| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: HTML/Rce.GenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.11.2010, 05:44
| #16 |
| /// Helfer-Team    |  HTML/Rce.Gen Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen |
|
01.11.2010, 14:22
| #17 |
 | HTML/Rce.Gen Wenn ich den Schalter drücke und der Computer angeht, dann dauert es 39 Sekunden, bis ich zur Benutzerauswahl komme und mein Passwort eingeben kann. Dann drücke ich Enter, nachdem ich mein Passwort eingegeben hab und denn dauerts nochmal 20 Sekunden, bis alles geladen ist und der Prozesser nicht mehr auf 100% ausgelastet ist.
__________________Hier das HijackThis Logfile: Code:
ATTFilter
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
º º
hjtscanlist v2.0
º º
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Microsoft Windows [Version 6.1.7600]
C:
01.11.2010 14:11 C:\System Volume Information --------- 65536
C:\pagefile.sys ---------
C:\hiberfil.sys ---------
31.10.2010 10:44 C:\Windows --------- 28672
28.10.2010 12:42 C:\Config.Msi --------- 0
27.10.2010 16:51 C:\ProgramData --------- 12288
27.10.2010 16:51 C:\Program Files --------- 28672
27.10.2010 14:38 C:\rsit --------- 0
08.10.2010 18:49 C:\$RECYCLE.BIN --------- 0
08.10.2010 18:49 C:\Users --------- 4096
15.04.2010 18:11 C:\Intel --------- 0
06.03.2010 22:08 C:\SureSupply --------- 0
06.03.2010 19:41 C:\MSDOS.SYS --------- 0
06.03.2010 19:41 C:\IO.SYS --------- 0
11.01.2010 14:39 C:\Recovery --------- 0
11.01.2010 14:26 C:\$WINDOWS.~Q --------- 0
11.01.2010 13:58 C:\BOOTSECT.BAK --------- 8192
11.01.2010 13:58 C:\Boot --------- 4096
11.01.2010 13:43 C:\$INPLACE.~TR --------- 0
06.11.2009 21 begin_of_the_skype_highlighting**************0 06.11.2009 21******end_of_the_skype_highlighting:48 C:\Converted Music --------- 0
17.10.2009 18:06 C:\Westwood --------- 0
16.10.2009 17:40 C:\Toshiba --------- 0
16.10.2009 17:31 C:\Programme --------- 0
16.10.2009 17:31 C:\Dokumente und Einstellungen --------- 0
16.10.2009 16:21 C:\RHDSetup.log --------- 651
14.07.2009 05:53 C:\Documents and Settings --------- 0
14.07.2009 03:37 C:\PerfLogs --------- 0
14.07.2009 02:38 C:\bootmgr --------- 383562
10.06.2009 22:42 C:\config.sys --------- 10
10.06.2009 22:42 C:\autoexec.bat --------- 24
09.02.2009 08:56 C:\SWSTAMP.TXT --------- 229
11.08.2008 15:34 C:\Works --------- 0
11.08.2008 15:28 C:\MSOCache --------- 0
----------------------------------------
C:\Windows
01.11.2010 14:08 C:\Windows\setupact.log --------- 1958686
01.11.2010 14:08 C:\Windows\bootstat.dat --------- 67584
01.11.2010 14:14 C:\Windows\WindowsUpdate.log --------- 1400584
30.10.2010 09:31 C:\Windows\PFRO.log --------- 158870
31.05.2010 13:22 C:\Windows\DirectX.log --------- 90228
17.04.2010 00:45 C:\Windows\WLXPGSS.SCR --------- 307056
15.04.2010 10:02 C:\Windows\ntbtlog.txt --------- 346428
15.04.2010 10:02 C:\Windows\MEMORY.DMP --------- 211412539
