13:24
Modified: 04.08.2011 14:41
Company: CANON INC.
--------------------
Value Name: [TrojanScanner]
Value Data: [C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot]
C:\Program Files (x86)\Trojan Remover\Trjscan.exe
1247504 bytes
Created: 22.01.2013 19:57
Modified: 14.09.2012 11:58
Company: Simply Super Software
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: [Steam]
Value Data: ["C:\Program Files (x86)\Steam\steam.exe" -silent]
C:\Program Files (x86)\Steam\steam.exe
1354736 bytes
Created: 16.03.2011 09:47
Modified: 04.12.2012 19:44
Company: Valve Corporation
--------------------
Value Name: [DAEMON Tools Pro Agent]
Value Data: ["C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun]
C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
3111744 bytes
Created: 26.04.2012 13:33
Modified: 26.04.2012 13:33
Company: DT Soft Ltd
--------------------
Value Name: [SDP]
Value Data: [C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto ]
C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe
201808 bytes
Created: 03.10.2012 07:22
Modified: 03.10.2012 07:22
Company: Somoto
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
************************************************************
19:58:25: Scanning -----WINDOWS 64 Bit REGISTRY-----
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [IgfxTray]
Value Data: [C:\windows\system32\igfxtray.exe]
C:\windows\System32\igfxtray.exe
162328 bytes
Created: 30.01.2011 20:14
Modified: 30.01.2011 20:14
Company: Intel Corporation
--------------------
Value Name: [HotKeysCmds]
Value Data: [C:\windows\system32\hkcmd.exe]
C:\windows\System32\hkcmd.exe
386584 bytes
Created: 30.01.2011 20:14
Modified: 30.01.2011 20:14
Company: Intel Corporation
--------------------
Value Name: [Persistence]
Value Data: [C:\windows\system32\igfxpers.exe]
C:\windows\System32\igfxpers.exe
417304 bytes
Created: 30.01.2011 20:14
Modified: 30.01.2011 20:14
Company: Intel Corporation
--------------------
Value Name: [TPwrMain]
Value Data: [%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE]
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
567720 bytes
Created: 05.11.2010 19:22
Modified: 05.11.2010 19:22
Company: TOSHIBA Corporation
--------------------
Value Name: [HSON]
Value Data: [%ProgramFiles%\TOSHIBA\TBS\HSON.exe]
C:\Program Files\TOSHIBA\TBS\HSON.exe
296824 bytes
Created: 25.09.2010 11:01
Modified: 25.09.2010 11:01
Company: TOSHIBA Corporation
--------------------
Value Name: [SmoothView]
Value Data: [%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe]
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
570680 bytes
Created: 13.08.2009 11:31
Modified: 13.08.2009 11:31
Company: TOSHIBA Corporation
--------------------
Value Name: [00TCrdMain]
Value Data: [%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe]
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
915320 bytes
Created: 28.10.2010 13:27
Modified: 28.10.2010 13:27
Company: TOSHIBA Corporation
--------------------
Value Name: [RtHDVCpl]
Value Data: [C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
8305664 bytes
Created: 05.08.2011 08:28
Modified: 30.10.2009 13:16
Company: Realtek Semiconductor
--------------------
Value Name: [Apoint]
Value Data: [C:\Program Files\Apoint2K\Apoint.exe]
C:\Program Files\Apoint2K\Apoint.exe
315392 bytes
Created: 06.01.2010 12:12
Modified: 06.01.2010 12:12
Company: Alps Electric Co., Ltd.
--------------------
Value Name: [ThpSrv]
Value Data: [C:\windows\system32\thpsrv /logon]
C:\windows\SysWOW64\thpsrv - [file not found to scan]
--------------------
Value Name: [SmartFaceVWatcher]
Value Data: [%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe]
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
238080 bytes
Created: 29.07.2009 07:21
Modified: 29.07.2009 07:21
Company: TOSHIBA Corporation
--------------------
Value Name: [Teco]
Value Data: ["%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r]
C:\Program Files\TOSHIBA\TECO\Teco.exe
1544104 bytes
Created: 07.04.2011 13:35
Modified: 07.04.2011 13:35
Company: TOSHIBA Corporation
--------------------
Value Name: [TosSENotify]
Value Data: [C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe]
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
709976 bytes
Created: 05.02.2010 16:45
Modified: 05.02.2010 16:45
Company: TOSHIBA Corporation
--------------------
Value Name: [TFPUPWDBankService]
Value Data: [C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe /start]
C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe
925104 bytes
Created: 02.03.2010 09:24
Modified: 02.03.2010 09:24
Company: TOSHIBA
--------------------
Value Name: [TFPUService]
Value Data: [C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe /start]
C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe
789368 bytes
Created: 04.11.2010 10:03
Modified: 04.11.2010 10:03
Company: TOSHIBA
--------------------
Value Name: [TosReelTimeMonitor]
Value Data: [%ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe]
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
38304 bytes
Created: 14.12.2010 16:00
Modified: 14.12.2010 16:00
Company: TOSHIBA Corporation
--------------------
Value Name: [TosVolRegulator]
Value Data: [C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe]
C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
24376 bytes
Created: 05.08.2011 08:54
Modified: 11.11.2009 13:31
Company: TOSHIBA Corporation
--------------------
Value Name: [Toshiba TEMPRO]
Value Data: [C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe]
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
1546720 bytes
Created: 10.02.2011 08:25
Modified: 10.02.2011 08:25
Company: Toshiba Europe GmbH
--------------------
Value Name: [Toshiba Registration]
Value Data: [C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe]
C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
150992 bytes
Created: 19.06.2011 16:22
Modified: 19.06.2011 16:22
Company: Toshiba Europe GmbH
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
************************************************************
19:58:27: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}
Value: Groove GFS Stub Execution Hook
File: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
6670496 bytes
Created: 16.08.2012 05:51
Modified: 16.08.2012 05:51
Company: Microsoft Corporation
----------
************************************************************
19:58:27: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
19:58:27: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
************************************************************
19:58:27: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
Path: %SystemRoot%\system32\unregmp2.exe /ShowWMP
C:\windows\System32\unregmp2.exe
323584 bytes
Created: 14.07.2009 01:23
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
----------
Key: >{26923b43-4d38-484f-9b9e-de460746276c}
Path: C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
C:\Windows\SysWOW64\ie4uinit.exe
74240 bytes
Created: 19.06.2011 15:51
Modified: 19.06.2011 15:51
Company: Microsoft Corporation
----------
Key: {2C7339CF-2B09-4501-B3F3-F3508C9228ED}
Path: %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
C:\windows\System32\themeui.dll
2851840 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Path: "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
C:\Program Files (x86)\Windows Mail\WinMail.exe
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
C:\windows\System32\unregmp2.exe
323584 bytes
Created: 14.07.2009 01:23
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
----------
Key: {89820200-ECBD-11cf-8B85-00AA005B4340}
Path: regsvr32.exe /s /n /i:U shell32.dll
C:\windows\System32\shell32.dll
14172672 bytes
Created: 02.10.2012 11:47
Modified: 09.06.2012 06:43
Company: Microsoft Corporation
----------
Key: {89820200-ECBD-11cf-8B85-00AA005B4383}
Path: C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
C:\Windows\SysWOW64\ie4uinit.exe
74240 bytes
Created: 19.06.2011 15:51
Modified: 19.06.2011 15:51
Company: Microsoft Corporation
----------
Key: {89B4C1CD-B018-4511-B0A1-5476DBF70820}
Path: C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
C:\Windows\SysWOW64\mscories.dll
80720 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
************************************************************
19:58:29: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppHostSvc
Path: %windir%\system32\inetsrv\apphostsvc.dll
C:\windows\System32\inetsrv\apphostsvc.dll
65536 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
--------------------
Key: StorSvc
Path: %SystemRoot%\system32\storsvc.dll
C:\windows\System32\storsvc.dll
17920 bytes
Created: 14.07.2009 01:00
Modified: 14.07.2009 02:41
Company: Microsoft Corporation
--------------------
Key: W3SVC
Path: %windir%\system32\inetsrv\iisw3adm.dll
C:\windows\System32\inetsrv\iisw3adm.dll
453120 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
--------------------
Key: WAS
Path: %windir%\system32\inetsrv\iisw3adm.dll
C:\windows\System32\inetsrv\iisw3adm.dll
453120 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
--------------------
************************************************************
19:58:31: Scanning ----- SERVICES REGISTRY KEYS -----
Key: 1394ohci
ImagePath: \SystemRoot\system32\drivers\1394ohci.sys
C:\windows\System32\drivers\1394ohci.sys
229888 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: ACPI
ImagePath: system32\drivers\ACPI.sys
C:\windows\System32\drivers\ACPI.sys
334208 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: AcpiPmi
ImagePath: \SystemRoot\system32\drivers\acpipmi.sys
C:\windows\System32\drivers\acpipmi.sys
12800 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: AdobeARMservice
ImagePath: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
64952 bytes
Created: 06.06.2011 11:55
Modified: 06.06.2011 11:55
Company: Adobe Systems Incorporated
----------
Key: adp94xx
ImagePath: \SystemRoot\system32\drivers\adp94xx.sys
C:\windows\System32\drivers\adp94xx.sys
491088 bytes
Created: 10.06.2009 21:36
Modified: 14.07.2009 02:52
Company: Adaptec, Inc.
----------
Key: adpahci
ImagePath: \SystemRoot\system32\drivers\adpahci.sys
C:\windows\System32\drivers\adpahci.sys
339536 bytes
Created: 13.07.2009 22:59
Modified: 14.07.2009 02:52
Company: Adaptec, Inc.
----------
Key: adpu320
ImagePath: \SystemRoot\system32\drivers\adpu320.sys
C:\windows\System32\drivers\adpu320.sys
182864 bytes
Created: 13.07.2009 22:59
Modified: 14.07.2009 02:52
Company: Adaptec, Inc.
----------
Key: AFD
ImagePath: \SystemRoot\system32\drivers\afd.sys
C:\windows\System32\drivers\afd.sys
498688 bytes
Created: 02.10.2012 11:44
Modified: 28.12.2011 04:59
Company: Microsoft Corporation
----------
Key: AgereSoftModem
ImagePath: system32\DRIVERS\agrsm64.sys
C:\windows\System32\DRIVERS\agrsm64.sys
1146880 bytes
Created: 10.06.2009 22:01
Modified: 10.06.2009 22:01
Company: LSI Corp
----------
Key: agp440
ImagePath: \SystemRoot\system32\drivers\agp440.sys
C:\windows\System32\drivers\agp440.sys
61008 bytes
Created: 14.07.2009 00:38
Modified: 14.07.2009 02:52
Company: Microsoft Corporation
----------
Key: ALG
ImagePath: %SystemRoot%\System32\alg.exe
C:\windows\System32\alg.exe
79360 bytes
Created: 14.07.2009 01:08
Modified: 14.07.2009 02:38
Company: Microsoft Corporation
----------
Key: aliide
ImagePath: \SystemRoot\system32\drivers\aliide.sys
C:\windows\System32\drivers\aliide.sys
15440 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:52
Company: Acer Laboratories Inc.
----------
Key: amdide
ImagePath: \SystemRoot\system32\drivers\amdide.sys
C:\windows\System32\drivers\amdide.sys
15440 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:52
Company: Microsoft Corporation
----------
Key: AmdK8
ImagePath: \SystemRoot\system32\drivers\amdk8.sys
C:\windows\System32\drivers\amdk8.sys
64512 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 00:19
Company: Microsoft Corporation
----------
Key: AmdPPM
ImagePath: \SystemRoot\system32\drivers\amdppm.sys
C:\windows\System32\drivers\amdppm.sys
60928 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 00:19
Company: Microsoft Corporation
----------
Key: amdsata
ImagePath: \SystemRoot\system32\drivers\amdsata.sys
C:\windows\System32\drivers\amdsata.sys
107904 bytes
Created: 19.06.2011 15:54
Modified: 11.03.2011 07:41
Company: Advanced Micro Devices
----------
Key: amdsbs
ImagePath: \SystemRoot\system32\drivers\amdsbs.sys
C:\windows\System32\drivers\amdsbs.sys
194128 bytes
Created: 10.06.2009 21:37
Modified: 14.07.2009 02:52
Company: AMD Technologies Inc.
----------
Key: amdxata
ImagePath: system32\drivers\amdxata.sys
C:\windows\System32\drivers\amdxata.sys
27008 bytes
Created: 19.06.2011 15:54
Modified: 11.03.2011 07:41
Company: Advanced Micro Devices
----------
Key: AntiVirSchedulerService
ImagePath: "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
85280 bytes
Created: 11.10.2012 14:28
Modified: 11.12.2012 17:40
Company: Avira Operations GmbH & Co. KG
----------
Key: AntiVirService
ImagePath: "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
109344 bytes
Created: 11.10.2012 14:28
Modified: 11.12.2012 17:37
Company: Avira Operations GmbH & Co. KG
----------
Key: ApfiltrService
ImagePath: \SystemRoot\system32\drivers\Apfiltr.sys
C:\windows\System32\drivers\Apfiltr.sys
267824 bytes
Created: 27.11.2009 21:40
Modified: 27.11.2009 21:40
Company: Alps Electric Co., Ltd.
----------
Key: AppID
ImagePath: \SystemRoot\system32\drivers\appid.sys
C:\windows\System32\drivers\appid.sys
61440 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: arc
ImagePath: \SystemRoot\system32\drivers\arc.sys
C:\windows\System32\drivers\arc.sys
87632 bytes
Created: 13.07.2009 22:59
Modified: 14.07.2009 02:52
Company: Adaptec, Inc.
----------
Key: arcsas
ImagePath: \SystemRoot\system32\drivers\arcsas.sys
C:\windows\System32\drivers\arcsas.sys
97856 bytes
Created: 13.07.2009 22:59
Modified: 14.07.2009 02:52
Company: Adaptec, Inc.
----------
Key: aspnet_state
ImagePath: %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
51648 bytes
Created: 08.07.2012 23:24
Modified: 08.07.2012 23:24
Company: Microsoft Corporation
----------
Key: AsyncMac
ImagePath: system32\DRIVERS\asyncmac.sys
C:\windows\System32\DRIVERS\asyncmac.sys
23040 bytes
Created: 14.07.2009 01:10
Modified: 14.07.2009 01:10
Company: Microsoft Corporation
----------
Key: atapi
ImagePath: system32\drivers\atapi.sys
C:\windows\System32\drivers\atapi.sys
24128 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:52
Company: Microsoft Corporation
----------
Key: athr
ImagePath: system32\DRIVERS\athrx.sys
C:\windows\System32\DRIVERS\athrx.sys
1550848 bytes
Created: 05.08.2011 08:30
Modified: 06.11.2009 11:56
Company: Atheros Communications, Inc.
----------
Key: ATService
ImagePath: C:\Program Files\Fingerprint Sensor\ATService.exe
C:\Program Files\Fingerprint Sensor\ATService.exe
2734912 bytes
Created: 17.06.2010 17:11
Modified: 17.06.2010 17:11
Company: AuthenTec, Inc.
----------
Key: ATSwpWDF
ImagePath: System32\Drivers\ATSwpWDF.sys
C:\windows\System32\Drivers\ATSwpWDF.sys
770152 bytes
Created: 17.06.2010 17:30
Modified: 17.06.2010 17:30
Company: AuthenTec, Inc.
----------
Key: AVGIDSAgent
ImagePath: "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe"
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
5167736 bytes
Created: 13.08.2012 02:24
Modified: 13.08.2012 02:24
Company: AVG Technologies CZ, s.r.o.
----------
Key: AVGIDSDriver
ImagePath: system32\DRIVERS\avgidsdrivera.sys
C:\windows\System32\DRIVERS\avgidsdrivera.sys
124496 bytes
Created: 23.12.2011 12:31
Modified: 23.12.2011 12:31
Company: AVG Technologies CZ, s.r.o.
----------
Key: AVGIDSFilter
ImagePath: system32\DRIVERS\avgidsfiltera.sys
C:\windows\System32\DRIVERS\avgidsfiltera.sys
29776 bytes
Created: 23.12.2011 12:32
Modified: 23.12.2011 12:32
Company: AVG Technologies CZ, s.r.o.
----------
Key: AVGIDSHA
ImagePath: system32\DRIVERS\avgidsha.sys
C:\windows\System32\DRIVERS\avgidsha.sys
28480 bytes
Created: 19.04.2012 03:50
Modified: 19.04.2012 03:50
Company: AVG Technologies CZ, s.r.o.
----------
Key: Avgldx64
ImagePath: system32\DRIVERS\avgldx64.sys
C:\windows\System32\DRIVERS\avgldx64.sys
291680 bytes
Created: 26.07.2012 02:21
Modified: 26.07.2012 02:21
Company: AVG Technologies CZ, s.r.o.
----------
Key: Avgmfx64
ImagePath: system32\DRIVERS\avgmfx64.sys
C:\windows\System32\DRIVERS\avgmfx64.sys
47696 bytes
Created: 23.12.2011 12:32
Modified: 23.12.2011 12:32
Company: AVG Technologies CZ, s.r.o.
----------
Key: avgntflt
ImagePath: system32\DRIVERS\avgntflt.sys
C:\windows\System32\DRIVERS\avgntflt.sys
99912 bytes
Created: 11.10.2012 14:28
Modified: 11.12.2012 17:42
Company: Avira Operations GmbH & Co. KG
----------
Key: Avgrkx64
ImagePath: system32\DRIVERS\avgrkx64.sys
C:\windows\System32\DRIVERS\avgrkx64.sys
36944 bytes
Created: 31.01.2012 03:46
Modified: 31.01.2012 03:46
Company: AVG Technologies CZ, s.r.o.
----------
Key: Avgtdia
ImagePath: system32\DRIVERS\avgtdia.sys
C:\windows\System32\DRIVERS\avgtdia.sys
384352 bytes
Created: 24.08.2012 14:43
Modified: 24.08.2012 14:43
Company: AVG Technologies CZ, s.r.o.
----------
Key: avgwd
ImagePath: "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe"
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
193288 bytes
Created: 14.02.2012 03:53
Modified: 14.02.2012 03:53
Company: AVG Technologies CZ, s.r.o.