01.03.2010 13:31 C:\Windows\hpqins15.dat --------- 23684
11.01.2010 14:26 C:\Windows\comsetup.log --------- 9265
11.01.2010 14:21 C:\Windows\DtcInstall.log --------- 4141
11.01.2010 14:03 C:\Windows\TSSysprep.log --------- 1313
11.01.2010 13:37 C:\Windows\WindowsUpdate (1).log --------- 1778869
11.01.2010 13:05 C:\Windows\diagwrn.xml --------- 2544
11.01.2010 13:05 C:\Windows\diagerr.xml --------- 1890
24.12.2009 18:27 C:\Windows\hpoins46.dat --------- 219106
26.11.2009 11:18 C:\Windows\msxml4-KB973688-deu.LOG --------- 277328
04.11.2009 20:23 C:\Windows\ie8_main.log --------- 191074
31.10.2009 06:45 C:\Windows\explorer.exe --------- 2614272
16.10.2009 20:01 C:\Windows\msxml4-KB954430-deu.LOG --------- 290038
16.10.2009 16:21 C:\Windows\DIFxAPI.dll --------- 319456
16.10.2009 16:21 C:\Windows\HideWin.exe --------- 315392
14.07.2009 05:41 C:\Windows\WindowsShell.Manifest --------- 749
14.07.2009 05:39 C:\Windows\setuperr.log --------- 0
14.07.2009 02:16 C:\Windows\twain_32.dll --------- 51200
14.07.2009 02:14 C:\Windows\write.exe --------- 9216
14.07.2009 02:14 C:\Windows\winhlp32.exe --------- 9728
14.07.2009 02:14 C:\Windows\twunk_32.exe --------- 31232
14.07.2009 02:14 C:\Windows\regedit.exe --------- 398336
14.07.2009 02:14 C:\Windows\notepad.exe --------- 179712
14.07.2009 02:14 C:\Windows\hh.exe --------- 15360
14.07.2009 02:14 C:\Windows\HelpPane.exe --------- 497152
14.07.2009 02:14 C:\Windows\fveupdate.exe --------- 13824
14.07.2009 02:14 C:\Windows\bfsvc.exe --------- 65024
13.07.2009 23:58 C:\Windows\mib.bin --------- 43131
11.06.2009 04:02 C:\Windows\hpomdl46.dat --------- 606
11.06.2009 04:02 C:\Windows\hpomdl46.dat.temp --------- 606
10.06.2009 22:46 C:\Windows\system.ini --------- 219
10.06.2009 22:42 C:\Windows\_default.pif --------- 707
10.06.2009 22:42 C:\Windows\winhelp.exe --------- 256192
10.06.2009 22:41 C:\Windows\twunk_16.exe --------- 49680
10.06.2009 22:41 C:\Windows\twain.dll --------- 94784
10.06.2009 22:34 C:\Windows\WMSysPr9.prx --------- 316640
10.06.2009 22:19 C:\Windows\msdfmap.ini --------- 1405
10.06.2009 22:14 C:\Windows\Starter.xml --------- 48201
10.06.2009 22:14 C:\Windows\HomePremium.xml --------- 48265
13.08.2008 09:48 C:\Windows\csup.txt --------- 10
11.08.2008 15:01 C:\Windows\NDSTray.INI --------- 0
11.08.2008 14:50 C:\Windows\DPINST.LOG --------- 4748
11.08.2008 14:09 C:\Windows\msxml4-KB941833-deu.LOG --------- 267266
08.04.2008 14:14 C:\Windows\RtHDVCpl.exe --------- 6037504
02.04.2008 08:27 C:\Windows\RtlUpd.exe --------- 1196032
05.03.2008 17:07 C:\Windows\RtlExUpd.dll --------- 520192
16.01.2008 11:13 C:\Windows\Thumbs.db --------- 4096
20.11.2007 17:15 C:\Windows\SkyTel.exe --------- 1826816
14.11.2007 14:18 C:\Windows\USetup.iss --------- 553
03.11.2006 13:30 C:\Windows\oemlogo.bmp --------- 43254
02.11.2006 14:04 C:\Windows\win.ini --------- 144