----------
Key: avipbb
ImagePath: system32\DRIVERS\avipbb.sys
C:\windows\System32\DRIVERS\avipbb.sys
129216 bytes
Created: 11.10.2012 14:28
Modified: 11.12.2012 17:42
Company: Avira Operations GmbH & Co. KG
----------
Key: avkmgr
ImagePath: system32\DRIVERS\avkmgr.sys
C:\windows\System32\DRIVERS\avkmgr.sys
27800 bytes
Created: 11.10.2012 14:28
Modified: 24.09.2012 08:58
Company: Avira Operations GmbH & Co. KG
----------
Key: b06bdrv
ImagePath: \SystemRoot\system32\drivers\bxvbda.sys
C:\windows\System32\drivers\bxvbda.sys
468480 bytes
Created: 10.06.2009 21:34
Modified: 10.06.2009 21:34
Company: Broadcom Corporation
----------
Key: b57nd60a
ImagePath: system32\DRIVERS\b57nd60a.sys
C:\windows\System32\DRIVERS\b57nd60a.sys
270848 bytes
Created: 10.06.2009 21:34
Modified: 10.06.2009 21:34
Company: Broadcom Corporation
----------
Key: blbdrive
ImagePath: \SystemRoot\system32\drivers\blbdrive.sys
C:\windows\System32\drivers\blbdrive.sys
45056 bytes
Created: 14.07.2009 00:35
Modified: 14.07.2009 00:35
Company: Microsoft Corporation
----------
Key: bowser
ImagePath: system32\DRIVERS\bowser.sys
C:\windows\System32\DRIVERS\bowser.sys
90624 bytes
Created: 19.06.2011 16:02
Modified: 23.02.2011 05:55
Company: Microsoft Corporation
----------
Key: BrFiltLo
ImagePath: \SystemRoot\system32\drivers\BrFiltLo.sys
C:\windows\System32\drivers\BrFiltLo.sys
18432 bytes
Created: 14.07.2009 02:19
Modified: 10.06.2009 21:41
Company: Brother Industries, Ltd.
----------
Key: BrFiltUp
ImagePath: \SystemRoot\system32\drivers\BrFiltUp.sys
C:\windows\System32\drivers\BrFiltUp.sys
8704 bytes
Created: 14.07.2009 02:20
Modified: 10.06.2009 21:41
Company: Brother Industries, Ltd.
----------
Key: Brserid
ImagePath: \SystemRoot\System32\Drivers\Brserid.sys
C:\windows\System32\Drivers\Brserid.sys
286720 bytes
Created: 14.07.2009 02:19
Modified: 14.07.2009 02:19
Company: Brother Industries Ltd.
----------
Key: BrSerWdm
ImagePath: \SystemRoot\System32\Drivers\BrSerWdm.sys
C:\windows\System32\Drivers\BrSerWdm.sys
47104 bytes
Created: 14.07.2009 02:20
Modified: 10.06.2009 21:41
Company: Brother Industries Ltd.
----------
Key: BrUsbMdm
ImagePath: \SystemRoot\System32\Drivers\BrUsbMdm.sys
C:\windows\System32\Drivers\BrUsbMdm.sys
14976 bytes
Created: 14.07.2009 02:20
Modified: 10.06.2009 21:41
Company: Brother Industries Ltd.
----------
Key: BrUsbSer
ImagePath: \SystemRoot\System32\Drivers\BrUsbSer.sys
C:\windows\System32\Drivers\BrUsbSer.sys
14720 bytes
Created: 14.07.2009 02:20
Modified: 10.06.2009 21:41
Company: Brother Industries Ltd.
----------
Key: BTHMODEM
ImagePath: \SystemRoot\system32\drivers\bthmodem.sys
C:\windows\System32\drivers\bthmodem.sys
72192 bytes
Created: 14.07.2009 01:06
Modified: 14.07.2009 01:06
Company: Microsoft Corporation
----------
Key: cdfs
ImagePath: system32\DRIVERS\cdfs.sys
C:\windows\System32\DRIVERS\cdfs.sys
92160 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 00:19
Company: Microsoft Corporation
----------
Key: cdrom
ImagePath: system32\DRIVERS\cdrom.sys
C:\windows\System32\DRIVERS\cdrom.sys
147456 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: cfWiMAXService
ImagePath: "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe"
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
249200 bytes
Created: 28.01.2010 15:44
Modified: 28.01.2010 15:44
Company: TOSHIBA CORPORATION
----------
Key: circlass
ImagePath: \SystemRoot\system32\drivers\circlass.sys
C:\windows\System32\drivers\circlass.sys
45568 bytes
Created: 14.07.2009 01:06
Modified: 14.07.2009 01:06
Company: Microsoft Corporation
----------
Key: CLFS
ImagePath: System32\CLFS.sys
C:\windows\System32\CLFS.sys
367696 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:52
Company: Microsoft Corporation
----------
Key: clr_optimization_v2.0.50727_32
ImagePath: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
66384 bytes
Created: 13.07.2009 21:46
Modified: 10.06.2009 22:23
Company: Microsoft Corporation
----------
Key: clr_optimization_v2.0.50727_64
ImagePath: %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
89920 bytes
Created: 13.07.2009 21:37
Modified: 10.06.2009 21:39
Company: Microsoft Corporation
----------
Key: clr_optimization_v4.0.30319_32
ImagePath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
104912 bytes
Created: 09.07.2012 00:40
Modified: 09.07.2012 00:40
Company: Microsoft Corporation
----------
Key: clr_optimization_v4.0.30319_64
ImagePath: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
123856 bytes
Created: 08.07.2012 23:24
Modified: 08.07.2012 23:24
Company: Microsoft Corporation
----------
Key: CmBatt
ImagePath: \SystemRoot\system32\drivers\CmBatt.sys
C:\windows\System32\drivers\CmBatt.sys
17664 bytes
Created: 14.07.2009 00:31
Modified: 14.07.2009 00:31
Company: Microsoft Corporation
----------
Key: cmdide
ImagePath: \SystemRoot\system32\drivers\cmdide.sys
C:\windows\System32\drivers\cmdide.sys
17488 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:52
Company: CMD Technology, Inc.
----------
Key: CNG
ImagePath: System32\Drivers\cng.sys
C:\windows\System32\Drivers\cng.sys
458704 bytes
Created: 02.10.2012 11:47
Modified: 02.06.2012 06:50
Company: Microsoft Corporation
----------
Key: Compbatt
ImagePath: system32\drivers\compbatt.sys
C:\windows\System32\drivers\compbatt.sys
21584 bytes
Created: 14.07.2009 00:31
Modified: 14.07.2009 02:52
Company: Microsoft Corporation
----------
Key: CompositeBus
ImagePath: \SystemRoot\system32\drivers\CompositeBus.sys
C:\windows\System32\drivers\CompositeBus.sys
38912 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: COMSysApp
ImagePath: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
C:\windows\System32\dllhost.exe
9728 bytes
Created: 14.07.2009 00:59
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
----------
Key: ConfigFree Service
ImagePath: "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe"
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
46448 bytes
Created: 10.03.2009 17:51
Modified: 10.03.2009 17:51
Company: TOSHIBA CORPORATION
----------
Key: crcdisk
ImagePath: \SystemRoot\system32\drivers\crcdisk.sys
C:\windows\System32\drivers\crcdisk.sys
24144 bytes
Created: 14.07.2009 01:01
Modified: 14.07.2009 02:47
Company: Microsoft Corporation
----------
Key: CSC
ImagePath: system32\drivers\csc.sys
C:\windows\System32\drivers\csc.sys
514560 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: DfsC
ImagePath: System32\Drivers\dfsc.sys
C:\windows\System32\Drivers\dfsc.sys
102400 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: discache
ImagePath: System32\drivers\discache.sys
C:\windows\System32\drivers\discache.sys
40448 bytes
Created: 14.07.2009 00:37
Modified: 14.07.2009 00:37
Company: Microsoft Corporation
----------
Key: Disk
ImagePath: system32\drivers\disk.sys
C:\windows\System32\drivers\disk.sys
73280 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:47
Company: Microsoft Corporation
----------
Key: dmvsc
ImagePath: \SystemRoot\system32\drivers\dmvsc.sys
C:\windows\System32\drivers\dmvsc.sys
71168 bytes
Created: 21.11.2010 08:00
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: drmkaud
ImagePath: system32\drivers\drmkaud.sys
C:\windows\System32\drivers\drmkaud.sys
5632 bytes
Created: 14.07.2009 01:06
Modified: 14.07.2009 01:06
Company: Microsoft Corporation
----------
Key: dtsoftbus01
ImagePath: system32\DRIVERS\dtsoftbus01.sys
C:\windows\System32\DRIVERS\dtsoftbus01.sys
283200 bytes
Created: 15.10.2012 20:04
Modified: 15.10.2012 20:04
Company: DT Soft Ltd
----------
Key: DXGKrnl
ImagePath: \SystemRoot\System32\drivers\dxgkrnl.sys
C:\windows\System32\drivers\dxgkrnl.sys
982912 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: e1kexpress
ImagePath: system32\DRIVERS\e1k62x64.sys
C:\windows\System32\DRIVERS\e1k62x64.sys
342704 bytes
Created: 20.07.2011 15:58
Modified: 20.07.2011 15:58
Company: Intel Corporation
----------
Key: ebdrv
ImagePath: \SystemRoot\system32\drivers\evbda.sys
C:\windows\System32\drivers\evbda.sys
3286016 bytes
Created: 10.06.2009 21:34
Modified: 10.06.2009 21:34
Company: Broadcom Corporation
----------
Key: EFS
ImagePath: %SystemRoot%\System32\lsass.exe
C:\windows\System32\lsass.exe
31232 bytes
Created: 02.10.2012 11:47
Modified: 17.11.2011 07:33
Company: Microsoft Corporation
----------
Key: ehRecvr
ImagePath: %systemroot%\ehome\ehRecvr.exe
C:\windows\ehome\ehRecvr.exe
696832 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: ehSched
ImagePath: %systemroot%\ehome\ehsched.exe
C:\windows\ehome\ehsched.exe
127488 bytes
Created: 14.07.2009 01:24
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
----------
Key: elxstor
ImagePath: \SystemRoot\system32\drivers\elxstor.sys
C:\windows\System32\drivers\elxstor.sys
530496 bytes
Created: 10.06.2009 21:36
Modified: 14.07.2009 02:47
Company: Emulex
----------
Key: ErrDev
ImagePath: \SystemRoot\system32\drivers\errdev.sys
C:\windows\System32\drivers\errdev.sys
9728 bytes
Created: 14.07.2009 00:31
Modified: 14.07.2009 00:31
Company: Microsoft Corporation
----------
Key: Fax
ImagePath: %systemroot%\system32\fxssvc.exe
C:\windows\System32\fxssvc.exe
689152 bytes
Created: 21.11.2010 04:25
Modified: 21.11.2010 04:25
Company: Microsoft Corporation
----------
Key: fdc
ImagePath: \SystemRoot\system32\drivers\fdc.sys
C:\windows\System32\drivers\fdc.sys
29696 bytes
Created: 14.07.2009 01:00
Modified: 14.07.2009 01:00
Company: Microsoft Corporation
----------
Key: FileInfo
ImagePath: system32\drivers\fileinfo.sys
C:\windows\System32\drivers\fileinfo.sys
70224 bytes
Created: 14.07.2009 00:34
Modified: 14.07.2009 02:47
Company: Microsoft Corporation
----------
Key: Filetrace
ImagePath: system32\drivers\filetrace.sys
C:\windows\System32\drivers\filetrace.sys
34304 bytes
Created: 14.07.2009 00:25
Modified: 14.07.2009 00:25
Company: Microsoft Corporation
----------
Key: flpydisk
ImagePath: \SystemRoot\system32\drivers\flpydisk.sys
C:\windows\System32\drivers\flpydisk.sys
24576 bytes
Created: 14.07.2009 01:00
Modified: 14.07.2009 01:00
Company: Microsoft Corporation
----------
Key: FltMgr
ImagePath: system32\drivers\fltmgr.sys
C:\windows\System32\drivers\fltmgr.sys
289664 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: FontCache3.0.0.0
ImagePath: %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
42856 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: FsDepends
ImagePath: System32\drivers\FsDepends.sys
C:\windows\System32\drivers\FsDepends.sys
55376 bytes
Created: 14.07.2009 00:26
Modified: 14.07.2009 02:47
Company: Microsoft Corporation
----------
Key: fvevol
ImagePath: System32\DRIVERS\fvevol.sys
C:\windows\System32\DRIVERS\fvevol.sys
223248 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: gagp30kx
ImagePath: \SystemRoot\system32\drivers\gagp30kx.sys
C:\windows\System32\drivers\gagp30kx.sys
65088 bytes
Created: 14.07.2009 00:38
Modified: 14.07.2009 02:47
Company: Microsoft Corporation
----------
Key: hcw85cir
ImagePath: \SystemRoot\system32\drivers\hcw85cir.sys
C:\windows\System32\drivers\hcw85cir.sys
31232 bytes
Created: 13.07.2009 23:53
Modified: 10.06.2009 21:31
Company: Hauppauge Computer Works, Inc.
----------
Key: HdAudAddService
ImagePath: system32\drivers\HdAudio.sys
C:\windows\System32\drivers\HdAudio.sys
350208 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: HDAudBus
ImagePath: \SystemRoot\system32\drivers\HDAudBus.sys
C:\windows\System32\drivers\HDAudBus.sys
122368 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: HECIx64
ImagePath: \SystemRoot\system32\drivers\HECIx64.sys
C:\windows\System32\drivers\HECIx64.sys
56344 bytes
Created: 05.08.2011 08:19
Modified: 17.09.2009 11:54
Company: Intel Corporation
----------
Key: HidBatt
ImagePath: \SystemRoot\system32\drivers\HidBatt.sys
C:\windows\System32\drivers\HidBatt.sys
26624 bytes
Created: 14.07.2009 00:31
Modified: 14.07.2009 00:31
Company: Microsoft Corporation
----------
Key: HidBth
ImagePath: \SystemRoot\system32\drivers\hidbth.sys
C:\windows\System32\drivers\hidbth.sys
100864 bytes
Created: 14.07.2009 01:06
Modified: 14.07.2009 01:06
Company: Microsoft Corporation
----------
Key: HidIr
ImagePath: \SystemRoot\system32\drivers\hidir.sys
C:\windows\System32\drivers\hidir.sys
46592 bytes
Created: 14.07.2009 01:06
Modified: 14.07.2009 01:06
Company: Microsoft Corporation
----------
Key: HidUsb
ImagePath: system32\DRIVERS\hidusb.sys
C:\windows\System32\DRIVERS\hidusb.sys
30208 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: HpSAMD
ImagePath: \SystemRoot\system32\drivers\HpSAMD.sys
C:\windows\System32\drivers\HpSAMD.sys
78720 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Hewlett-Packard Company
----------
Key: HTTP
ImagePath: system32\drivers\HTTP.sys
C:\windows\System32\drivers\HTTP.sys
753664 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: hwpolicy
ImagePath: System32\drivers\hwpolicy.sys
C:\windows\System32\drivers\hwpolicy.sys
14720 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: i8042prt
ImagePath: \SystemRoot\system32\drivers\i8042prt.sys
C:\windows\System32\drivers\i8042prt.sys
105472 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 00:19
Company: Microsoft Corporation
----------
Key: iaStor
ImagePath: system32\drivers\iaStor.sys
C:\windows\System32\drivers\iaStor.sys
540696 bytes
Created: 05.08.2011 08:23
Modified: 27.04.2010 15:57
Company: Intel Corporation
----------
Key: iaStorV
ImagePath: \SystemRoot\system32\drivers\iaStorV.sys
C:\windows\System32\drivers\iaStorV.sys
410496 bytes
Created: 19.06.2011 15:54
Modified: 11.03.2011 07:41
Company: Intel Corporation
----------
Key: IB Updater
ImagePath: C:\Program Files\IB Updater\ExtensionUpdaterService.exe
C:\Program Files\IB Updater\ExtensionUpdaterService.exe
188760 bytes
Created: 24.12.2012 11:37
Modified: 26.11.2012 14:39
Company: [no info]
----------
Key: IBUpdaterService
ImagePath: %SystemRoot%\system32\dmwu.exe
C:\windows\System32\dmwu.exe
1261936 bytes
Created: 24.12.2012 11:37
Modified: 02.10.2012 16:20
Company:
----------
Key: idsvc
ImagePath: "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"
C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
856400 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: igfx
ImagePath: system32\DRIVERS\igdkmd64.sys
C:\windows\System32\DRIVERS\igdkmd64.sys
10627392 bytes
Created: 12.01.2011 09:18
Modified: 12.01.2011 09:18
Company: Intel Corporation
----------
Key: iirsp
ImagePath: \SystemRoot\system32\drivers\iirsp.sys
C:\windows\System32\drivers\iirsp.sys
44112 bytes
Created: 13.07.2009 22:59
Modified: 14.07.2009 02:48
Company: Intel Corp./ICP vortex GmbH
----------
Key: Impcd
ImagePath: \SystemRoot\system32\drivers\Impcd.sys
C:\windows\System32\drivers\Impcd.sys
158976 bytes
Created: 26.02.2010 14:32
Modified: 26.02.2010 14:32
Company: Intel Corporation
----------
Key: IntcAzAudAddService
ImagePath: system32\drivers\RTKVHD64.sys
C:\windows\System32\drivers\RTKVHD64.sys
2020512 bytes
Created: 05.08.2011 08:28
Modified: 30.10.2009 17:18
Company: Realtek Semiconductor Corp.