14.01.2004 02:10 C:\Windows\BJPSUNST.EXE --------- 163840
17.11.1998 12:44 C:\Windows\IsUn0407.exe --------- 328704
----------------------------------------
C:\Windows\System
13.07.2009 22:41 C:\Windows\System\OLESVR.DLL --------- 24064
13.07.2009 22:41 C:\Windows\System\WFWNET.DRV --------- 12704
13.07.2009 22:41 C:\Windows\System\COMMDLG.DLL --------- 32816
13.07.2009 22:41 C:\Windows\System\TIMER.DRV --------- 4048
13.07.2009 22:41 C:\Windows\System\MMSYSTEM.DLL --------- 68992
13.07.2009 22:41 C:\Windows\System\mmtask.tsk --------- 1152
13.07.2009 22:41 C:\Windows\System\mouse.drv --------- 2032
13.07.2009 22:41 C:\Windows\System\vga.drv --------- 2176
13.07.2009 22:41 C:\Windows\System\sound.drv --------- 1744
13.07.2009 22:41 C:\Windows\System\keyboard.drv --------- 2000
13.07.2009 22:41 C:\Windows\System\SHELL.DLL --------- 5120
13.07.2009 22:41 C:\Windows\System\system.drv --------- 3360
10.06.2009 22:42 C:\Windows\System\ver.dll --------- 9008
10.06.2009 22:42 C:\Windows\System\olecli.dll --------- 82944
10.06.2009 22:42 C:\Windows\System\lzexpand.dll --------- 9936
10.06.2009 22:25 C:\Windows\System\stdole.tlb --------- 5532
10.06.2009 22:21 C:\Windows\System\msvideo.dll --------- 126912
10.06.2009 22:21 C:\Windows\System\mciwave.drv --------- 28160
10.06.2009 22:21 C:\Windows\System\mciseq.drv --------- 25264
10.06.2009 22:21 C:\Windows\System\mciavi.drv --------- 73376
10.06.2009 22:21 C:\Windows\System\avifile.dll --------- 109456
10.06.2009 22:21 C:\Windows\System\avicap.dll --------- 69584
02.04.2008 14:00 C:\Windows\System\DriveIcon.dll --------- 6428192
27.09.2007 14:32 C:\Windows\System\ms.ico --------- 34530
27.09.2007 14:17 C:\Windows\System\sm.ico --------- 37041
27.09.2007 14:12 C:\Windows\System\sd.ico --------- 38660
27.09.2007 14:04 C:\Windows\System\cf.ico --------- 37300
30.06.2004 15:24 C:\Windows\System\MyMulti.ico --------- 5430
----------------------------------------
C:\Windows\System32
01.11.2010 14:13 C:\Windows\system32\perfh009.dat --------- 712728
01.11.2010 14:13 C:\Windows\system32\perfc009.dat --------- 144292
01.11.2010 14:13 C:\Windows\system32\perfh007.dat --------- 756664
01.11.2010 14:13 C:\Windows\system32\perfc007.dat --------- 171146
01.11.2010 14:13 C:\Windows\system32\PerfStringBackup.INI --------- 1783520
01.11.2010 14:04 C:\Windows\system32\config --------- 16384
01.11.2010 14:03 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 9504
01.11.2010 14:03 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 9504
01.11.2010 13:45 C:\Windows\system32\hjtscanlist.txt --------- 43777
30.10.2010 12:10 C:\Windows\system32\drivers --------- 65536
30.10.2010 12:10 C:\Windows\system32\catroot --------- 4096
30.10.2010 12:10 C:\Windows\system32\DriverStore --------- 4096
29.10.2010 10:28 C:\Windows\system32\catroot2 --------- 12288
28.10.2010 12:38 C:\Windows\system32\javaws.exe --------- 153376