----------
Key: IntcDAud
ImagePath: system32\DRIVERS\IntcDAud.sys
C:\windows\System32\DRIVERS\IntcDAud.sys
317440 bytes
Created: 31.08.2010 04:07
Modified: 31.08.2010 04:07
Company: Intel(R) Corporation
----------
Key: intelide
ImagePath: \SystemRoot\system32\drivers\intelide.sys
C:\windows\System32\drivers\intelide.sys
16960 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:48
Company: Microsoft Corporation
----------
Key: intelppm
ImagePath: \SystemRoot\system32\drivers\intelppm.sys
C:\windows\System32\drivers\intelppm.sys
62464 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 00:19
Company: Microsoft Corporation
----------
Key: IpFilterDriver
ImagePath: system32\DRIVERS\ipfltdrv.sys
C:\windows\System32\DRIVERS\ipfltdrv.sys
82944 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: IPMIDRV
ImagePath: \SystemRoot\system32\drivers\IPMIDrv.sys
C:\windows\System32\drivers\IPMIDrv.sys
78848 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: IPNAT
ImagePath: System32\drivers\ipnat.sys
C:\windows\System32\drivers\ipnat.sys
116224 bytes
Created: 14.07.2009 01:10
Modified: 14.07.2009 01:10
Company: Microsoft Corporation
----------
Key: IRENUM
ImagePath: system32\drivers\irenum.sys
C:\windows\System32\drivers\irenum.sys
17920 bytes
Created: 14.07.2009 01:08
Modified: 14.07.2009 01:08
Company: Microsoft Corporation
----------
Key: isapnp
ImagePath: \SystemRoot\system32\drivers\isapnp.sys
C:\windows\System32\drivers\isapnp.sys
20544 bytes
Created: 14.07.2009 00:31
Modified: 14.07.2009 02:48
Company: Microsoft Corporation
----------
Key: iScsiPrt
ImagePath: \SystemRoot\system32\drivers\msiscsi.sys
C:\windows\System32\drivers\msiscsi.sys
273792 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: kbdclass
ImagePath: \SystemRoot\system32\drivers\kbdclass.sys
C:\windows\System32\drivers\kbdclass.sys
50768 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:48
Company: Microsoft Corporation
----------
Key: kbdhid
ImagePath: \SystemRoot\system32\drivers\kbdhid.sys
C:\windows\System32\drivers\kbdhid.sys
33280 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: KeyIso
ImagePath: %SystemRoot%\system32\lsass.exe
C:\windows\System32\lsass.exe
31232 bytes
Created: 02.10.2012 11:47
Modified: 17.11.2011 07:33
Company: Microsoft Corporation
----------
Key: KSecDD
ImagePath: System32\Drivers\ksecdd.sys
C:\windows\System32\Drivers\ksecdd.sys
95600 bytes
Created: 02.10.2012 11:47
Modified: 02.06.2012 06:48
Company: Microsoft Corporation
----------
Key: KSecPkg
ImagePath: System32\Drivers\ksecpkg.sys
C:\windows\System32\Drivers\ksecpkg.sys
151920 bytes
Created: 02.10.2012 11:47
Modified: 02.06.2012 06:48
Company: Microsoft Corporation
----------
Key: ksthunk
ImagePath: \SystemRoot\system32\drivers\ksthunk.sys
C:\windows\System32\drivers\ksthunk.sys
20992 bytes
Created: 14.07.2009 01:00
Modified: 14.07.2009 01:00
Company: Microsoft Corporation
----------
Key: lltdio
ImagePath: system32\DRIVERS\lltdio.sys
C:\windows\System32\DRIVERS\lltdio.sys
60928 bytes
Created: 14.07.2009 01:08
Modified: 14.07.2009 01:08
Company: Microsoft Corporation
----------
Key: LMS
ImagePath: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
262144 bytes
Created: 05.08.2011 08:19
Modified: 30.09.2009 18:33
Company: Intel Corporation
----------
Key: LSI_FC
ImagePath: \SystemRoot\system32\drivers\lsi_fc.sys
C:\windows\System32\drivers\lsi_fc.sys
114752 bytes
Created: 13.07.2009 22:59
Modified: 14.07.2009 02:48
Company: LSI Corporation
----------
Key: LSI_SAS
ImagePath: \SystemRoot\system32\drivers\lsi_sas.sys
C:\windows\System32\drivers\lsi_sas.sys
106560 bytes
Created: 13.07.2009 22:59
Modified: 14.07.2009 02:48
Company: LSI Corporation
----------
Key: LSI_SAS2
ImagePath: \SystemRoot\system32\drivers\lsi_sas2.sys
C:\windows\System32\drivers\lsi_sas2.sys
65600 bytes
Created: 13.07.2009 22:59
Modified: 14.07.2009 02:48
Company: LSI Corporation
----------
Key: LSI_SCSI
ImagePath: \SystemRoot\system32\drivers\lsi_scsi.sys
C:\windows\System32\drivers\lsi_scsi.sys
115776 bytes
Created: 13.07.2009 22:59
Modified: 14.07.2009 02:48
Company: LSI Corporation
----------
Key: luafv
ImagePath: \SystemRoot\system32\drivers\luafv.sys
C:\windows\System32\drivers\luafv.sys
113152 bytes
Created: 14.07.2009 00:26
Modified: 14.07.2009 00:26
Company: Microsoft Corporation
----------
Key: McAfee SiteAdvisor Service
ImagePath: c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe - [file not found to scan]
----------
Key: megasas
ImagePath: \SystemRoot\system32\drivers\megasas.sys
C:\windows\System32\drivers\megasas.sys
35392 bytes
Created: 10.06.2009 21:37
Modified: 14.07.2009 02:48
Company: LSI Corporation
----------
Key: MegaSR
ImagePath: \SystemRoot\system32\drivers\MegaSR.sys
C:\windows\System32\drivers\MegaSR.sys
284736 bytes
Created: 13.07.2009 22:59
Modified: 14.07.2009 02:48
Company: LSI Corporation, Inc.
----------
Key: Microsoft SharePoint Workspace Audit Service
ImagePath: "C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice
C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
30785672 bytes
Created: 20.09.2012 13:28
Modified: 20.09.2012 13:28
Company: Microsoft Corporation
----------
Key: Modem
ImagePath: system32\drivers\modem.sys
C:\windows\System32\drivers\modem.sys
40448 bytes
Created: 14.07.2009 01:10
Modified: 14.07.2009 01:10
Company: Microsoft Corporation
----------
Key: monitor
ImagePath: system32\DRIVERS\monitor.sys
C:\windows\System32\DRIVERS\monitor.sys
30208 bytes
Created: 14.07.2009 00:38
Modified: 14.07.2009 00:38
Company: Microsoft Corporation
----------
Key: mouclass
ImagePath: system32\DRIVERS\mouclass.sys
C:\windows\System32\DRIVERS\mouclass.sys
49216 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:48
Company: Microsoft Corporation
----------
Key: mouhid
ImagePath: system32\DRIVERS\mouhid.sys
C:\windows\System32\DRIVERS\mouhid.sys
31232 bytes
Created: 14.07.2009 01:00
Modified: 14.07.2009 01:00
Company: Microsoft Corporation
----------
Key: mountmgr
ImagePath: System32\drivers\mountmgr.sys
C:\windows\System32\drivers\mountmgr.sys
94592 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: mpio
ImagePath: \SystemRoot\system32\drivers\mpio.sys
C:\windows\System32\drivers\mpio.sys
155008 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: mpsdrv
ImagePath: System32\drivers\mpsdrv.sys
C:\windows\System32\drivers\mpsdrv.sys
77312 bytes
Created: 14.07.2009 01:08
Modified: 14.07.2009 01:08
Company: Microsoft Corporation
----------
Key: MRxDAV
ImagePath: \SystemRoot\system32\drivers\mrxdav.sys
C:\windows\System32\drivers\mrxdav.sys
140800 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: mrxsmb
ImagePath: system32\DRIVERS\mrxsmb.sys
C:\windows\System32\DRIVERS\mrxsmb.sys
158208 bytes
Created: 21.09.2011 12:28
Modified: 27.04.2011 03:40
Company: Microsoft Corporation
----------
Key: mrxsmb10
ImagePath: system32\DRIVERS\mrxsmb10.sys
C:\windows\System32\DRIVERS\mrxsmb10.sys
288768 bytes
Created: 21.09.2011 12:28
Modified: 09.07.2011 03:46
Company: Microsoft Corporation
----------
Key: mrxsmb20
ImagePath: system32\DRIVERS\mrxsmb20.sys
C:\windows\System32\DRIVERS\mrxsmb20.sys
128000 bytes
Created: 21.09.2011 12:28
Modified: 27.04.2011 03:39
Company: Microsoft Corporation
----------
Key: msahci
ImagePath: \SystemRoot\system32\drivers\msahci.sys
C:\windows\System32\drivers\msahci.sys
31104 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: msdsm
ImagePath: \SystemRoot\system32\drivers\msdsm.sys
C:\windows\System32\drivers\msdsm.sys
140672 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: MSDTC
ImagePath: %SystemRoot%\System32\msdtc.exe
C:\windows\System32\msdtc.exe
141824 bytes
Created: 14.07.2009 00:59
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
----------
Key: mshidkmdf
ImagePath: \SystemRoot\System32\drivers\mshidkmdf.sys
C:\windows\System32\drivers\mshidkmdf.sys
8192 bytes
Created: 14.07.2009 01:06
Modified: 14.07.2009 01:06
Company: Microsoft Corporation
----------
Key: msisadrv
ImagePath: system32\drivers\msisadrv.sys
C:\windows\System32\drivers\msisadrv.sys
15424 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:48
Company: Microsoft Corporation
----------
Key: msiserver
ImagePath: %systemroot%\system32\msiexec.exe /V
C:\windows\System32\msiexec.exe
128000 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: MSKSSRV
ImagePath: system32\drivers\MSKSSRV.sys
C:\windows\System32\drivers\MSKSSRV.sys
11136 bytes
Created: 14.07.2009 01:00
Modified: 14.07.2009 01:00
Company: Microsoft Corporation
----------
Key: MSPCLOCK
ImagePath: system32\drivers\MSPCLOCK.sys
C:\windows\System32\drivers\MSPCLOCK.sys
7168 bytes
Created: 14.07.2009 01:00
Modified: 14.07.2009 01:00
Company: Microsoft Corporation
----------
Key: MSPQM
ImagePath: system32\drivers\MSPQM.sys
C:\windows\System32\drivers\MSPQM.sys
6784 bytes
Created: 14.07.2009 01:00
Modified: 14.07.2009 01:00
Company: Microsoft Corporation
----------
Key: mssmbios
ImagePath: \SystemRoot\system32\drivers\mssmbios.sys
C:\windows\System32\drivers\mssmbios.sys
32320 bytes
Created: 14.07.2009 00:31
Modified: 14.07.2009 02:48
Company: Microsoft Corporation
----------
Key: MSTEE
ImagePath: system32\drivers\MSTEE.sys
C:\windows\System32\drivers\MSTEE.sys
8064 bytes
Created: 14.07.2009 01:00
Modified: 14.07.2009 01:00
Company: Microsoft Corporation
----------
Key: MTConfig
ImagePath: \SystemRoot\system32\drivers\MTConfig.sys
C:\windows\System32\drivers\MTConfig.sys
15360 bytes
Created: 14.07.2009 01:02
Modified: 14.07.2009 01:02
Company: Microsoft Corporation
----------
Key: Mup
ImagePath: System32\Drivers\mup.sys
C:\windows\System32\Drivers\mup.sys
60496 bytes
Created: 14.07.2009 00:23
Modified: 14.07.2009 02:48
Company: Microsoft Corporation
----------
Key: NativeWifiP
ImagePath: system32\DRIVERS\nwifi.sys
C:\windows\System32\DRIVERS\nwifi.sys
318976 bytes
Created: 14.07.2009 01:07
Modified: 14.07.2009 01:07
Company: Microsoft Corporation
----------
Key: NAUpdate
ImagePath: "C:\Program Files (x86)\Nero\Update\NASvc.exe"
C:\Program Files (x86)\Nero\Update\NASvc.exe
572712 bytes
Created: 14.01.2011 10:55
Modified: 14.01.2011 10:55
Company: Nero AG
----------
Key: NDIS
ImagePath: system32\drivers\ndis.sys
C:\windows\System32\drivers\ndis.sys
950128 bytes
Created: 02.10.2012 11:47
Modified: 22.08.2012 19:12
Company: Microsoft Corporation
----------
Key: NdisCap
ImagePath: system32\DRIVERS\ndiscap.sys
C:\windows\System32\DRIVERS\ndiscap.sys
35328 bytes
Created: 14.07.2009 01:08
Modified: 14.07.2009 01:08
Company: Microsoft Corporation
----------
Key: NdisTapi
ImagePath: system32\DRIVERS\ndistapi.sys
C:\windows\System32\DRIVERS\ndistapi.sys
24064 bytes
Created: 14.07.2009 01:10
Modified: 14.07.2009 01:10
Company: Microsoft Corporation
----------
Key: Ndisuio
ImagePath: system32\DRIVERS\ndisuio.sys
C:\windows\System32\DRIVERS\ndisuio.sys
56832 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: NdisWan
ImagePath: system32\DRIVERS\ndiswan.sys
C:\windows\System32\DRIVERS\ndiswan.sys
164352 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: NetBIOS
ImagePath: system32\DRIVERS\netbios.sys
C:\windows\System32\DRIVERS\netbios.sys
44544 bytes
Created: 14.07.2009 01:09
Modified: 14.07.2009 01:09
Company: Microsoft Corporation
----------
Key: NetBT
ImagePath: System32\DRIVERS\netbt.sys
C:\windows\System32\DRIVERS\netbt.sys
261632 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: Netlogon
ImagePath: %systemroot%\system32\lsass.exe
C:\windows\System32\lsass.exe
31232 bytes
Created: 02.10.2012 11:47
Modified: 17.11.2011 07:33
Company: Microsoft Corporation
----------
Key: nfrd960
ImagePath: \SystemRoot\system32\drivers\nfrd960.sys
C:\windows\System32\drivers\nfrd960.sys
51264 bytes
Created: 13.07.2009 22:59
Modified: 14.07.2009 02:48
Company: IBM Corporation
----------
Key: nsiproxy
ImagePath: system32\drivers\nsiproxy.sys
C:\windows\System32\drivers\nsiproxy.sys
24576 bytes
Created: 14.07.2009 00:21
Modified: 14.07.2009 00:21
Company: Microsoft Corporation
----------
Key: nvraid
ImagePath: \SystemRoot\system32\drivers\nvraid.sys
C:\windows\System32\drivers\nvraid.sys
148352 bytes
Created: 19.06.2011 15:54
Modified: 11.03.2011 07:41
Company: NVIDIA Corporation
----------
Key: nvstor
ImagePath: \SystemRoot\system32\drivers\nvstor.sys
C:\windows\System32\drivers\nvstor.sys
166272 bytes
Created: 19.06.2011 15:54
Modified: 11.03.2011 07:41
Company: NVIDIA Corporation
----------
Key: nv_agp
ImagePath: \SystemRoot\system32\drivers\nv_agp.sys
C:\windows\System32\drivers\nv_agp.sys
122960 bytes
Created: 14.07.2009 00:38
Modified: 14.07.2009 02:48
Company: Microsoft Corporation
----------
Key: ohci1394
ImagePath: \SystemRoot\system32\drivers\ohci1394.sys
C:\windows\System32\drivers\ohci1394.sys
72832 bytes
Created: 14.07.2009 01:06
Modified: 14.07.2009 01:06
Company: Microsoft Corporation
----------
Key: ose
ImagePath: "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
149352 bytes
Created: 09.01.2010 20:18
Modified: 09.01.2010 20:18
Company: Microsoft Corporation
----------
Key: osppsvc
ImagePath: "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
4925184 bytes
Created: 09.01.2010 20:34
Modified: 09.01.2010 20:34
Company: Microsoft Corporation
----------
Key: Parport
ImagePath: \SystemRoot\system32\drivers\parport.sys
C:\windows\System32\drivers\parport.sys
97280 bytes
Created: 14.07.2009 01:00
Modified: 14.07.2009 01:00
Company: Microsoft Corporation
----------
Key: partmgr
ImagePath: System32\drivers\partmgr.sys
C:\windows\System32\drivers\partmgr.sys
75120 bytes
Created: 02.10.2012 11:46
Modified: 17.03.2012 08:58
Company: Microsoft Corporation
----------
Key: pci
ImagePath: system32\drivers\pci.sys
C:\windows\System32\drivers\pci.sys
184704 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: pciide
ImagePath: \SystemRoot\system32\drivers\pciide.sys
C:\windows\System32\drivers\pciide.sys
12352 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:45
Company: Microsoft Corporation
----------
Key: pcmcia
ImagePath: \SystemRoot\system32\drivers\pcmcia.sys
C:\windows\System32\drivers\pcmcia.sys
220752 bytes
Created: 14.07.2009 00:31
Modified: 14.07.2009 02:45
Company: Microsoft Corporation
----------
Key: pcw
ImagePath: System32\drivers\pcw.sys
C:\windows\System32\drivers\pcw.sys
50768 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:45
Company: Microsoft Corporation
----------
Key: PEAUTH
ImagePath: system32\drivers\peauth.sys
C:\windows\System32\drivers\peauth.sys
651264 bytes
Created: 14.07.2009 00:51
Modified: 14.07.2009 02:01
Company: Microsoft Corporation
----------
Key: PerfHost
ImagePath: %SystemRoot%\SysWow64\perfhost.exe
C:\windows\SysWow64\perfhost.exe
20992 bytes
Created: 14.07.2009 00:11
Modified: 14.07.2009 02:14
Company: Microsoft Corporation
----------
Key: PGEffect
ImagePath: system32\DRIVERS\pgeffect.sys
C:\windows\System32\DRIVERS\pgeffect.sys
35008 bytes
Created: 05.08.2011 08:43
Modified: 22.06.2009 16:06
Company: TOSHIBA Corporation
----------
Key: PptpMiniport
ImagePath: system32\DRIVERS\raspptp.sys
C:\windows\System32\DRIVERS\raspptp.sys
111104 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: Processor
ImagePath: \SystemRoot\system32\drivers\processr.sys
C:\windows\System32\drivers\processr.sys
60416 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 00:19
Company: Microsoft Corporation
----------
Key: ProtectedStorage
ImagePath: %SystemRoot%\system32\lsass.exe
C:\windows\System32\lsass.exe
31232 bytes
Created: 02.10.2012 11:47
Modified: 17.11.2011 07:33
Company: Microsoft Corporation
----------
Key: Psched
ImagePath: system32\DRIVERS\pacer.sys
C:\windows\System32\DRIVERS\pacer.sys
131584 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: ql2300
ImagePath: \SystemRoot\system32\drivers\ql2300.sys
C:\windows\System32\drivers\ql2300.sys
1524816 bytes
Created: 10.06.2009 21:37
Modified: 14.07.2009 02:45
Company: QLogic Corporation
----------
Key: ql40xx
ImagePath: \SystemRoot\system32\drivers\ql40xx.sys
C:\windows\System32\drivers\ql40xx.sys
128592 bytes
Created: 13.07.2009 22:59
Modified: 14.07.2009 02:45
Company: QLogic Corporation
----------
Key: QWAVEdrv
ImagePath: \SystemRoot\system32\drivers\qwavedrv.sys
C:\windows\System32\drivers\qwavedrv.sys
46592 bytes
Created: 14.07.2009 01:09
Modified: 14.07.2009 01:09
Company: Microsoft Corporation
----------
Key: RasAcd
ImagePath: System32\DRIVERS\rasacd.sys
C:\windows\System32\DRIVERS\rasacd.sys
14848 bytes
Created: 14.07.2009 01:10
Modified: 14.07.2009 01:10
Company: Microsoft Corporation
----------
Key: RasAgileVpn
ImagePath: system32\DRIVERS\AgileVpn.sys
C:\windows\System32\DRIVERS\AgileVpn.sys
60416 bytes
Created: 14.07.2009 01:10
Modified: 14.07.2009 01:10
Company: Microsoft Corporation
----------
Key: Rasl2tp
ImagePath: system32\DRIVERS\rasl2tp.sys
C:\windows\System32\DRIVERS\rasl2tp.sys
129536 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: RasPppoe
ImagePath: system32\DRIVERS\raspppoe.sys
C:\windows\System32\DRIVERS\raspppoe.sys
92672 bytes
Created: 14.07.2009 01:10
Modified: 14.07.2009 01:10
Company: Microsoft Corporation
----------
Key: RasSstp
ImagePath: system32\DRIVERS\rassstp.sys
C:\windows\System32\DRIVERS\rassstp.sys
83968 bytes
Created: 14.07.2009 01:10
Modified: 14.07.2009 01:10
Company: Microsoft Corporation
----------
Key: rdbss
ImagePath: system32\DRIVERS\rdbss.sys
C:\windows\System32\DRIVERS\rdbss.sys
309248 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: rdpbus
ImagePath: \SystemRoot\system32\drivers\rdpbus.sys
C:\windows\System32\drivers\rdpbus.sys
24064 bytes
Created: 14.07.2009 01:17
Modified: 14.07.2009 01:17
Company: Microsoft Corporation
----------