28.10.2010 12:38 C:\Windows\system32\javaw.exe --------- 145184
28.10.2010 12:38 C:\Windows\system32\java.exe --------- 145184
28.10.2010 12:38 C:\Windows\system32\deployJava1.dll --------- 472808
26.10.2010 18:39 C:\Windows\system32\NDF --------- 0
19.10.2010 10:41 C:\Windows\system32\MpSigStub.exe --------- 222080
13.10.2010 15:23 C:\Windows\system32\FNTCACHE.DAT --------- 381480
13.10.2010 15:23 C:\Windows\system32\migration --------- 0
13.10.2010 13:27 C:\Windows\system32\MRT.exe --------- 35385288
12.10.2010 16:44 C:\Windows\system32\RsFx --------- 0
12.10.2010 16:43 C:\Windows\system32\1033 --------- 0
12.10.2010 16:43 C:\Windows\system32\1031 --------- 0
12.10.2010 16:35 C:\Windows\system32\de-DE --------- 327680
06.10.2010 20:03 C:\Windows\system32\mapisvc.inf --------- 1152
27.09.2010 15:24 C:\Windows\system32\Tasks --------- 4096
08.09.2010 10:17 C:\Windows\system32\QuickTime.qts --------- 69632
08.09.2010 10:17 C:\Windows\system32\QuickTimeVR.qtx --------- 94208
08.09.2010 05:30 C:\Windows\system32\wininet.dll --------- 978432
08.09.2010 05:30 C:\Windows\system32\urlmon.dll --------- 1226752
08.09.2010 05:28 C:\Windows\system32\mstime.dll --------- 606208
08.09.2010 05:28 C:\Windows\system32\mshtmled.dll --------- 67072
08.09.2010 05:28 C:\Windows\system32\mshtml.dll --------- 5977600
08.09.2010 05:28 C:\Windows\system32\msfeedsbs.dll --------- 64512
08.09.2010 05:28 C:\Windows\system32\msfeeds.dll --------- 599040
08.09.2010 05:28 C:\Windows\system32\licmgr10.dll --------- 44544
08.09.2010 05:28 C:\Windows\system32\jsproxy.dll --------- 48128
08.09.2010 05:28 C:\Windows\system32\ieui.dll --------- 176640
08.09.2010 05:28 C:\Windows\system32\iertutil.dll --------- 2058752
08.09.2010 05:28 C:\Windows\system32\iepeers.dll --------- 185856
08.09.2010 05:28 C:\Windows\system32\ieframe.dll --------- 10988544
08.09.2010 05:27 C:\Windows\system32\iedkcs32.dll --------- 381440
08.09.2010 05:25 C:\Windows\system32\msfeedssync.exe --------- 12800
08.09.2010 04:22 C:\Windows\system32\html.iec --------- 386048
08.09.2010 03:48 C:\Windows\system32\mshtml.tlb --------- 1638912
04.09.2010 16:45 C:\Windows\system32\wdi --------- 4096
01.09.2010 05:29 C:\Windows\system32\wmp.dll --------- 11406848
01.09.2010 05:23 C:\Windows\system32\wmploc.DLL --------- 12625408
01.09.2010 03:34 C:\Windows\system32\win32k.sys --------- 2327552
31.08.2010 05:32 C:\Windows\system32\mfc40u.dll --------- 954288
31.08.2010 05:32 C:\Windows\system32\mfc40.dll --------- 954752
27.08.2010 06:46 C:\Windows\system32\srvsvc.dll --------- 168448
26.08.2010 05:39 C:\Windows\system32\t2embed.dll --------- 109056
25.08.2010 18:58 C:\Windows\system32\iglhxs32.vp --------- 51432
25.08.2010 18:46 C:\Windows\system32\TVWSetup.exe --------- 8198680
25.08.2010 18:45 C:\Windows\system32\igfxtray.exe --------- 136216
25.08.2010 18:45 C:\Windows\system32\igfxsrvc.exe --------- 266776
25.08.2010 18:45 C:\Windows\system32\igfxpers.exe --------- 170520
25.08.2010 18:45 C:\Windows\system32\igfxext.exe --------- 179224
25.08.2010 18:45 C:\Windows\system32\hkcmd.exe --------- 171032
25.08.2010 18:45 C:\Windows\system32\GfxUI.exe --------- 3156504
25.08.2010 18:39 C:\Windows\system32\igfxCoIn_v2202.dll --------- 81920
25.08.2010 18:31 C:\Windows\system32\igdumd32.dll --------- 4967424
25.08.2010 18:30 C:\Windows\system32\igcompkrng500.bin --------- 439308
25.08.2010 18:30 C:\Windows\system32\igfcg500m.bin --------- 92356
25.08.2010 18:30 C:\Windows\system32\igkrng500.bin --------- 982240
25.08.2010 18:28 C:\Windows\system32\igdumdx32.dll --------- 571904
25.08.2010 18:23 C:\Windows\system32\igd10umd32.dll --------- 4411904
25.08.2010 18:09 C:\Windows\system32\ig4icd32.dll --------- 11040256
25.08.2010 18:03 C:\Windows\system32\Gfxres.zh-TW.resources --------- 103997
25.08.2010 18:03 C:\Windows\system32\Gfxres.zh-CN.resources --------- 102843
25.08.2010 18:03 C:\Windows\system32\Gfxres.tr-TR.resources --------- 121121
25.08.2010 18:03 C:\Windows\system32\Gfxres.th-TH.resources --------- 189408
25.08.2010 18:02 C:\Windows\system32\Gfxres.sv-SE.resources --------- 119286
25.08.2010 18:02 C:\Windows\system32\Gfxres.sl-SI.resources --------- 114308
25.08.2010 18:02 C:\Windows\system32\Gfxres.sk-SK.resources --------- 117984
25.08.2010 18:02 C:\Windows\system32\Gfxres.ru-RU.resources --------- 165251
25.08.2010 18:02 C:\Windows\system32\Gfxres.pt-PT.resources --------- 118997
25.08.2010 18:02 C:\Windows\system32\Gfxres.pt-BR.resources --------- 120287
25.08.2010 18:02 C:\Windows\system32\Gfxres.pl-PL.resources --------- 118317
25.08.2010 18:02 C:\Windows\system32\Gfxres.nl-NL.resources --------- 119513
25.08.2010 18:02 C:\Windows\system32\Gfxres.ko-KR.resources --------- 123164
25.08.2010 18:02 C:\Windows\system32\Gfxres.nb-NO.resources --------- 114779
25.08.2010 18:02 C:\Windows\system32\Gfxres.it-IT.resources --------- 125477
25.08.2010 18:02 C:\Windows\system32\Gfxres.ja-JP.resources --------- 136327
25.08.2010 18:02 C:\Windows\system32\Gfxres.hu-HU.resources --------- 119533
25.08.2010 18:02 C:\Windows\system32\Gfxres.he-IL.resources --------- 133680
25.08.2010 18:02 C:\Windows\system32\Gfxres.fr-FR.resources --------- 120695
25.08.2010 18:02 C:\Windows\system32\Gfxres.fi-FI.resources --------- 118631
25.08.2010 18:02 C:\Windows\system32\Gfxres.es-ES.resources --------- 122858
25.08.2010 18:02 C:\Windows\system32\Gfxres.el-GR.resources --------- 178288
25.08.2010 18:02 C:\Windows\system32\Gfxres.da-DK.resources --------- 114179
25.08.2010 18:02 C:\Windows\system32\Gfxres.de-DE.resources --------- 122638
25.08.2010 18:02 C:\Windows\system32\Gfxres.cs-CZ.resources --------- 118684
25.08.2010 18:02 C:\Windows\system32\Gfxres.ar-SA.resources --------- 139830