Key: RDPCDD
ImagePath: System32\DRIVERS\RDPCDD.sys
C:\windows\System32\DRIVERS\RDPCDD.sys
7680 bytes
Created: 14.07.2009 01:16
Modified: 14.07.2009 01:16
Company: Microsoft Corporation
----------
Key: RDPDR
ImagePath: System32\drivers\rdpdr.sys
C:\windows\System32\drivers\rdpdr.sys
165888 bytes
Created: 21.11.2010 04:25
Modified: 21.11.2010 04:25
Company: Microsoft Corporation
----------
Key: RDPENCDD
ImagePath: system32\drivers\rdpencdd.sys
C:\windows\System32\drivers\rdpencdd.sys
7680 bytes
Created: 14.07.2009 01:16
Modified: 14.07.2009 01:16
Company: Microsoft Corporation
----------
Key: RDPREFMP
ImagePath: system32\drivers\rdprefmp.sys
C:\windows\System32\drivers\rdprefmp.sys
8192 bytes
Created: 14.07.2009 01:16
Modified: 14.07.2009 01:16
Company: Microsoft Corporation
----------
Key: rdyboost
ImagePath: System32\drivers\rdyboost.sys
C:\windows\System32\drivers\rdyboost.sys
213888 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: rimspci
ImagePath: \SystemRoot\system32\drivers\rimspe64.sys
C:\windows\System32\drivers\rimspe64.sys
64512 bytes
Created: 05.08.2011 08:34
Modified: 23.06.2010 14:02
Company: REDC
----------
Key: risdpcie
ImagePath: \SystemRoot\system32\drivers\risdpe64.sys
C:\windows\System32\drivers\risdpe64.sys
80384 bytes
Created: 05.08.2011 08:34
Modified: 07.05.2010 16:18
Company: REDC
----------
Key: rixdpcie
ImagePath: \SystemRoot\system32\drivers\rixdpe64.sys
C:\windows\System32\drivers\rixdpe64.sys
55808 bytes
Created: 05.08.2011 08:34
Modified: 04.07.2009 18:27
Company: REDC
----------
Key: RpcLocator
ImagePath: %SystemRoot%\system32\locator.exe
C:\windows\System32\locator.exe
10240 bytes
Created: 14.07.2009 00:59
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
----------
Key: rspndr
ImagePath: system32\DRIVERS\rspndr.sys
C:\windows\System32\DRIVERS\rspndr.sys
76800 bytes
Created: 14.07.2009 01:08
Modified: 14.07.2009 01:08
Company: Microsoft Corporation
----------
Key: s3cap
ImagePath: \SystemRoot\system32\drivers\vms3cap.sys
C:\windows\System32\drivers\vms3cap.sys
6656 bytes
Created: 21.11.2010 08:00
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: SamSs
ImagePath: %SystemRoot%\system32\lsass.exe
C:\windows\System32\lsass.exe
31232 bytes
Created: 02.10.2012 11:47
Modified: 17.11.2011 07:33
Company: Microsoft Corporation
----------
Key: sbp2port
ImagePath: \SystemRoot\system32\drivers\sbp2port.sys
C:\windows\System32\drivers\sbp2port.sys
103808 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: scfilter
ImagePath: System32\DRIVERS\scfilter.sys
C:\windows\System32\DRIVERS\scfilter.sys
29696 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: sdbus
ImagePath: system32\DRIVERS\sdbus.sys
C:\windows\System32\DRIVERS\sdbus.sys
109056 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: Serenum
ImagePath: \SystemRoot\system32\drivers\serenum.sys
C:\windows\System32\drivers\serenum.sys
23552 bytes
Created: 14.07.2009 01:00
Modified: 14.07.2009 01:00
Company: Microsoft Corporation
----------
Key: Serial
ImagePath: \SystemRoot\system32\drivers\serial.sys
C:\windows\System32\drivers\serial.sys
94208 bytes
Created: 14.07.2009 01:00
Modified: 14.07.2009 01:00
Company: Microsoft Corporation
----------
Key: sermouse
ImagePath: \SystemRoot\system32\drivers\sermouse.sys
C:\windows\System32\drivers\sermouse.sys
26624 bytes
Created: 14.07.2009 01:00
Modified: 14.07.2009 01:00
Company: Microsoft Corporation
----------
Key: sffdisk
ImagePath: \SystemRoot\system32\drivers\sffdisk.sys
C:\windows\System32\drivers\sffdisk.sys
14336 bytes
Created: 14.07.2009 01:01
Modified: 14.07.2009 01:01
Company: Microsoft Corporation
----------
Key: sffp_mmc
ImagePath: \SystemRoot\system32\drivers\sffp_mmc.sys
C:\windows\System32\drivers\sffp_mmc.sys
13824 bytes
Created: 14.07.2009 01:01
Modified: 14.07.2009 01:01
Company: Microsoft Corporation
----------
Key: sffp_sd
ImagePath: \SystemRoot\system32\drivers\sffp_sd.sys
C:\windows\System32\drivers\sffp_sd.sys
14336 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: sfloppy
ImagePath: \SystemRoot\system32\drivers\sfloppy.sys
C:\windows\System32\drivers\sfloppy.sys
16896 bytes
Created: 14.07.2009 01:01
Modified: 14.07.2009 01:01
Company: Microsoft Corporation
----------
Key: SiSRaid2
ImagePath: \SystemRoot\system32\drivers\SiSRaid2.sys
C:\windows\System32\drivers\SiSRaid2.sys
43584 bytes
Created: 10.06.2009 21:37
Modified: 14.07.2009 02:45
Company: Silicon Integrated Systems Corp.
----------
Key: SiSRaid4
ImagePath: \SystemRoot\system32\drivers\sisraid4.sys
C:\windows\System32\drivers\sisraid4.sys
80464 bytes
Created: 13.07.2009 22:59
Modified: 14.07.2009 02:45
Company: Silicon Integrated Systems
----------
Key: Smb
ImagePath: system32\DRIVERS\smb.sys
C:\windows\System32\DRIVERS\smb.sys
93184 bytes
Created: 14.07.2009 01:09
Modified: 14.07.2009 01:09
Company: Microsoft Corporation
----------
Key: SNMPTRAP
ImagePath: %SystemRoot%\System32\snmptrap.exe
C:\windows\System32\snmptrap.exe
14336 bytes
Created: 14.07.2009 01:10
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
----------
Key: Spooler
ImagePath: %SystemRoot%\System32\spoolsv.exe
C:\windows\System32\spoolsv.exe
559104 bytes
Created: 02.10.2012 11:47
Modified: 11.02.2012 07:36
Company: Microsoft Corporation
----------
Key: sppsvc
ImagePath: %SystemRoot%\system32\sppsvc.exe
C:\windows\System32\sppsvc.exe
3524608 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: srv
ImagePath: System32\DRIVERS\srv.sys
C:\windows\System32\DRIVERS\srv.sys
467456 bytes
Created: 21.09.2011 12:23
Modified: 29.04.2011 04:06
Company: Microsoft Corporation
----------
Key: srv2
ImagePath: System32\DRIVERS\srv2.sys
C:\windows\System32\DRIVERS\srv2.sys
410112 bytes
Created: 21.09.2011 12:23
Modified: 29.04.2011 04:05
Company: Microsoft Corporation
----------
Key: srvnet
ImagePath: System32\DRIVERS\srvnet.sys
C:\windows\System32\DRIVERS\srvnet.sys
168448 bytes
Created: 21.09.2011 12:23
Modified: 29.04.2011 04:05
Company: Microsoft Corporation
----------
Key: Steam Client Service
ImagePath: C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
541608 bytes
Created: 11.10.2012 13:03
Modified: 22.01.2013 18:31
Company: Valve Corporation
----------
Key: stexstor
ImagePath: \SystemRoot\system32\drivers\stexstor.sys
C:\windows\System32\drivers\stexstor.sys
24656 bytes
Created: 13.07.2009 22:59
Modified: 14.07.2009 02:45
Company: Promise Technology
----------
Key: storflt
ImagePath: system32\drivers\vmstorfl.sys
C:\windows\System32\drivers\vmstorfl.sys
46464 bytes
Created: 21.11.2010 08:00
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: storvsc
ImagePath: \SystemRoot\system32\drivers\storvsc.sys
C:\windows\System32\drivers\storvsc.sys
34688 bytes
Created: 21.11.2010 08:00
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: swenum
ImagePath: \SystemRoot\system32\drivers\swenum.sys
C:\windows\System32\drivers\swenum.sys
12496 bytes
Created: 14.07.2009 01:00
Modified: 14.07.2009 02:45
Company: Microsoft Corporation
----------
Key: Tcpip
ImagePath: System32\drivers\tcpip.sys
C:\windows\System32\drivers\tcpip.sys
1914248 bytes
Created: 16.11.2012 18:07
Modified: 03.10.2012 18:56
Company: Microsoft Corporation
----------
Key: TCPIP6
ImagePath: system32\DRIVERS\tcpip.sys
C:\windows\System32\DRIVERS\tcpip.sys
1914248 bytes
Created: 16.11.2012 18:07
Modified: 03.10.2012 18:56
Company: Microsoft Corporation
----------
Key: tcpipreg
ImagePath: System32\drivers\tcpipreg.sys
C:\windows\System32\drivers\tcpipreg.sys
45568 bytes
Created: 16.11.2012 18:07
Modified: 03.10.2012 17:07
Company: Microsoft Corporation
----------
Key: tdcmdpst
ImagePath: system32\DRIVERS\tdcmdpst.sys
C:\windows\System32\DRIVERS\tdcmdpst.sys
27784 bytes
Created: 30.07.2009 18:22
Modified: 30.07.2009 18:22
Company: TOSHIBA Corporation.
----------
Key: TDPIPE
ImagePath: system32\drivers\tdpipe.sys
C:\windows\System32\drivers\tdpipe.sys
15872 bytes
Created: 14.07.2009 01:16
Modified: 14.07.2009 01:16
Company: Microsoft Corporation
----------
Key: TDTCP
ImagePath: system32\drivers\tdtcp.sys
C:\windows\System32\drivers\tdtcp.sys
23552 bytes
Created: 02.10.2012 11:42
Modified: 17.02.2012 05:57
Company: Microsoft Corporation
----------
Key: tdx
ImagePath: system32\DRIVERS\tdx.sys
C:\windows\System32\DRIVERS\tdx.sys
119296 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: TemproMonitoringService
ImagePath: "C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe"
C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
112080 bytes
Created: 10.02.2011 08:25
Modified: 10.02.2011 08:25
Company: Toshiba Europe GmbH
----------
Key: TermDD
ImagePath: \SystemRoot\system32\drivers\termdd.sys
C:\windows\System32\drivers\termdd.sys
63360 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: Thpdrv
ImagePath: system32\DRIVERS\thpdrv.sys
C:\windows\System32\DRIVERS\thpdrv.sys
34880 bytes
Created: 29.06.2009 09:25
Modified: 29.06.2009 09:25
Company: TOSHIBA Corporation
----------
Key: Thpevm
ImagePath: system32\drivers\Thpevm.SYS
C:\windows\System32\drivers\Thpevm.SYS
14784 bytes
Created: 29.06.2009 15:16
Modified: 29.06.2009 15:16
Company: TOSHIBA Corporation
----------
Key: Thpsrv
ImagePath: C:\windows\system32\ThpSrv.exe
C:\windows\System32\ThpSrv.exe
526848 bytes
Created: 24.12.2010 19:14
Modified: 24.12.2010 19:14
Company: TOSHIBA Corporation
----------
Key: TIEHDUSB
ImagePath: system32\DRIVERS\tiehdusb.sys
C:\windows\System32\DRIVERS\tiehdusb.sys
128512 bytes
Created: 08.01.2013 18:20
Modified: 03.09.2009 16:30
Company: Texas Instruments
----------
Key: TMachInfo
ImagePath: C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
54136 bytes
Created: 05.08.2011 08:37
Modified: 29.11.2010 13:58
Company: TOSHIBA Corporation
----------
Key: TODDSrv
ImagePath: C:\windows\system32\TODDSrv.exe
C:\windows\System32\TODDSrv.exe
138656 bytes
Created: 05.08.2011 08:44
Modified: 20.10.2010 12:41
Company: TOSHIBA Corporation
----------
Key: TosCoSrv
ImagePath: "C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
489384 bytes
Created: 05.11.2010 19:23
Modified: 05.11.2010 19:23
Company: TOSHIBA Corporation
----------
Key: TOSHIBA Bluetooth Service
ImagePath: C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
198064 bytes
Created: 01.04.2011 16:42
Modified: 01.04.2011 16:42
Company: TOSHIBA CORPORATION
----------
Key: TOSHIBA eco Utility Service
ImagePath: "C:\Program Files\TOSHIBA\TECO\TecoService.exe"
C:\Program Files\TOSHIBA\TECO\TecoService.exe
294328 bytes
Created: 07.04.2011 13:35
Modified: 07.04.2011 13:35
Company: TOSHIBA Corporation
----------
Key: TOSHIBA HDD SSD Alert Service
ImagePath: "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe"
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
137560 bytes
Created: 05.02.2010 16:44
Modified: 05.02.2010 16:44
Company: TOSHIBA Corporation
----------
Key: toshidpt
ImagePath: \SystemRoot\system32\drivers\Toshidpt.sys
C:\windows\System32\drivers\Toshidpt.sys
9608 bytes
Created: 19.06.2009 09:01
Modified: 19.06.2009 09:01
Company: TOSHIBA Corporation.
----------
Key: tosporte
ImagePath: \SystemRoot\system32\drivers\tosporte.sys
C:\windows\System32\drivers\tosporte.sys
54664 bytes
Created: 17.06.2009 11:01
Modified: 17.06.2009 11:01
Company: TOSHIBA Corporation
----------
Key: tosrfec
ImagePath: \SystemRoot\system32\drivers\tosrfec.sys
C:\windows\System32\drivers\tosrfec.sys
18872 bytes
Created: 18.06.2010 15:45
Modified: 18.06.2010 15:45
Company: TOSHIBA Corporation
----------
Key: tos_sps64
ImagePath: system32\DRIVERS\tos_sps64.sys
C:\windows\System32\DRIVERS\tos_sps64.sys
482384 bytes
Created: 05.08.2011 08:43
Modified: 08.05.2010 17:38
Company: TOSHIBA Corporation
----------
Key: TPM
ImagePath: system32\drivers\tpm.sys
C:\windows\System32\drivers\tpm.sys
38400 bytes
Created: 14.07.2009 00:21
Modified: 14.07.2009 00:21
Company: Microsoft Corporation
----------
Key: TrustedInstaller
ImagePath: %SystemRoot%\servicing\TrustedInstaller.exe
C:\windows\servicing\TrustedInstaller.exe
194048 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: tssecsrv
ImagePath: System32\DRIVERS\tssecsrv.sys
C:\windows\System32\DRIVERS\tssecsrv.sys
39424 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: TsUsbFlt
ImagePath: system32\drivers\tsusbflt.sys
C:\windows\System32\drivers\tsusbflt.sys
59392 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: TsUsbGD
ImagePath: \SystemRoot\system32\drivers\TsUsbGD.sys
C:\windows\System32\drivers\TsUsbGD.sys
31232 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: TTPDSrv
ImagePath: C:\windows\System32\TTPDSRV.exe
C:\windows\System32\TTPDSRV.exe
73728 bytes
Created: 05.08.2011 08:31
Modified: 07.11.2007 10:32
Company: TOSHIBA Corporation
----------
Key: tunnel
ImagePath: system32\DRIVERS\tunnel.sys
C:\windows\System32\DRIVERS\tunnel.sys
125440 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: TVALZ
ImagePath: system32\drivers\TVALZ.SYS
C:\windows\System32\drivers\TVALZ.SYS
26840 bytes
Created: 14.07.2009 12:25
Modified: 14.07.2009 12:25
Company: TOSHIBA Corporation
----------
Key: uagp35
ImagePath: \SystemRoot\system32\drivers\uagp35.sys
C:\windows\System32\drivers\uagp35.sys
64080 bytes
Created: 14.07.2009 00:38
Modified: 14.07.2009 02:45
Company: Microsoft Corporation
----------
Key: udfs
ImagePath: system32\DRIVERS\udfs.sys
C:\windows\System32\DRIVERS\udfs.sys
328192 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: UI0Detect
ImagePath: %SystemRoot%\system32\UI0Detect.exe
C:\windows\System32\UI0Detect.exe
40960 bytes
Created: 14.07.2009 00:52
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
----------
Key: uliagpkx
ImagePath: \SystemRoot\system32\drivers\uliagpkx.sys
C:\windows\System32\drivers\uliagpkx.sys
64592 bytes
Created: 14.07.2009 00:38
Modified: 14.07.2009 02:45
Company: Microsoft Corporation
----------
Key: umbus
ImagePath: system32\DRIVERS\umbus.sys
C:\windows\System32\DRIVERS\umbus.sys
48640 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: UmPass
ImagePath: \SystemRoot\system32\drivers\umpass.sys
C:\windows\System32\drivers\umpass.sys
9728 bytes
Created: 14.07.2009 01:06
Modified: 14.07.2009 01:06
Company: Microsoft Corporation
----------
Key: UNS
ImagePath: "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
2314240 bytes
Created: 05.08.2011 08:19
Modified: 30.09.2009 18:34
Company: Intel Corporation
----------
Key: usbccgp
ImagePath: system32\DRIVERS\usbccgp.sys
C:\windows\System32\DRIVERS\usbccgp.sys
98816 bytes
Created: 19.06.2011 16:03
Modified: 25.03.2011 04:29
Company: Microsoft Corporation
----------
Key: usbcir
ImagePath: \SystemRoot\system32\drivers\usbcir.sys
C:\windows\System32\drivers\usbcir.sys
100352 bytes
Created: 14.07.2009 01:06
Modified: 14.07.2009 01:06
Company: Microsoft Corporation
----------
Key: usbehci
ImagePath: \SystemRoot\system32\drivers\usbehci.sys
C:\windows\System32\drivers\usbehci.sys
52736 bytes
Created: 19.06.2011 16:03
Modified: 25.03.2011 04:29
Company: Microsoft Corporation
----------
Key: usbhub
ImagePath: \SystemRoot\system32\drivers\usbhub.sys
C:\windows\System32\drivers\usbhub.sys
343040 bytes
Created: 19.06.2011 16:03
Modified: 25.03.2011 04:29
Company: Microsoft Corporation
----------
Key: usbohci
ImagePath: \SystemRoot\system32\drivers\usbohci.sys
C:\windows\System32\drivers\usbohci.sys
25600 bytes
Created: 19.06.2011 16:03
Modified: 25.03.2011 04:29
Company: Microsoft Corporation
----------
Key: usbprint
ImagePath: system32\DRIVERS\usbprint.sys
C:\windows\System32\DRIVERS\usbprint.sys
25088 bytes
Created: 14.07.2009 01:38
Modified: 14.07.2009 01:38
Company: Microsoft Corporation
----------
Key: usbscan
ImagePath: system32\DRIVERS\usbscan.sys
C:\windows\System32\DRIVERS\usbscan.sys
41984 bytes
Created: 14.07.2009 01:35
Modified: 14.07.2009 01:35
Company: Microsoft Corporation
----------
Key: USBSTOR
ImagePath: system32\DRIVERS\USBSTOR.SYS
C:\windows\System32\DRIVERS\USBSTOR.SYS
91648 bytes
Created: 19.06.2011 15:54
Modified: 11.03.2011 05:37
Company: Microsoft Corporation
----------
Key: usbuhci
ImagePath: \SystemRoot\system32\drivers\usbuhci.sys
C:\windows\System32\drivers\usbuhci.sys
30720 bytes
Created: 19.06.2011 16:03
Modified: 25.03.2011 04:29
Company: Microsoft Corporation
----------
Key: usbvideo
ImagePath: System32\Drivers\usbvideo.sys
C:\windows\System32\Drivers\usbvideo.sys
184960 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: VaultSvc
ImagePath: %SystemRoot%\system32\lsass.exe
C:\windows\System32\lsass.exe
31232 bytes
Created: 02.10.2012 11:47
Modified: 17.11.2011 07:33
Company: Microsoft Corporation
----------
Key: vdrvroot
ImagePath: system32\drivers\vdrvroot.sys
C:\windows\System32\drivers\vdrvroot.sys
36432 bytes
Created: 14.07.2009 01:01
Modified: 14.07.2009 02:45
Company: Microsoft Corporation
----------
Key: vds
ImagePath: %SystemRoot%\System32\vds.exe
C:\windows\System32\vds.exe
533504 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: vga
ImagePath: system32\DRIVERS\vgapnp.sys
C:\windows\System32\DRIVERS\vgapnp.sys
29184 bytes
Created: 14.07.2009 00:38
Modified: 14.07.2009 00:38
Company: Microsoft Corporation
----------
Key: VgaSave
ImagePath: \SystemRoot\System32\drivers\vga.sys
C:\windows\System32\drivers\vga.sys
29184 bytes
Created: 14.07.2009 00:38
Modified: 14.07.2009 00:38
Company: Microsoft Corporation
----------
Key: vhdmp
ImagePath: \SystemRoot\system32\drivers\vhdmp.sys
C:\windows\System32\drivers\vhdmp.sys
215936 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: viaide
ImagePath: \SystemRoot\system32\drivers\viaide.sys
C:\windows\System32\drivers\viaide.sys
17488 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:45
Company: VIA Technologies, Inc.