25.08.2010 18:02 C:\Windows\system32\igfxrslv.lrc --------- 85504
25.08.2010 18:02 C:\Windows\system32\igfxrsky.lrc --------- 86016
25.08.2010 18:02 C:\Windows\system32\igfxrtha.lrc --------- 84992
----------------------------------------
C:\Windows\Prefetch
----------------------------------------
C:\Windows\Tasks
01.11.2010 14:08 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job --------- 1086
01.11.2010 14:08 C:\Windows\Tasks\SA.DAT --------- 6
31.10.2010 20:16 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job --------- 1090
25.10.2010 12:39 C:\Windows\Tasks\SCHEDLGU.TXT --------- 32632
----------------------------------------
C:\Windows\Temp
C:\Windows\Temp\TMP0000000B8ED4C7648615D05E ---------
01.11.2010 14:13 C:\Windows\Temp\hpqddsvc.log --------- 18059
01.11.2010 14:09 C:\Windows\Temp\HPSLPSVC0004.log --------- 2239
01.11.2010 14:07 C:\Windows\Temp\fwtsqmfile03.sqm --------- 608
01.11.2010 14:06 C:\Windows\Temp\HPSLPSVC0002.log --------- 3101
01.11.2010 14:04 C:\Windows\Temp\fwtsqmfile02.sqm --------- 608
01.11.2010 13:56 C:\Windows\Temp\HPSLPSVC0001.log --------- 3385
01.11.2010 13:54 C:\Windows\Temp\WER1593.tmp.hdmp --------- 0
01.11.2010 13:54 C:\Windows\Temp\WER1592.tmp.WERInternalMetadata.xml --------- 3206
01.11.2010 13:54 C:\Windows\Temp\fwtsqmfile01.sqm --------- 608
01.11.2010 13:41 C:\Windows\Temp\HPSLPSVC0000.log --------- 3297
01.11.2010 13:41 C:\Windows\Temp\SoftGrid Client Service --------- 0
31.10.2010 21:04 C:\Windows\Temp\fwtsqmfile00.sqm --------- 608
31.10.2010 19:10 C:\Windows\Temp\HPSLPSVC0003.log --------- 3297
----------------------------------------
C:\Users\Jan\AppData\Local\Temp
01.11.2010 14:13 C:\Users\Jan\AppData\Local\Temp\jusched.log --------- 1461
01.11.2010 14:11 C:\Users\Jan\AppData\Local\Temp\IpAdrSet.log --------- 2123
01.11.2010 14:09 C:\Users\Jan\AppData\Local\Temp\WPDNSE --------- 0
01.11.2010 13:59 C:\Users\Jan\AppData\Local\Temp\~DFE726C04284F922B3.TMP --------- 114688
31.10.2010 20:45 C:\Users\Jan\AppData\Local\Temp\wmplog00.sqm --------- 1470
31.10.2010 20:42 C:\Users\Jan\AppData\Local\Temp\tmp7969.tmp --------- 7705975
31.10.2010 20:42 C:\Users\Jan\AppData\Local\Temp\tmpBD1B.tmp --------- 13731917
31.10.2010 20:39 C:\Users\Jan\AppData\Local\Temp\tmp16ED.tmp --------- 12028481
31.10.2010 10:52 C:\Users\Jan\AppData\Local\Temp\Low --------- 0
11.01.2010 14:41 C:\Users\Jan\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0
----------------------------------------
C:\Program Files
01.11.2010 13:54 C:\Program Files\AutocompletePro --------- 4096
29.10.2010 16:27 C:\Program Files\Mozilla Firefox --------- 40960
28.10.2010 12:28 C:\Program Files\Java --------- 4096
27.10.2010 16:52 C:\Program Files\Malwarebytes' Anti-Malware --------- 4096
27.10.2010 14:38 C:\Program Files\Trend Micro --------- 4096
13.10.2010 15:23 C:\Program Files\Internet Explorer --------- 4096