----------
Key: Virtual Router
ImagePath: "C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe"
C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe
12288 bytes
Created: 18.11.2009 13:40
Modified: 18.11.2009 13:40
Company: Chris Pietschmann (hxxp://pietschsoft.com)
----------
Key: vmbus
ImagePath: \SystemRoot\system32\drivers\vmbus.sys
C:\windows\System32\drivers\vmbus.sys
199552 bytes
Created: 21.11.2010 08:00
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: VMBusHID
ImagePath: \SystemRoot\system32\drivers\VMBusHID.sys
C:\windows\System32\drivers\VMBusHID.sys
21760 bytes
Created: 21.11.2010 08:00
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: volmgr
ImagePath: system32\drivers\volmgr.sys
C:\windows\System32\drivers\volmgr.sys
71552 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: volmgrx
ImagePath: System32\drivers\volmgrx.sys
C:\windows\System32\drivers\volmgrx.sys
363392 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: volsnap
ImagePath: system32\drivers\volsnap.sys
C:\windows\System32\drivers\volsnap.sys
296320 bytes
Created: 19.06.2011 15:59
Modified: 25.02.2011 07:25
Company: Microsoft Corporation
----------
Key: vsmraid
ImagePath: \SystemRoot\system32\drivers\vsmraid.sys
C:\windows\System32\drivers\vsmraid.sys
161872 bytes
Created: 10.06.2009 21:37
Modified: 14.07.2009 02:45
Company: VIA Technologies Inc.,Ltd
----------
Key: VSS
ImagePath: %systemroot%\system32\vssvc.exe
C:\windows\System32\vssvc.exe
1600512 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: vwifibus
ImagePath: system32\DRIVERS\vwifibus.sys
C:\windows\System32\DRIVERS\vwifibus.sys
24576 bytes
Created: 14.07.2009 01:07
Modified: 14.07.2009 01:07
Company: Microsoft Corporation
----------
Key: vwififlt
ImagePath: system32\DRIVERS\vwififlt.sys
C:\windows\System32\DRIVERS\vwififlt.sys
59904 bytes
Created: 14.07.2009 01:07
Modified: 14.07.2009 01:07
Company: Microsoft Corporation
----------
Key: vwifimp
ImagePath: system32\DRIVERS\vwifimp.sys
C:\windows\System32\DRIVERS\vwifimp.sys
17920 bytes
Created: 14.07.2009 01:07
Modified: 14.07.2009 01:07
Company: Microsoft Corporation
----------
Key: WacomPen
ImagePath: \SystemRoot\system32\drivers\wacompen.sys
C:\windows\System32\drivers\wacompen.sys
27776 bytes
Created: 14.07.2009 01:02
Modified: 14.07.2009 01:02
Company: Microsoft Corporation
----------
Key: WANARP
ImagePath: system32\DRIVERS\wanarp.sys
C:\windows\System32\DRIVERS\wanarp.sys
88576 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: Wanarpv6
ImagePath: system32\DRIVERS\wanarp.sys
C:\windows\System32\DRIVERS\wanarp.sys
88576 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: wbengine
ImagePath: "%systemroot%\system32\wbengine.exe"
C:\windows\System32\wbengine.exe
1504256 bytes
Created: 21.11.2010 04:25
Modified: 21.11.2010 04:25
Company: Microsoft Corporation
----------
Key: Wd
ImagePath: \SystemRoot\system32\drivers\wd.sys
C:\windows\System32\drivers\wd.sys
21056 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:45
Company: Microsoft Corporation
----------
Key: Wdf01000
ImagePath: system32\drivers\Wdf01000.sys
C:\windows\System32\drivers\Wdf01000.sys
785512 bytes
Created: 17.11.2012 00:24
Modified: 26.07.2012 05:55
Company: Microsoft Corporation
----------
Key: WfpLwf
ImagePath: system32\DRIVERS\wfplwf.sys
C:\windows\System32\DRIVERS\wfplwf.sys
12800 bytes
Created: 14.07.2009 01:09
Modified: 14.07.2009 01:09
Company: Microsoft Corporation
----------
Key: WIMMount
ImagePath: system32\drivers\wimmount.sys
C:\windows\System32\drivers\wimmount.sys
22096 bytes
Created: 14.07.2009 00:29
Modified: 14.07.2009 02:45
Company: Microsoft Corporation
----------
Key: WinUsb
ImagePath: system32\DRIVERS\WinUSB.sys
C:\windows\System32\DRIVERS\WinUSB.sys
41984 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: wlcrasvc
ImagePath: "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe"
C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
57184 bytes
Created: 22.09.2010 17:10
Modified: 22.09.2010 17:10
Company: Microsoft Corporation
----------
Key: wlidsvc
ImagePath: "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2286976 bytes
Created: 21.09.2010 13:49
Modified: 21.09.2010 13:49
Company: Microsoft Corp.
----------
Key: WmiAcpi
ImagePath: \SystemRoot\system32\drivers\wmiacpi.sys
C:\windows\System32\drivers\wmiacpi.sys
14336 bytes
Created: 14.07.2009 00:31
Modified: 14.07.2009 00:31
Company: Microsoft Corporation
----------
Key: wmiApSrv
ImagePath: %systemroot%\system32\wbem\WmiApSrv.exe
C:\windows\System32\wbem\WmiApSrv.exe
203264 bytes
Created: 14.07.2009 00:47
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
----------
Key: WMPNetworkSvc
ImagePath: "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe"
C:\Program Files\Windows Media Player\wmpnetwk.exe
1525248 bytes
Created: 21.11.2010 04:25
Modified: 21.11.2010 04:25
Company: Microsoft Corporation
----------
Key: ws2ifsl
ImagePath: \SystemRoot\system32\drivers\ws2ifsl.sys
C:\windows\System32\drivers\ws2ifsl.sys
21504 bytes
Created: 14.07.2009 01:10
Modified: 14.07.2009 01:10
Company: Microsoft Corporation
----------
Key: WSearch
ImagePath: %systemroot%\system32\SearchIndexer.exe /Embedding
C:\windows\System32\SearchIndexer.exe
591872 bytes
Created: 21.09.2011 12:29
Modified: 04.05.2011 06:19
Company: Microsoft Corporation
----------
Key: WudfPf
ImagePath: system32\drivers\WudfPf.sys
C:\windows\System32\drivers\WudfPf.sys
87040 bytes
Created: 17.11.2012 00:18
Modified: 26.07.2012 03:26
Company: Microsoft Corporation
----------
Key: WUDFRd
ImagePath: system32\DRIVERS\WUDFRd.sys
C:\windows\System32\DRIVERS\WUDFRd.sys
198656 bytes
Created: 17.11.2012 00:18
Modified: 26.07.2012 03:26
Company: Microsoft Corporation
----------
Key: xusb21
ImagePath: system32\DRIVERS\xusb21.sys
C:\windows\System32\DRIVERS\xusb21.sys
73984 bytes
Created: 13.08.2009 21:10
Modified: 13.08.2009 21:10
Company: Microsoft Corporation
----------
************************************************************
20:00:45: Scanning -----VXD ENTRIES-----
************************************************************
20:00:46: Scanning ----- WINLOGON\NOTIFY DLLS -----
No WINLOGON\NOTIFY DLLs found to scan
Rootkit scan of Winlogon\Notify key not possible [key may not exist]
************************************************************
20:00:46: Scanning ----- CONTEXTMENUHANDLERS -----
Key: AVG Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path: C:\Program Files (x86)\AVG\AVG2012\avgsea.dll
C:\Program Files (x86)\AVG\AVG2012\avgsea.dll
214880 bytes
Created: 14.02.2012 03:53
Modified: 14.02.2012 03:53
Company: AVG Technologies CZ, s.r.o.
----------
Key: DaemonShellExtImage
CLSID: {40966797-8FFE-46C8-9EF8-7003F33CCF0F}
Path: C:\Program Files (x86)\DAEMON Tools Pro\DTShl64.dll
C:\Program Files (x86)\DAEMON Tools Pro\DTShl64.dll
713536 bytes
Created: 26.04.2012 13:32
Modified: 26.04.2012 13:32
Company: DT Soft Ltd
----------
Key: DropboxExt
CLSID: {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
File: [CLSID does not appear to reference a file]
----------
Key: Shell Extension for Malware scanning
CLSID: {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
Path: C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll
C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll
2290464 bytes
Created: 11.10.2012 14:28
Modified: 11.12.2012 17:41
Company: Avira Operations GmbH & Co. KG
----------
Key: TFPUContextMenu
CLSID: {2E34EBB9-C147-4DF4-938F-90C5B0837B1E}
Path: C:\Program Files\TOSHIBA\TFPU\TFPUFileShellExt.dll
C:\Program Files\TOSHIBA\TFPU\TFPUFileShellExt.dll
136624 bytes
Created: 02.03.2010 09:24
Modified: 02.03.2010 09:24
Company: TOSHIBA
----------
Key: tosBtShllExt
CLSID: {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1}
Path: C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll
621968 bytes
Created: 30.07.2010 08:46
Modified: 30.07.2010 08:46
Company: TOSHIBA
----------
Key: XXX Groove GFS Context Menu Handler XXX
CLSID: {6C467336-8281-4E60-8204-430CED96822D}
Path: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
6670496 bytes
Created: 16.08.2012 05:51
Modified: 16.08.2012 05:51
Company: Microsoft Corporation
----------
Key: {A4FD8DDB-5800-4414-97F9-7457AC8EE4F0}
Path: C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBShell.dll
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBShell.dll
861480 bytes
Created: 07.01.2011 17:48
Modified: 07.01.2011 17:48
Company: Nero AG
----------
Key: {F764812A-132C-4013-9960-5CBBEB408A0E}
Path: C:\Program Files (x86)\Common Files\Nero\NeroShellExt\\NeroShellExt.dll
C:\Program Files (x86)\Common Files\Nero\NeroShellExt\NeroShellExt.dll
914728 bytes
Created: 18.01.2011 13:49
Modified: 18.01.2011 13:49
Company: Nero AG
----------
************************************************************
20:00:48: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
394136 bytes
Created: 05.09.2011 18:04
Modified: 05.09.2011 18:04
Company: Adobe Systems, Inc.
----------
************************************************************
20:00:48: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
BHO: C:\Users\Schüler\AppData\LocalLow\CT2625848\ldrtbDVDV.dll
C:\Users\Schüler\AppData\LocalLow\CT2625848\ldrtbDVDV.dll
617880 bytes
Created: 18.12.2012 13:37
Modified: 18.12.2012 13:37
Company: Conduit Ltd.
----------
Key: {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9}
BHO: C:\Program Files\TOSHIBA\TFPU\x86\TFPUPWDBankBHO.dll
C:\Program Files\TOSHIBA\TFPU\x86\TFPUPWDBankBHO.dll
45488 bytes
Created: 02.03.2010 09:24
Modified: 02.03.2010 09:24
Company: TODO: <Company name>
----------
Key: {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
BHO: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
63912 bytes
Created: 05.09.2011 18:04
Modified: 05.09.2011 18:04
Company: Adobe Systems Incorporated
----------
Key: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}
BHO: C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
1393272 bytes
Created: 13.08.2012 02:24
Modified: 13.08.2012 02:24
Company: AVG Technologies CZ, s.r.o.
----------
Key: {336D0C35-8A85-403a-B9D2-65C292C39087}
BHO: C:\Program Files\IB Updater\Extension64.dll
C:\Program Files\IB Updater\Extension64.dll
215896 bytes
Created: 24.12.2012 11:37
Modified: 26.11.2012 14:39
Company:
----------
Key: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
BHO: C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
1968248 bytes
Created: 24.06.2012 03:12
Modified: 24.06.2012 03:12
Company: AVG Technologies CZ, s.r.o.
----------
Key: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
BHO: C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
261632 bytes
Created: 21.01.2012 23:18
Modified: 21.01.2012 23:18
Company: Montera Technologeis LTD
----------
Key: {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
BHO: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL - file already scanned
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
529280 bytes
Created: 21.09.2010 13:54
Modified: 21.09.2010 13:54
Company: Microsoft Corp.
----------
Key: {B4F3A835-0E21-4959-BA22-42B3008E02FF}
BHO: C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
689040 bytes
Created: 21.12.2010 02:49
Modified: 21.12.2010 02:49
Company: Microsoft Corporation
----------
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
42272 bytes
Created: 27.09.2011 09:43
Modified: 27.09.2011 09:43
Company: Sun Microsystems, Inc.
----------
************************************************************
20:00:51: Scanning ----- SHELLSERVICEOBJECTS -----
************************************************************
20:00:51: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
No SharedTaskScheduler entries found to scan
************************************************************
20:00:51: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
20:00:51: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist
************************************************************
20:00:51: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
20:00:51: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 14.07.2009 05:54
Modified: 14.07.2009 05:54
Company: [no info]
--------------------
Toshiba Places Icon Utility.lnk - links to C:\PROGRA~1\TOSHIBA\TOSHIB~2\TOSDIM~1.EXE
C:\PROGRA~1\TOSHIBA\TOSHIB~2\TOSDIM~1.EXE
1470848 bytes
Created: 19.06.2011 16:28
Modified: 21.04.2011 09:56
Company: Toshiba
--------------------
Virtual Router Manager.lnk - links to C:\windows\Installer\{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}\_E6D9769DD20AF384865041.exe
C:\windows\Installer\{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}\_E6D9769DD20AF384865041.exe
-R- 22486 bytes
Created: 24.12.2012 12:03
Modified: 24.12.2012 12:03
Company: [no info]
--------------------
************************************************************
20:00:52: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: Schüler
[C:\Users\Schüler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\Schüler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 02.10.2012 11:29
Modified: 02.10.2012 12:49
Company: [no info]
----------
Dropbox.lnk - links to C:\Users\SCHLER~1\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\SCHLER~1\AppData\Roaming\Dropbox\bin\Dropbox.exe
28539272 bytes
Created: 20.01.2013 03:09
Modified: 20.01.2013 03:09
Company: Dropbox, Inc.
----------
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - links to C:\PROGRA~2\MICROS~2\Office14\ONENOTEM.EXE
C:\PROGRA~2\MICROS~2\Office14\ONENOTEM.EXE
227712 bytes
Created: 21.12.2010 00:07
Modified: 21.12.2010 00:07
Company: Microsoft Corporation
----------
--------------------
Checking Startup Group for: setup
[C:\Users\setup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\setup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 21.09.2011 10:28
Modified: 21.09.2011 10:29
Company: [no info]
----------
--------------------
************************************************************
20:00:54: Scanning ----- SCHEDULED TASKS -----
Taskname: {7FD22F7F-AD60-4913-B5FB-FE0D3661DF57}
----------
Taskname: {F71A21B9-FA0F-4E39-ACDD-D231B339F1B9}
File: C:\Users\Schüler\Desktop\tinotefoliocreator.exe
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator:
Comments:
C:\Users\Schüler\Desktop\tinotefoliocreator.exe - [file not found to scan]
----------
Taskname: {F8DAA56D-F9A7-47B0-8DDB-F557C84204DF}
----------
Taskname: ConfigFree Startup Programs
File: C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
304560 bytes
Created: 03.12.2010 13:57
Modified: 03.12.2010 13:57
Company: TOSHIBA CORPORATION
Schedule: At logon
Next Run Time:
Status: Running
Creator: TOSHIBA Corporation
Comments: This task runs ConfigFree SW programs. Please do not delete this task.
----------
Taskname: CreateChoiceProcessTask
File: C:\windows\Sysnative\browserchoice.exe
C:\windows\System32\browserchoice.exe
294912 bytes
Created: 02.10.2012 12:02
Modified: 23.02.2010 09:16
Company: Microsoft Corporation
Parameters: /launch
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator: BrowserChoice
Comments:
----------
************************************************************
20:00:55: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
Key: Groove Explorer Icon Overlay 1 (GFS Unread Stub)
CLSID: {99FD978C-D287-4F50-827F-B2C658EDA8E7}
File: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
----------
Key: Groove Explorer Icon Overlay 2 (GFS Stub)
CLSID: {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}
File: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
----------
Key: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
CLSID: {920E6DB1-9907-4370-B3A0-BAFC03D81399}
File: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
----------
Key: Groove Explorer Icon Overlay 3 (GFS Folder)
CLSID: {16F3DD56-1AF5-4347-846D-7C10C4192619}
File: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
----------
Key: Groove Explorer Icon Overlay 4 (GFS Unread Mark)
CLSID: {2916C86E-86A6-43FE-8112-43ABE6BF8DCC}
File: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
----------
Key: SharingPrivate
CLSID: {08244EE6-92F0-47f2-9FC9-929BAA2E7235}
File: %SystemRoot%\system32\ntshrui.dll
C:\windows\System32\ntshrui.dll
509952 bytes
Created: 02.10.2012 11:47
Modified: 04.01.2012 11:44
Company: Microsoft Corporation
----------
************************************************************
20:00:57: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: msacm.l3acm
File: C:\Windows\SysWOW64\l3codeca.acm
C:\Windows\SysWOW64\l3codeca.acm
64000 bytes
Created: 14.07.2009 01:07
Modified: 14.07.2009 02:14
Company: Fraunhofer Institut Integrierte Schaltungen IIS
----------
Value: vidc.cvid
File: iccvid.dll
iccvid.dll - [file not found to scan]
----------
Value: msacm.siren
File: sirenacm.dll
sirenacm.dll - [file not found to scan]
----------
************************************************************
20:00:58: ----- ADDITIONAL CHECKS -----
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\Schüler\Pictures\power_wallpaper_black.bmp
C:\Users\Schüler\Pictures\power_wallpaper_black.bmp
4096054 bytes
Created: 11.10.2012 14:45
Modified: 11.10.2012 14:45
Company: [no info]
----------
Web Desktop Wallpaper entry is blank
----------
Checks for rogue DNS NameServers completed
----------
Checks for Backdoor.ZeroAccess completed
----------
Additional checks completed
************************************************************
20:01:11: Scanning ----- RUNNING PROCESSES -----
C:\windows\System32\smss.exe
112640 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
--------------------
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
1393784 bytes
Created: 26.07.2012 02:23
Modified: 26.07.2012 02:23
Company: AVG Technologies CZ, s.r.o.
--------------------
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
520032 bytes
Created: 14.02.2012 03:52
Modified: 14.02.2012 03:52
Company: AVG Technologies CZ, s.r.o.
--------------------
C:\windows\System32\csrss.exe
7680 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
--------------------
C:\windows\System32\wininit.exe
129024 bytes
Created: 14.07.2009 00:52
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
--------------------
C:\windows\System32\services.exe
328704 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
--------------------
C:\windows\System32\lsm.exe
343040 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
--------------------
C:\windows\System32\winlogon.exe
390656 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
--------------------
C:\windows\System32\svchost.exe
27648 bytes
Created: 19.06.2011 16:02
Modified: 01.03.2011 09:07
Company: Microsoft Corporation
--------------------
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
139696 bytes
Created: 09.07.2012 00:40
Modified: 09.07.2012 00:40
Company: Microsoft Corporation
--------------------
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
2011768 bytes
Created: 13.06.2012 02:48
Modified: 13.06.2012 02:48
Company: AVG Technologies CZ, s.r.o.
--------------------
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
1607040 bytes
Created: 19.03.2012 04:18
Modified: 19.03.2012 04:18
Company: AVG Technologies CZ, s.r.o.
--------------------
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
247584 bytes
Created: 11.10.2012 14:28
Modified: 11.12.2012 17:37
Company: Avira Operations GmbH & Co. KG
--------------------
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
222592 bytes
Created: 21.09.2010 13:49
Modified: 21.09.2010 13:49
Company: Microsoft Corp.
--------------------
C:\windows\System32\taskhost.exe
68608 bytes
Created: 09.01.2013 23:47
Modified: 23.11.2012 04:13
Company: Microsoft Corporation
--------------------
C:\windows\System32\dwm.exe
120320 bytes
Created: 14.07.2009 00:37
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
--------------------
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
2743104 bytes
Created: 26.04.2012 13:33
Modified: 26.04.2012 13:33
Company: DT Soft Ltd
--------------------
C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
1470848 bytes
Created: 19.06.2011 16:28
Modified: 21.04.2011 09:56
Company: Toshiba
--------------------
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
227712 bytes
Created: 21.12.2010 00:07
Modified: 21.12.2010 00:07
Company: Microsoft Corporation
--------------------
C:\Program Files\Apoint2K\ApMsgFwd.exe
66856 bytes
Created: 16.07.2009 14:42
Modified: 16.07.2009 14:42
Company: Alps Electric Co., Ltd.
--------------------
C:\Program Files\Apoint2K\ApntEx.exe
23552 bytes
Created: 31.01.2009 23:15
Modified: 31.01.2009 23:15
Company: Alps Electric Co., Ltd.
--------------------
C:\windows\System32\conhost.exe
338432 bytes
Created: 10.01.2013 16:47
Modified: 30.11.2012 04:23
Company: Microsoft Corporation
--------------------
C:\Program Files\Apoint2K\hidfind.exe
91648 bytes
Created: 31.01.2009 21:43
Modified: 31.01.2009 21:43
Company: Alps Electric Co., Ltd.
--------------------
C:\windows\System32\igfxext.exe
223768 bytes
Created: 30.01.2011 20:14
Modified: 30.01.2011 20:14
Company: Intel Corporation
--------------------
C:\windows\System32\igfxsrvc.exe
509976 bytes
Created: 30.01.2011 20:14
Modified: 30.01.2011 20:14
Company: Intel Corporation
--------------------
C:\windows\System32\SearchIndexer.exe
591872 bytes
Created: 21.09.2011 12:29
Modified: 04.05.2011 06:19
Company: Microsoft Corporation
--------------------
C:\windows\System32\taskeng.exe
464384 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
--------------------
C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
80840 bytes
Created: 01.04.2011 16:42
Modified: 01.04.2011 16:42
Company: TOSHIBA CORPORATION
--------------------
C:\Windows\splwow64.exe
67072 bytes
Created: 02.10.2012 11:47
Modified: 11.02.2012 07:36
Company: Microsoft Corporation
--------------------
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
593032 bytes
Created: 31.10.2012 13:24
Modified: 04.08.2011 14:44
Company: CANON INC.
--------------------
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
62848 bytes
Created: 28.07.2009 19:26
Modified: 28.07.2009 19:26
Company: TOSHIBA CORPORATION
--------------------
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
1147224 bytes
Created: 05.02.2010 16:44
Modified: 05.02.2010 16:44
Company: TOSHIBA Corporation
--------------------
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
541608 bytes
Created: 11.10.2012 13:03
Modified: 22.01.2013 18:31
Company: Valve Corporation
--------------------
C:\Program Files\Opera x64\opera.exe
940008 bytes
Created: 09.10.2012 14:47
Modified: 10.01.2013 16:40
Company: Opera Software
--------------------
C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe
28539272 bytes
Created: 20.01.2013 03:09
Modified: 20.01.2013 03:09
Company: Dropbox, Inc.
--------------------
C:\windows\System32\WUDFHost.exe
229888 bytes
Created: 17.11.2012 00:18
Modified: 26.07.2012 04:08
Company: Microsoft Corporation
--------------------
C:\windows\System32\SearchProtocolHost.exe
249856 bytes
Created: 21.09.2011 12:29
Modified: 04.05.2011 06:19
Company: Microsoft Corporation
--------------------
C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe
FileSize: 4766968
[This is a Trojan Remover component]
--------------------
--------------------
C:\windows\System32\SearchFilterHost.exe
113664 bytes
Created: 21.09.2011 12:29
Modified: 04.05.2011 06:19
Company: Microsoft Corporation
--------------------
************************************************************
20:01:20: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\SysWOW64\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
hxxp://mystart.incredibar.com/mb201?a=6PQTFXqx0t&i=26
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
hxxp://toshiba.msn.com
************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 20:01:20 22 Jan 2013
Total Scan time: 00:02:58
************************************************************
|
|
23.01.2013, 18:40
| #4 |
| | Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werden Nummer 2: Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 22. Januar 2013 19:41
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : Schüler
Computername : STMO24
Versionsinformationen:
BUILD.DAT : 13.0.0.2890 Bytes 05.12.2012 17:11:00
AVSCAN.EXE : 13.6.0.402 639264 Bytes 11.12.2012 16:37:20
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 11.12.2012 16:37:21
LUKE.DLL : 13.6.0.400 67360 Bytes 11.12.2012 16:40:34
AVSCPLR.DLL : 13.6.0.402 93984 Bytes 11.12.2012 16:42:26
AVREG.DLL : 13.6.0.406 248096 Bytes 11.12.2012 16:42:23
avlode.dll : 13.6.1.402 428832 Bytes 11.12.2012 16:42:32
avlode.rdf : 13.0.0.26 7958 Bytes 11.12.2012 16:42:26
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 13:50:29
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:50:31
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 13:50:34
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 13:50:36
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 13:50:37
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 13:42:40
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 13:42:40
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 16:50:34
VBASE008.VDF : 7.11.55.142 2214912 Bytes 03.01.2013 15:03:50
VBASE009.VDF : 7.11.55.143 2048 Bytes 03.01.2013 15:03:51
VBASE010.VDF : 7.11.55.144 2048 Bytes 03.01.2013 15:03:51
VBASE011.VDF : 7.11.55.145 2048 Bytes 03.01.2013 15:03:51
VBASE012.VDF : 7.11.55.146 2048 Bytes 03.01.2013 15:03:51
VBASE013.VDF : 7.11.55.196 260096 Bytes 04.01.2013 15:03:59
VBASE014.VDF : 7.11.56.23 206848 Bytes 07.01.2013 15:36:36
VBASE015.VDF : 7.11.56.83 186880 Bytes 08.01.2013 22:02:41
VBASE016.VDF : 7.11.56.145 135168 Bytes 09.01.2013 22:02:47
VBASE017.VDF : 7.11.56.211 139776 Bytes 11.01.2013 13:07:19
VBASE018.VDF : 7.11.57.11 153088 Bytes 13.01.2013 15:33:00
VBASE019.VDF : 7.11.57.75 165888 Bytes 15.01.2013 14:45:11
VBASE020.VDF : 7.11.57.163 190976 Bytes 17.01.2013 16:46:49
VBASE021.VDF : 7.11.57.219 119808 Bytes 18.01.2013 16:46:54
VBASE022.VDF : 7.11.58.7 167936 Bytes 21.01.2013 16:47:03
VBASE023.VDF : 7.11.58.49 140288 Bytes 22.01.2013 17:34:53
VBASE024.VDF : 7.11.58.50 2048 Bytes 22.01.2013 17:34:53
VBASE025.VDF : 7.11.58.51 2048 Bytes 22.01.2013 17:34:53
VBASE026.VDF : 7.11.58.52 2048 Bytes 22.01.2013 17:34:53
VBASE027.VDF : 7.11.58.53 2048 Bytes 22.01.2013 17:34:53
VBASE028.VDF : 7.11.58.54 2048 Bytes 22.01.2013 17:34:53
VBASE029.VDF : 7.11.58.55 2048 Bytes 22.01.2013 17:34:53
VBASE030.VDF : 7.11.58.56 2048 Bytes 22.01.2013 17:34:53
VBASE031.VDF : 7.11.58.62 22528 Bytes 22.01.2013 17:34:54
Engineversion : 8.2.10.236
AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 13:42:55
AESCRIPT.DLL : 8.1.4.82 467323 Bytes 21.01.2013 16:48:11
AESCN.DLL : 8.1.10.0 131445 Bytes 18.12.2012 19:37:03
AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 15:58:06
AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 15:43:41
AEPACK.DLL : 8.3.1.2 819574 Bytes 21.12.2012 13:24:52
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 15:53:18
AEHEUR.DLL : 8.1.4.180 5665144 Bytes 21.01.2013 16:48:07
AEHELP.DLL : 8.1.25.2 258423 Bytes 11.10.2012 13:29:14
AEGEN.DLL : 8.1.6.14 434548 Bytes 10.01.2013 15:41:56
AEEXP.DLL : 8.3.0.12 188789 Bytes 21.01.2013 16:48:14
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55
AECORE.DLL : 8.1.30.0 201079 Bytes 18.12.2012 19:36:44
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 15:52:07
AVWINLL.DLL : 13.4.0.163 25888 Bytes 19.09.2012 17:09:30
AVPREF.DLL : 13.4.0.360 50464 Bytes 11.12.2012 16:37:10
AVREP.DLL : 13.4.0.360 177952 Bytes 11.12.2012 16:42:24
AVARKT.DLL : 13.6.0.402 260384 Bytes 11.12.2012 16:36:25
AVEVTLOG.DLL : 13.6.0.400 167200 Bytes 11.12.2012 16:36:58
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 17:17:40
AVSMTP.DLL : 13.4.0.163 62240 Bytes 19.09.2012 17:08:54
NETNT.DLL : 13.4.0.360 15648 Bytes 11.12.2012 16:40:35
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 11.12.2012 16:34:58
RCTEXT.DLL : 13.4.0.360 68384 Bytes 11.12.2012 16:34:58
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: ShlExt
Konfigurationsdatei...................: C:\Users\SCHLER~1\AppData\Local\Temp\a15d1261.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: E:,
Durchsuche aktive Programme...........: aus
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Dienstag, 22. Januar 2013 19:41
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'E:\' <HTC STORAGE>
E:\download\Battery_Upgrade--Tap_to_Start__lbtec26c3ca-8289-4d0c-ad5e-d264424f7956lbt.apk
[0] Archivtyp: ZIP
--> classes.dex
[FUND] Enthält Code des ANDROID/FakeDoc.A.7-Virus
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
Beginne mit der Desinfektion:
E:\download\Battery_Upgrade--Tap_to_Start__lbtec26c3ca-8289-4d0c-ad5e-d264424f7956lbt.apk
[FUND] Enthält Code des ANDROID/FakeDoc.A.7-Virus
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 57cc7dfd.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde gelöscht.