13.10.2010 15:23 C:\Program Files\Windows Media Player --------- 4096
13.10.2010 15:22 C:\Program Files\Microsoft Silverlight --------- 4096
12.10.2010 17:23 C:\Program Files\Microsoft SDKs --------- 0
12.10.2010 17:21 C:\Program Files\Microsoft ASP.NET --------- 0
12.10.2010 17:21 C:\Program Files\IIS --------- 0
12.10.2010 17:19 C:\Program Files\Microsoft Visual Studio 10.0 --------- 4096
12.10.2010 17:00 C:\Program Files\Common Files --------- 4096
12.10.2010 17:00 C:\Program Files\MSBuild --------- 0
12.10.2010 16:44 C:\Program Files\Microsoft SQL Server --------- 0
12.10.2010 16:43 C:\Program Files\Microsoft Visual Studio 9.0 --------- 0
12.10.2010 16:42 C:\Program Files\Microsoft.NET --------- 0
12.10.2010 16:39 C:\Program Files\Microsoft Synchronization Services --------- 0
12.10.2010 16:39 C:\Program Files\Microsoft SQL Server Compact Edition --------- 0
12.10.2010 16:37 C:\Program Files\Microsoft Help Viewer --------- 0
28.09.2010 13:16 C:\Program Files\Google --------- 4096
25.09.2010 13:14 C:\Program Files\iTunes --------- 8192
25.09.2010 13:13 C:\Program Files\iPod --------- 0
25.09.2010 13:09 C:\Program Files\QuickTime --------- 4096
25.09.2010 13:07 C:\Program Files\Bonjour --------- 4096
25.09.2010 10:52 C:\Program Files\Steam --------- 12288
20.09.2010 20:18 C:\Program Files\InstallShield Installation Information --------- 12288
20.09.2010 19:53 C:\Program Files\Ubisoft --------- 0
20.09.2010 19:46 C:\Program Files\Jens Lorek --------- 0
15.09.2010 16:00 C:\Program Files\GIMP-2.0 --------- 0
12.09.2010 00:04 C:\Program Files\Camera Assistant Software for Toshiba --------- 4096
08.09.2010 20:03 C:\Program Files\Safari --------- 4096
30.08.2010 15:53 C:\Program Files\KeePass Password Safe 2 --------- 4096
30.08.2010 15:16 C:\Program Files\Steganos Password Manager Free 11 --------- 0
27.08.2010 13:12 C:\Program Files\CCleaner --------- 0
23.08.2010 15:34 C:\Program Files\ICQ7.0 --------- 20480
11.08.2010 22:16 C:\Program Files\Microsoft Works --------- 24576
10.08.2010 17:07 C:\Program Files\ANNO1602 --------- 4096
19.07.2010 22:15 C:\Program Files\Opera --------- 4096
18.07.2010 18:17 C:\Program Files\Audacity --------- 4096
18.07.2010 18:05 C:\Program Files\DVDVideoSoft --------- 0
10.07.2010 14:46 C:\Program Files\TeamSpeak 3 Client --------- 0
08.07.2010 20:23 C:\Program Files\Free iPad Video Converter --------- 4096
05.07.2010 19:54 C:\Program Files\HP --------- 4096
05.07.2010 15:08 C:\Program Files\AVS4YOU --------- 0
02.07.2010 14:28 C:\Program Files\TeamViewer --------- 0
02.07.2010 14:26 C:\Program Files\T3Desk --------- 0
05.06.2010 21:10 C:\Program Files\DivX --------- 8192
31.05.2010 13:24 C:\Program Files\Windows Live --------- 4096
31.05.2010 13:23 C:\Program Files\Windows Live SkyDrive --------- 0
15.05.2010 20:13 C:\Program Files\JRE --------- 0
15.05.2010 20:13 C:\Program Files\OpenOffice.org 3 --------- 4096