Ende des Suchlaufs: Dienstag, 22. Januar 2013 19:43
Benötigte Zeit: 01:54 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
357 Verzeichnisse wurden überprüft
10138 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
1 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
10137 Dateien ohne Befall
540 Archive wurden durchsucht
1 Warnungen
1 Hinweise
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 22. Januar 2013 19:44
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : Schüler
Computername : STMO24
Versionsinformationen:
BUILD.DAT : 13.0.0.2890 Bytes 05.12.2012 17:11:00
AVSCAN.EXE : 13.6.0.402 639264 Bytes 11.12.2012 16:37:20
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 11.12.2012 16:37:21
LUKE.DLL : 13.6.0.400 67360 Bytes 11.12.2012 16:40:34
AVSCPLR.DLL : 13.6.0.402 93984 Bytes 11.12.2012 16:42:26
AVREG.DLL : 13.6.0.406 248096 Bytes 11.12.2012 16:42:23
avlode.dll : 13.6.1.402 428832 Bytes 11.12.2012 16:42:32
avlode.rdf : 13.0.0.26 7958 Bytes 11.12.2012 16:42:26
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 13:50:29
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:50:31
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 13:50:34
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 13:50:36
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 13:50:37
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 13:42:40
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 13:42:40
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 16:50:34
VBASE008.VDF : 7.11.55.142 2214912 Bytes 03.01.2013 15:03:50
VBASE009.VDF : 7.11.55.143 2048 Bytes 03.01.2013 15:03:51
VBASE010.VDF : 7.11.55.144 2048 Bytes 03.01.2013 15:03:51
VBASE011.VDF : 7.11.55.145 2048 Bytes 03.01.2013 15:03:51
VBASE012.VDF : 7.11.55.146 2048 Bytes 03.01.2013 15:03:51
VBASE013.VDF : 7.11.55.196 260096 Bytes 04.01.2013 15:03:59
VBASE014.VDF : 7.11.56.23 206848 Bytes 07.01.2013 15:36:36
VBASE015.VDF : 7.11.56.83 186880 Bytes 08.01.2013 22:02:41
VBASE016.VDF : 7.11.56.145 135168 Bytes 09.01.2013 22:02:47
VBASE017.VDF : 7.11.56.211 139776 Bytes 11.01.2013 13:07:19
VBASE018.VDF : 7.11.57.11 153088 Bytes 13.01.2013 15:33:00
VBASE019.VDF : 7.11.57.75 165888 Bytes 15.01.2013 14:45:11
VBASE020.VDF : 7.11.57.163 190976 Bytes 17.01.2013 16:46:49
VBASE021.VDF : 7.11.57.219 119808 Bytes 18.01.2013 16:46:54
VBASE022.VDF : 7.11.58.7 167936 Bytes 21.01.2013 16:47:03
VBASE023.VDF : 7.11.58.49 140288 Bytes 22.01.2013 17:34:53
VBASE024.VDF : 7.11.58.50 2048 Bytes 22.01.2013 17:34:53
VBASE025.VDF : 7.11.58.51 2048 Bytes 22.01.2013 17:34:53
VBASE026.VDF : 7.11.58.52 2048 Bytes 22.01.2013 17:34:53
VBASE027.VDF : 7.11.58.53 2048 Bytes 22.01.2013 17:34:53
VBASE028.VDF : 7.11.58.54 2048 Bytes 22.01.2013 17:34:53
VBASE029.VDF : 7.11.58.55 2048 Bytes 22.01.2013 17:34:53
VBASE030.VDF : 7.11.58.56 2048 Bytes 22.01.2013 17:34:53
VBASE031.VDF : 7.11.58.62 22528 Bytes 22.01.2013 17:34:54
Engineversion : 8.2.10.236
AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 13:42:55
AESCRIPT.DLL : 8.1.4.82 467323 Bytes 21.01.2013 16:48:11
AESCN.DLL : 8.1.10.0 131445 Bytes 18.12.2012 19:37:03
AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 15:58:06
AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 15:43:41
AEPACK.DLL : 8.3.1.2 819574 Bytes 21.12.2012 13:24:52
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 15:53:18
AEHEUR.DLL : 8.1.4.180 5665144 Bytes 21.01.2013 16:48:07
AEHELP.DLL : 8.1.25.2 258423 Bytes 11.10.2012 13:29:14
AEGEN.DLL : 8.1.6.14 434548 Bytes 10.01.2013 15:41:56
AEEXP.DLL : 8.3.0.12 188789 Bytes 21.01.2013 16:48:14
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55
AECORE.DLL : 8.1.30.0 201079 Bytes 18.12.2012 19:36:44
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 15:52:07
AVWINLL.DLL : 13.4.0.163 25888 Bytes 19.09.2012 17:09:30
AVPREF.DLL : 13.4.0.360 50464 Bytes 11.12.2012 16:37:10
AVREP.DLL : 13.4.0.360 177952 Bytes 11.12.2012 16:42:24
AVARKT.DLL : 13.6.0.402 260384 Bytes 11.12.2012 16:36:25
AVEVTLOG.DLL : 13.6.0.400 167200 Bytes 11.12.2012 16:36:58
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 17:17:40
AVSMTP.DLL : 13.4.0.163 62240 Bytes 19.09.2012 17:08:54
NETNT.DLL : 13.4.0.360 15648 Bytes 11.12.2012 16:40:35
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 11.12.2012 16:34:58
RCTEXT.DLL : 13.4.0.360 68384 Bytes 11.12.2012 16:34:58
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: ShlExt
Konfigurationsdatei...................: C:\Users\SCHLER~1\AppData\Local\Temp\a5c0b045.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: E:,
Durchsuche aktive Programme...........: aus
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Dienstag, 22. Januar 2013 19:44
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'E:\' <HTC STORAGE>
Ende des Suchlaufs: Dienstag, 22. Januar 2013 19:47
Benötigte Zeit: 02:28 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
512 Verzeichnisse wurden überprüft
14127 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
14127 Dateien ohne Befall
543 Archive wurden durchsucht
0 Warnungen
0 Hinweise
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 22. Januar 2013 19:47
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : Schüler
Computername : STMO24
Versionsinformationen:
BUILD.DAT : 13.0.0.2890 Bytes 05.12.2012 17:11:00
AVSCAN.EXE : 13.6.0.402 639264 Bytes 11.12.2012 16:37:20
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 11.12.2012 16:37:21
LUKE.DLL : 13.6.0.400 67360 Bytes 11.12.2012 16:40:34
AVSCPLR.DLL : 13.6.0.402 93984 Bytes 11.12.2012 16:42:26
AVREG.DLL : 13.6.0.406 248096 Bytes 11.12.2012 16:42:23
avlode.dll : 13.6.1.402 428832 Bytes 11.12.2012 16:42:32
avlode.rdf : 13.0.0.26 7958 Bytes 11.12.2012 16:42:26
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 13:50:29
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:50:31
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 13:50:34
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 13:50:36
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 13:50:37
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 13:42:40
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 13:42:40
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 16:50:34
VBASE008.VDF : 7.11.55.142 2214912 Bytes 03.01.2013 15:03:50
VBASE009.VDF : 7.11.55.143 2048 Bytes 03.01.2013 15:03:51
VBASE010.VDF : 7.11.55.144 2048 Bytes 03.01.2013 15:03:51
VBASE011.VDF : 7.11.55.145 2048 Bytes 03.01.2013 15:03:51
VBASE012.VDF : 7.11.55.146 2048 Bytes 03.01.2013 15:03:51
VBASE013.VDF : 7.11.55.196 260096 Bytes 04.01.2013 15:03:59
VBASE014.VDF : 7.11.56.23 206848 Bytes 07.01.2013 15:36:36
VBASE015.VDF : 7.11.56.83 186880 Bytes 08.01.2013 22:02:41
VBASE016.VDF : 7.11.56.145 135168 Bytes 09.01.2013 22:02:47
VBASE017.VDF : 7.11.56.211 139776 Bytes 11.01.2013 13:07:19
VBASE018.VDF : 7.11.57.11 153088 Bytes 13.01.2013 15:33:00
VBASE019.VDF : 7.11.57.75 165888 Bytes 15.01.2013 14:45:11
VBASE020.VDF : 7.11.57.163 190976 Bytes 17.01.2013 16:46:49
VBASE021.VDF : 7.11.57.219 119808 Bytes 18.01.2013 16:46:54
VBASE022.VDF : 7.11.58.7 167936 Bytes 21.01.2013 16:47:03
VBASE023.VDF : 7.11.58.49 140288 Bytes 22.01.2013 17:34:53
VBASE024.VDF : 7.11.58.50 2048 Bytes 22.01.2013 17:34:53
VBASE025.VDF : 7.11.58.51 2048 Bytes 22.01.2013 17:34:53
VBASE026.VDF : 7.11.58.52 2048 Bytes 22.01.2013 17:34:53
VBASE027.VDF : 7.11.58.53 2048 Bytes 22.01.2013 17:34:53
VBASE028.VDF : 7.11.58.54 2048 Bytes 22.01.2013 17:34:53
VBASE029.VDF : 7.11.58.55 2048 Bytes 22.01.2013 17:34:53
VBASE030.VDF : 7.11.58.56 2048 Bytes 22.01.2013 17:34:53
VBASE031.VDF : 7.11.58.62 22528 Bytes 22.01.2013 17:34:54
Engineversion : 8.2.10.236
AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 13:42:55
AESCRIPT.DLL : 8.1.4.82 467323 Bytes 21.01.2013 16:48:11
AESCN.DLL : 8.1.10.0 131445 Bytes 18.12.2012 19:37:03
AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 15:58:06
AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 15:43:41
AEPACK.DLL : 8.3.1.2 819574 Bytes 21.12.2012 13:24:52
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 15:53:18
AEHEUR.DLL : 8.1.4.180 5665144 Bytes 21.01.2013 16:48:07
AEHELP.DLL : 8.1.25.2 258423 Bytes 11.10.2012 13:29:14
AEGEN.DLL : 8.1.6.14 434548 Bytes 10.01.2013 15:41:56
AEEXP.DLL : 8.3.0.12 188789 Bytes 21.01.2013 16:48:14
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55
AECORE.DLL : 8.1.30.0 201079 Bytes 18.12.2012 19:36:44
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 15:52:07
AVWINLL.DLL : 13.4.0.163 25888 Bytes 19.09.2012 17:09:30
AVPREF.DLL : 13.4.0.360 50464 Bytes 11.12.2012 16:37:10
AVREP.DLL : 13.4.0.360 177952 Bytes 11.12.2012 16:42:24
AVARKT.DLL : 13.6.0.402 260384 Bytes 11.12.2012 16:36:25
AVEVTLOG.DLL : 13.6.0.400 167200 Bytes 11.12.2012 16:36:58
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 17:17:40
AVSMTP.DLL : 13.4.0.163 62240 Bytes 19.09.2012 17:08:54
NETNT.DLL : 13.4.0.360 15648 Bytes 11.12.2012 16:40:35
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 11.12.2012 16:34:58
RCTEXT.DLL : 13.4.0.360 68384 Bytes 11.12.2012 16:34:58
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: ShlExt
Konfigurationsdatei...................: C:\Users\SCHLER~1\AppData\Local\Temp\a5dc3a36.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: aus
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Dienstag, 22. Januar 2013 19:47
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\WINDOWS\system32\cmd.exe'
Ende des Suchlaufs: Dienstag, 22. Januar 2013 19:47
Benötigte Zeit: 00:00 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
1 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1 Dateien ohne Befall
0 Archive wurden durchsucht
0 Warnungen
0 Hinweise
lg momo |
|
23.01.2013, 20:49
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werden Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.01.2013, 21:21
| #6 |
| | Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werden Okay hab nun die Logs von OTL OTL: Code:
ATTFilter OTL logfile created on: 23.01.2013 21:11:54 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Schüler\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,73 Gb Total Physical Memory | 3,60 Gb Available Physical Memory | 62,76% Memory free 11,47 Gb Paging File | 8,55 Gb Available in Paging File | 74,55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 287,66 Gb Total Space | 202,25 Gb Free Space | 70,31% Space Free | Partition Type: NTFS Computer Name: STMO24 | User Name: Schüler | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Schüler\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Opera x64\pluginwrapper\opera_plugin_wrapper_32.exe (Opera Software) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Programme\IB Updater\ExtensionUpdaterService.exe () PRC - C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe (Somoto) PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE (CANON INC.) PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\TOSHIBA\TNROTATE\TNROTATE.exe (TOSHIBA Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Steam\sdl.dll () MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () ========== Services (SafeList) ========== SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found SRV:64bit: - (IBUpdaterService) -- C:\Windows\SysNative\dmwu.exe () SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (TTPDSrv) -- C:\Windows\SysNative\TTPDSRV.exe (TOSHIBA Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (IB Updater) -- C:\Programme\IB Updater\ExtensionUpdaterService.exe () SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TOSHIBA eco Utility Service) -- C:\Programme\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (TosCoSrv) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (ATService) -- C:\Programme\Fingerprint Sensor\ATService.exe (AuthenTec, Inc.) SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (Virtual Router) -- C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe (Chris Pietschmann (hxxp://pietschsoft.com)) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (e1kexpress) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC) DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation) DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation) DRV:64bit: - (risdpcie) -- C:\Windows\SysNative\drivers\risdpe64.sys (REDC) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (TIEHDUSB) -- C:\Windows\SysNative\drivers\tiehdusb.sys (Texas Instruments) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ.SYS (TOSHIBA Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (rixdpcie) -- C:\Windows\SysNative\drivers\rixdpe64.sys (REDC) DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\drivers\Thpevm.sys (TOSHIBA Corporation) DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\drivers\thpdrv.sys (TOSHIBA Corporation) DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation) DRV:64bit: - (toshidpt) -- C:\Windows\SysNative\drivers\Toshidpt.sys (TOSHIBA Corporation.) DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {39AC0BA7-DB5E-4EE0-B51A-0C21AB25DFD9} IE:64bit: - HKLM\..\SearchScopes\{39AC0BA7-DB5E-4EE0-B51A-0C21AB25DFD9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Schüler\AppData\LocalLow\CT2625848\ldrtbDVDV.dll () IE - HKLM\..\SearchScopes,DefaultScope = {39AC0BA7-DB5E-4EE0-B51A-0C21AB25DFD9} IE - HKLM\..\SearchScopes\{39AC0BA7-DB5E-4EE0-B51A-0C21AB25DFD9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/places?touch=4&cat=1 [binary data] IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/places?touch=4&cat=1 [binary data] IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb201?a=6PQTFXqx0t&i=26 IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Schüler\AppData\LocalLow\CT2625848\ldrtbDVDV.dll () IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\..\SearchScopes\{148AC8F6-93F1-4CDF-BCA3-DE726CA98804}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\..\SearchScopes\{4D4EA4F7-B725-45AA-AC8B-F841699F782D}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\..\SearchScopes\{B304D871-4BB1-4097-89D0-4CEFBDFD3A55}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6PQTFXqx0t&i=26 IE - HKU\S-1-5-21-2571110905-46770084-1883573713-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://mystart.incredibar.com/mb201?a=6PQTFXqx0t&i=26" FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.selectedEngine: "MyStart Search" FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb201/?loc=IB_DS&a=6PQTFXqx0t&&i=26&search=" FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1CA7765-44E4-452e-9D00-A04F3D434281}: 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2012.12.24 11:37:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1CA7765-44E4-452e-9D00-A04F3D434281}: FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.10.09 16:51:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.10.10 00:42:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.18 21:47:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2012.12.24 11:37:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.27 09:42:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.04 13:37:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schüler\AppData\Roaming\mozilla\Extensions [2012.12.24 11:37:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schüler\AppData\Roaming\mozilla\Firefox\Profiles\vpfujy5y.default\extensions [2012.12.18 21:51:09 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE) -- C:\Users\Schüler\AppData\Roaming\mozilla\Firefox\Profiles\vpfujy5y.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} [2012.12.24 11:37:42 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Schüler\AppData\Roaming\mozilla\Firefox\Profiles\vpfujy5y.default\extensions\ffxtlbr@incredibar.com [2012.12.24 11:36:08 | 000,002,203 | ---- | M] () -- C:\Users\Schüler\AppData\Roaming\mozilla\firefox\profiles\vpfujy5y.default\searchplugins\MyStart Search.xml [2011.09.27 09:43:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011.09.27 09:43:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [2011.09.03 07:18:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.09.03 01:19:44 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.03 01:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.09.03 01:19:44 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.09.03 01:19:44 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.03 01:19:44 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.03 01:19:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\IB Updater\Extension64.dll () O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Schüler\AppData\LocalLow\CT2625848\ldrtbDVDV.dll () O2 - BHO: (TFPUPWDBankBHO Class) - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Programme\TOSHIBA\TFPU\x86\TFPUPWDBankBHO.dll (TODO: <Company name>) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\IB Updater\Extension32.dll () O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Schüler\AppData\LocalLow\CT2625848\ldrtbDVDV.dll () O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe (TOSHIBA) O4:64bit: - HKLM..\Run: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe (TOSHIBA) O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [TNRotate] C:\Program Files (x86)\TOSHIBA\TNROTATE\TNROTATE.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TOSDCR] C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe () O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-21-2571110905-46770084-1883573713-1001..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2571110905-46770084-1883573713-1001..\Run: [SDP] C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe (Somoto) O4 - HKU\S-1-5-21-2571110905-46770084-1883573713-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKLM..\RunOnce: [downloadsourcede] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Schüler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Schüler\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Schüler\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Schüler\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = schuladmin.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6306A8E-9754-4809-A772-A2EC85A87062}: DhcpNameServer = 172.16.128.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE04F0DA-C1E4-48F0-813E-CDA004619CB7}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.23 21:10:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Schüler\Desktop\OTL.exe [2013.01.22 19:58:12 | 000,000,000 | ---D | C] -- C:\Users\Schüler\Documents\Simply Super Software [2013.01.22 19:58:11 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013.01.22 19:57:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2013.01.22 19:57:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover [2013.01.22 19:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2013.01.22 19:45:31 | 000,000,000 | R--D | C] -- C:\Users\Schüler\Desktop\Dropbox [2013.01.22 19:41:39 | 000,000,000 | ---D | C] -- C:\Users\Schüler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2013.01.22 19:41:14 | 000,000,000 | ---D | C] -- C:\Users\Schüler\AppData\Roaming\Dropbox [2013.01.10 17:02:02 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll [2013.01.10 17:02:02 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll [2013.01.10 16:49:14 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll [2013.01.10 16:49:14 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysWow64\fpb.rs [2013.01.10 16:49:14 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysNative\fpb.rs [2013.01.10 16:49:14 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc-nz.rs [2013.01.10 16:49:14 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc-nz.rs [2013.01.10 16:49:14 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegibbfc.rs [2013.01.10 16:49:14 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegibbfc.rs [2013.01.10 16:49:14 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysWow64\csrr.rs [2013.01.10 16:49:14 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysNative\csrr.rs [2013.01.10 16:49:14 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cob-au.rs [2013.01.10 16:49:14 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysNative\cob-au.rs [2013.01.10 16:49:14 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysWow64\usk.rs [2013.01.10 16:49:14 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysNative\usk.rs [2013.01.10 16:49:14 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysWow64\grb.rs [2013.01.10 16:49:14 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysNative\grb.rs [2013.01.10 16:49:14 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-pt.rs [2013.01.10 16:49:14 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-pt.rs [2013.01.10 16:49:14 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi.rs [2013.01.10 16:49:14 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi.rs [2013.01.10 16:49:14 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysWow64\djctq.rs [2013.01.10 16:49:14 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysNative\djctq.rs [2013.01.10 16:49:13 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll [2013.01.10 16:49:13 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gameux.dll [2013.01.10 16:49:13 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Wpc.dll [2013.01.10 16:49:12 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cero.rs [2013.01.10 16:49:12 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysNative\cero.rs [2013.01.10 16:49:12 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysWow64\esrb.rs [2013.01.10 16:49:12 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysNative\esrb.rs [2013.01.10 16:49:12 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc.rs [2013.01.10 16:49:12 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc.rs [2013.01.10 16:49:12 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-fi.rs [2013.01.10 16:49:12 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-fi.rs [2013.01.10 16:47:35 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll [2013.01.10 16:47:35 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll [2013.01.10 16:47:33 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll [2013.01.10 16:47:33 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe [2013.01.10 16:47:33 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll [2013.01.10 16:47:33 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll [2013.01.10 16:47:33 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll [2013.01.10 16:47:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll [2013.01.10 16:47:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll [2013.01.10 16:47:33 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.01.10 16:47:33 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.01.10 16:47:33 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.01.10 16:47:33 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll [2013.01.10 16:47:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.10 16:47:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.10 16:47:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.10 16:47:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.10 16:47:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.10 16:47:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.01.10 16:47:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.01.10 16:47:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.10 16:47:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.01.10 16:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.01.10 16:47:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe [2013.01.10 16:47:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe [2013.01.10 16:47:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.01.10 16:47:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.10 16:47:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.01.10 16:47:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.10 16:47:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.10 16:47:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.01.10 16:47:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.01.10 16:47:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.01.10 16:47:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe [2013.01.10 00:01:27 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisRtl.dll [2013.01.10 00:01:27 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisRtl.dll [2013.01.10 00:01:27 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\admwprox.dll [2013.01.10 00:01:27 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\admwprox.dll [2013.01.10 00:01:26 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ahadmin.dll [2013.01.10 00:01:26 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ahadmin.dll [2013.01.10 00:01:26 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisreset.exe [2013.01.10 00:01:26 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisreset.exe [2013.01.10 00:01:26 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wamregps.dll [2013.01.10 00:01:26 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iisrstap.dll [2013.01.10 00:01:26 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wamregps.dll [2013.01.10 00:01:26 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iisrstap.dll [2013.01.10 00:00:49 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll [2013.01.10 00:00:39 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll [2013.01.09 23:47:39 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe [2013.01.08 19:57:26 | 000,000,000 | ---D | C] -- C:\Users\Schüler\AppData\Local\ApplicationHistory [2013.01.08 19:56:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpellEx [2013.01.08 19:55:13 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\URTTEMP [2013.01.08 18:20:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TI Tools [2013.01.08 18:20:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TI Shared [2013.01.08 18:20:55 | 000,000,000 | ---D | C] -- C:\Users\Schüler\Documents\MyTIData [2013.01.08 18:20:54 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2013.01.08 18:20:49 | 000,128,512 | ---- | C] (Texas Instruments) -- C:\windows\SysNative\drivers\tiehdusb.sys [2013.01.08 18:20:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TI Education [2013.01.08 18:17:58 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\BestPractices [2013.01.08 18:17:55 | 000,000,000 | ---D | C] -- C:\inetpub [2013.01.08 18:17:55 | 000,000,000 | ---D | C] -- C:\windows\SysNative\BestPractices [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.23 21:10:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Schüler\Desktop\OTL.exe [2013.01.23 21:06:56 | 000,162,544 | ---- | M] () -- C:\Users\Schüler\Desktop\OTL_downloader_by_Downloadsourcede.exe [2013.01.23 19:06:25 | 001,827,682 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.01.23 19:06:25 | 000,781,116 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.01.23 19:06:25 | 000,721,956 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.01.23 19:06:25 | 000,179,592 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.01.23 19:06:25 | 000,146,546 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.01.23 18:26:57 | 107,257,550 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm [2013.01.23 18:07:12 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.01.22 19:45:31 | 000,001,014 | ---- | M] () -- C:\Users\Schüler\Desktop\Dropbox.lnk [2013.01.22 19:41:49 | 000,001,024 | ---- | M] () -- C:\Users\Schüler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.01.22 18:37:42 | 000,027,344 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.22 18:37:42 | 000,027,344 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.22 18:29:17 | 323,293,183 | -HS- | M] () -- C:\hiberfil.sys [2013.01.16 20:31:29 | 000,237,598 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm [2013.01.14 21:22:10 | 001,801,962 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI [2013.01.10 17:03:16 | 000,000,000 | -H-- | M] () -- C:\Users\Schüler\Documents\Default.rdp [2013.01.10 16:36:50 | 000,425,656 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.01.08 19:57:26 | 000,000,095 | ---- | M] () -- C:\Users\Schüler\AppData\Local\fusioncache.dat [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.23 21:06:56 | 000,162,544 | ---- | C] () -- C:\Users\Schüler\Desktop\OTL_downloader_by_Downloadsourcede.exe [2013.01.22 19:45:31 | 000,001,014 | ---- | C] () -- C:\Users\Schüler\Desktop\Dropbox.lnk [2013.01.22 19:41:49 | 000,001,024 | ---- | C] () -- C:\Users\Schüler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.01.10 17:03:16 | 000,000,000 | -H-- | C] () -- C:\Users\Schüler\Documents\Default.rdp [2013.01.08 19:57:26 | 000,000,095 | ---- | C] () -- C:\Users\Schüler\AppData\Local\fusioncache.dat [2013.01.08 17:58:05 | 001,801,962 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012.10.15 22:06:12 | 000,007,598 | ---- | C] () -- C:\Users\Schüler\AppData\Local\Resmon.ResmonCfg [2012.10.09 23:53:31 | 083,023,306 | ---- | C] () -- C:\ProgramData\reyalpclv.pad [2012.10.02 11:36:40 | 000,002,604 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.08.05 08:47:28 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > Code:
ATTFilter OTL Extras logfile created on: 23.01.2013 21:11:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Schüler\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,73 Gb Total Physical Memory | 3,60 Gb Available Physical Memory | 62,76% Memory free
11,47 Gb Paging File | 8,55 Gb Available in Paging File | 74,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287,66 Gb Total Space | 202,25 Gb Free Space | 70,31% Space Free | Partition Type: NTFS
Computer Name: STMO24 | User Name: Schüler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files\Opera x64\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera x64\Opera.exe (Opera Software)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera x64\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera x64\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera x64\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera x64\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B7E3E6-5FE4-46A9-BF49-C6D147DA7A50}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{02C15CF6-8AE4-4FF4-AFC1-AF96482B88FD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{8C69B085-7AFE-4240-B9C6-361C0F170B01}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B49787F-0F0D-46E7-A7D4-943843923B34}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe |
"{0DEEB486-95AF-4145-ABBB-91EEBF50280B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{1CE4E265-A69D-4D47-BB56-F8A0BD813C51}" = protocol=17 | dir=in | app=c:\users\schüler\appdata\roaming\dropbox\bin\dropbox.exe |
"{1EF6E5B6-33F9-4A34-BB75-11FD3442CE33}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{301A6BE5-EAE6-4CD7-A9D3-F227EA891CBC}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{30EB8756-851E-4C5D-AB9E-8BDC9FA0C126}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{3C5CC506-849C-49C4-BA5E-C53F9DD5CD89}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{45CCF574-BCBF-4FEC-87BA-C3915F72193E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe |
"{51372ED5-7434-4D8F-AAA3-3DCB5B553511}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{53002F0B-77EC-4614-A806-71BD4F7ECB84}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{54E0EC2C-BEA1-4C5C-96E6-A5C1206AC84A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{593EFAE6-ED6C-415E-83F9-ACA0CF102527}" = protocol=17 | dir=in | app=c:\program files\opera x64\opera.exe |
"{5AA6851D-BB4A-4C9B-83E7-78F8D1895056}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{5F7BA0FD-C5DA-46BA-9352-2EAA50079611}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{6BC47E69-A5B3-46DE-9D5B-601948A6FAB2}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{6E0DBC68-E828-4624-A020-05BFEEED69EB}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{719DEE4A-58AB-4B70-8134-6D749C0E7C68}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7680A408-1AEE-4997-9EB0-AB74975AE07F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{77CE6EBC-75C0-41BA-B1DB-DFC302D03BCA}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{7E103B9F-5786-410D-A7CB-35CAA63E1541}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{8674AC11-D7DA-4C7C-AF23-FB96AC366202}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe |
"{874A2D9A-AC22-4F24-A73F-C5826FB64EEB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{8839C9FD-9DF0-4F9B-B86C-4EDDEDC09EFE}" = protocol=6 | dir=in | app=c:\program files\opera x64\opera.exe |
"{89311225-154B-48C2-88BD-039E89A10F2E}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{89760F72-3687-4A80-AFE4-07377576EFA6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{96C02AF4-004D-4A11-B6D1-7A5CF9156FE0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe |
"{9719EB81-4109-45DB-82E8-E357AC27B185}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe |
"{988C6C8E-F9AB-4A39-824E-386B63A9FF46}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{996C6343-1AFF-4F79-9A95-97DE2ED8706A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{9BEB9FB6-B3C2-4D26-99E9-444407807953}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9D45C11F-5A5C-420E-B3D1-6D21C25E303E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe |
"{9E51B848-2C88-4634-91B6-523D8E18A78F}" = protocol=6 | dir=in | app=c:\users\schüler\appdata\roaming\dropbox\bin\dropbox.exe |
"{A91476B6-D67A-405F-BB8F-8B2018EDB110}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe |
"{AC909476-8B13-48B2-9526-7DCFDC3CF536}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{B09D6C6A-272A-4160-B38A-E9D66BB529B3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B164D6DD-E77E-4DEF-B87A-4943753BA5AD}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{B33DE628-5FD6-4270-9AA9-3EA820C90A36}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{B52EA13A-E829-421E-997B-53AB8948FE87}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{B6EB20E3-5AEE-4A02-B375-FBA01691D581}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\kfed.exe |
"{BD45F04F-F5C9-4892-9BE5-32E35217E7A2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{D7BCA529-B18C-4852-A5EB-3866E5C7D9B6}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{D94B929E-572B-4542-81A3-4267DB4EB589}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\kfed.exe |
"{DD1F830D-9F6E-478F-8C77-69CD890A5A92}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe |
"{DFC3333D-9E71-4807-9336-F8D30728E9FF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{E01B3B1D-804D-4515-8112-1780C577EC73}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E47AB702-5A71-46C0-B566-A77BD09CA1C3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{F6A16156-5F4C-4112-849F-10CDCCB515B5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{F6A7F02F-E041-4AED-BC51-CA4AB9F962CE}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe |
"{F7631134-9FB2-4019-8011-1E4F652AC50F}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe |
"TCP Query User{E1213568-E1FE-46E2-B0C2-487FFF0B478A}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{C9A58F3F-F2D5-4C86-8FA2-D2B0047B0AF1}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX360_series" = Canon MX360 series MP Drivers
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.557
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5F1DFCC1-595D-4235-A044-E05B706D800A}" = AuthenTec Fingerprint Software
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{70AD2848-D236-459A-BF18-BF8E063D7BB2}" = AVG 2012
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A7760E07-4C23-4766-A99E-F715F298E99C}" = TFPU
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F1487CE7-F221-4391-B0EE-7009A668ED2B}" = TOSHIBA eco Utility
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)
"AVG" = AVG 2012
"EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)
"Opera 12.12.1707" = Opera 12.12
"PROSet" = Intel(R) Network Connections Drivers
"TFPU{A7760E07-4C23-4766-A99E-F715F298E99C}" = TOSHIBA Fingerprint Utility
"VLC media player" = VLC media player 2.0.2
"WNLT" = IB Updater Service
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.12.03.02
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FF68F26-416C-4954-ACA5-6AD5F9DE99C1}" = Nero Multimedia Suite 10 Essentials
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Sicherheits-Assistent
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38C52F7D-A6CB-4CE7-A189-8AABE8774D8A}" = TOSHIBA ConfigFree
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5782EFD2-603D-4AFA-87EF-7CB54044839C}" = Winfunktion Mathematik plus 17
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}" = Virtual Router v0.9 Beta
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kanes Rache
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.11 Game
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F07AE5AB-516C-4CEB-A0AA-AD083B9182C6}" = TI NoteFolio Creator
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1487CE7-F221-4391-B0EE-7009A668ED2B}" = TOSHIBA eco Utility
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FEDFB4DC-E149-4897-B616-4811C718E54F}" = TOSHIBA 180 Degrees Rotation Utility
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DAEMON Tools Pro" = DAEMON Tools Pro
"FilesFrog Update Checker" = FilesFrog Update Checker
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"GeoGebra" = GeoGebra
"incredibar" = Incredibar Toolbar on IE
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F1487CE7-F221-4391-B0EE-7009A668ED2B}" = TOSHIBA eco Utility
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Steam App 11020" = TrackMania Nations Forever
"Steam App 1250" = Killing Floor
"Steam App 1260" = Killing Floor SDK
"Steam App 35420" = Killing Floor Mod: Defence Alliance 2
"Steam App 41010" = Serious Sam HD: The Second Encounter
"Steam App 50620" = Darksiders
"Trojan Remover_is1" = Trojan Remover 6.8.5
"VLC media player" = VLC media player 2.0.4
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2571110905-46770084-1883573713-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CT2625848" = DVDVideoSoftTB DE Toolbar
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 21.10.2012 07:43:38 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
Error - 22.10.2012 12:48:26 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
Error - 22.10.2012 13:05:29 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
Error - 23.10.2012 05:05:50 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
Error - 23.10.2012 18:00:30 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
Error - 24.10.2012 11:54:12 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
Error - 25.10.2012 02:41:19 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
Error - 26.10.2012 09:41:22 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
Error - 26.10.2012 11:17:20 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
Error - 28.10.2012 10:14:49 | Computer Name = stmo24.schuladmin.local | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 16.11.2012 11:37:56 | Computer Name = stmo24.schuladmin.local | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 16.11.2012 11:37:56 | Computer Name = stmo24.schuladmin.local | Source = Service Control Manager | ID = 7003
Description = Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst
abhängig: MfeFire. Dieser Dienst ist eventuell nicht installiert.
Error - 16.11.2012 11:37:56 | Computer Name = stmo24.schuladmin.local | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TOSHIBA Touch Pad Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 16.11.2012 11:37:57 | Computer Name = stmo24.schuladmin.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne SCHULADMIN aufgrund der folgenden Ursache nicht einrichten: %%1311
Dies
kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer
mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn
das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein
Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error - 16.11.2012 11:38:28 | Computer Name = stmo24.schuladmin.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 16.11.2012 15:38:36 | Computer Name = stmo24.schuladmin.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne SCHULADMIN aufgrund der folgenden Ursache nicht einrichten: %%1311
Dies
kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer
mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn
das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein
Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error - 18.11.2012 09:29:27 | Computer Name = stmo24.schuladmin.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne SCHULADMIN aufgrund der folgenden Ursache nicht einrichten: %%1311
Dies
kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer
mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn
das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein
Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error - 18.11.2012 09:29:26 | Computer Name = stmo24.schuladmin.local | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 18.11.2012 09:29:26 | Computer Name = stmo24.schuladmin.local | Source = Service Control Manager | ID = 7003
Description = Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst
abhängig: MfeFire. Dieser Dienst ist eventuell nicht installiert.
Error - 18.11.2012 09:29:27 | Computer Name = stmo24.schuladmin.local | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TOSHIBA Touch Pad Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
< End of report >
|
|
23.01.2013, 22:38
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werdenCode:
ATTFilter 64bit- Professional Service Pack 1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = schuladmin.local
1.) Was soll diese Windows-Server-Domäne? 2.) Bist du der Admin der Domäne schuladmin.local?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.01.2013, 22:58
| #8 |
| | Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werden Also das ist mein Schullaptop da hab ich vier verschiedene Server drauf um in unser Schulnetzwerk reinzukommen, je nach Stockwerk brauch ich nen anderen. Admin bin ich so viel ich weiß nicht kann ich dir aber nicht genau sagen. Hatte schon mal Probleme deswegen z.B konnte ich keine Verbindung zu meinem andrem Laptop herstellen. Ich hoffe das beantwortet deine Fragen lg momo |
|
23.01.2013, 23:01
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werden Vllt solltest du dich mal an den Admin der Schule besser wenden?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.01.2013, 23:24
| #10 |
| | Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werden Würd ich schon machen aber sorry für den Ausdruck der Kerl is unfähig und den Laptop hab ich ca seit 1 1/2 Jahren und mein Problem ca erst seit 3-4 Monaten. Ich werd ihn trotzdem mal ansprechen vll kann er ja irgend was dazu sagen. Danke Lg momo |
|
24.01.2013, 10:02
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werden Ist das denn dein Gerät oder wurde es dir von der Schule gestellt?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.01.2013, 10:28
| #12 |
| | Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werden Also ich war gerade bei unserm Schuladmin seine Aussage war er sei nur für das Schulnetzwerk zuständig und ich soll den Laptop zu einem Fachmann bringen er wüsste auch nicht woran das liegen könnte.  Lg momo Wurde von der Schule gestellt gehört aber am Ende der Schulzeit mir er wird im laufe der Jahre abbezahlt und als ich ihn bekommen war war er neu |
|
24.01.2013, 10:32
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werden Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.01.2013, 18:13
| #14 |
| | Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werden Hab das Prog zwei mal drüber laufen lassen beim ersten mal hats was gefunden beim zweiten mal nicht. Des lustige is aufeinmal meldet sich Avira das es irg was gefunden hat. Wenn ich dir die Avira logs auch posten soll sag bescheid hier mal die beiden anderen. Code:
ATTFilter ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_27
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.527000 GHz
Memory total: 6157684736, free: 4099170304
------------ Kernel report ------------
01/24/2013 17:12:53
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\drivers\TVALZ.SYS
\SystemRoot\system32\DRIVERS\tos_sps64.sys
\SystemRoot\system32\drivers\Thpevm.SYS
\SystemRoot\system32\DRIVERS\thpdrv.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\drivers\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1k62x64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\risdpe64.sys
\SystemRoot\system32\drivers\rimspe64.sys
\SystemRoot\system32\drivers\rixdpe64.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\drivers\Impcd.sys
\SystemRoot\system32\drivers\tosrfec.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\ATSwpWDF.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\avgidsfiltera.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006525060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8006231050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006525060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006525b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006525060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006524060, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\
DevicePointer: 0xfffffa8006231050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xfffff8a003e0e640, 0xfffffa8006525060, 0xfffffa8005f53790
Lower DeviceData: 0xfffff8a00cf97590, 0xfffffa8006231050, 0xfffffa80060822c0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C88CF4F6
Partition information:
Partition 0 type is Other (0x27)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 3069952
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 3072000 Numsec = 603256832
Partition 2 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 606328832 Numsec = 18812928
Partition is not bootable
Hidden partition VBR is not infected.
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 320072933376 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8005d92060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005e15860, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005d92060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006021060, DeviceName: \Device\00000082\, DriverName: \Driver\USBSTOR\
------------ End ----------
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 37B07F16
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 2930272002
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1500301910016 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Read File: File "c:\ProgramData\AVG2012\log\avgcore.log.1" is compressed (flags = 1)
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IBUpdaterService --> [PUP.InstallBrain]
Infected: c:\Windows\System32\dmwu.exe --> [PUP.InstallBrain]
Infected: c:\Windows\System32\dmwu.exe --> [PUP.InstallBrain]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_27
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.527000 GHz
Memory total: 6157684736, free: 4818530304
Removal queue found; removal started
Removing c:\Windows\System32\dmwu.exe...
Removal finished
=======================================
Code:
ATTFilter ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_27
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.527000 GHz
Memory total: 6157684736, free: 4166053888
------------ Kernel report ------------
01/24/2013 17:46:34
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\drivers\TVALZ.SYS
\SystemRoot\system32\DRIVERS\tos_sps64.sys
\SystemRoot\system32\drivers\Thpevm.SYS
\SystemRoot\system32\DRIVERS\thpdrv.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\drivers\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1k62x64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\risdpe64.sys
\SystemRoot\system32\drivers\rimspe64.sys
\SystemRoot\system32\drivers\rixdpe64.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\drivers\Impcd.sys
\SystemRoot\system32\drivers\tosrfec.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\ATSwpWDF.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\avgidsfiltera.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8009e70060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007d\
Lower Device Object: 0xfffffa8009e69060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006504060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8006268050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006504060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006504b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006504060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006503060, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\
DevicePointer: 0xfffffa8006268050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xfffff8a0042b3f50, 0xfffffa8006504060, 0xfffffa8005e84790
Lower DeviceData: 0xfffff8a00a761d90, 0xfffffa8006268050, 0xfffffa8005e72090
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C88CF4F6
Partition information:
Partition 0 type is Other (0x27)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 3069952
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 3072000 Numsec = 603256832
Partition 2 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 606328832 Numsec = 18812928
Partition is not bootable
Hidden partition VBR is not infected.
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 320072933376 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8009e70060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009e70b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009e70060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8009e69060, DeviceName: \Device\0000007d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Upper DeviceData: 0xfffff8a005118c20, 0xfffffa8009e70060, 0xfffffa8005dfb790
Lower DeviceData: 0xfffff8a005112e00, 0xfffffa8009e69060, 0xfffffa8005e06090
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 37B07F16
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 2930272002
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1500301910016 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Read File: File "c:\ProgramData\AVG2012\log\avgrs.log.1" is compressed (flags = 1)
Done!
Scan finished
=======================================
|
|
24.01.2013, 22:08
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werden Anleitung nicht richtig gelesen? Du hast das Log, dass nicht gepostet werden sollte gleich 2x mal gepostet 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werden |
| anhang, bilder, datei, dringend, eingabeaufforderung, externe festplatte, fehlermeldung, festplatte, folge, folgendes, google, handy, keine viren, nicht mehr, nichts, ordner, ordner nur verknüpfungen, platte, problem, recycler, recycler kann nicht gefunden werden, schließt, software, verschiedene, viren, wechseldatenträger, wichtige daten, öffnen, öffnet |
Linear-Darstellung