15.05.2010 20:03 C:\Program Files\Adobe --------- 0
12.05.2010 14:51 C:\Program Files\Windows Mail --------- 0
11.05.2010 11:59 C:\Program Files\Apple Software Update --------- 4096
15.04.2010 18:11 C:\Program Files\Intel --------- 4096
13.04.2010 13:23 C:\Program Files\Microsoft Office --------- 4096
06.03.2010 19:40 C:\Program Files\CamStudio --------- 8192
06.03.2010 18:59 C:\Program Files\Haali --------- 0
21.02.2010 10:45 C:\Program Files\PC Drivers HeadQuarters --------- 0
01.02.2010 13:35 C:\Program Files\Game Cam V2 --------- 4096
28.01.2010 15:54 C:\Program Files\Microsoft Application Virtualization Client --------- 4096
11.01.2010 14:39 C:\Program Files\Windows NT --------- 4096
11.01.2010 14:39 C:\Program Files\Gemeinsame Dateien --------- 0
11.01.2010 14:11 C:\Program Files\Windows Photo Gallery --------- 0
11.01.2010 14:11 C:\Program Files\Windows Media Components --------- 0
11.01.2010 14:11 C:\Program Files\Windows Collaboration --------- 0
11.01.2010 14:11 C:\Program Files\Windows Calendar --------- 0
11.01.2010 14:11 C:\Program Files\TrackMania --------- 0
11.01.2010 14:11 C:\Program Files\Toshiba TEMPRO --------- 8192
11.01.2010 14:11 C:\Program Files\TOSHIBA --------- 4096
11.01.2010 14:11 C:\Program Files\Skype --------- 0
11.01.2010 14:11 C:\Program Files\Realtek --------- 0
11.01.2010 14:08 C:\Program Files\Nero --------- 0
11.01.2010 14:08 C:\Program Files\myphotobook --------- 0
11.01.2010 14:08 C:\Program Files\MSECache --------- 0
11.01.2010 14:08 C:\Program Files\Microsoft Windows 7 Upgrade Advisor --------- 0
11.01.2010 14:08 C:\Program Files\Microsoft Games --------- 4096
11.01.2010 14:08 C:\Program Files\Microsoft --------- 0
11.01.2010 14:08 C:\Program Files\ltmoh --------- 0
11.01.2010 14:08 C:\Program Files\Jumpstart --------- 4096
11.01.2010 14:08 C:\Program Files\Illustrate --------- 0
11.01.2010 14:08 C:\Program Files\HyCam2 --------- 4096
11.01.2010 14:07 C:\Program Files\Gameforge4D --------- 0
11.01.2010 14:06 C:\Program Files\Cisco --------- 0
11.01.2010 14:06 C:\Program Files\CanonBJ --------- 0
11.01.2010 14:06 C:\Program Files\Canon --------- 4096
11.01.2010 14:06 C:\Program Files\Avira --------- 0
11.01.2010 14:06 C:\Program Files\Atheros --------- 0
11.01.2010 14:02 C:\Program Files\Synaptics --------- 0
14.07.2009 09:56 C:\Program Files\DVD Maker --------- 0
14.07.2009 09:56 C:\Program Files\Windows Journal --------- 0
14.07.2009 09:47 C:\Program Files\Windows Sidebar --------- 4096
14.07.2009 09:47 C:\Program Files\Windows Photo Viewer --------- 0
14.07.2009 09:47 C:\Program Files\Windows Defender --------- 4096
14.07.2009 05:53 C:\Program Files\Uninstall Information --------- 0
14.07.2009 05:52 C:\Program Files\Windows Portable Devices --------- 0
14.07.2009 05:52 C:\Program Files\Reference Assemblies --------- 0
14.07.2009 05:41 C:\Program Files\desktop.ini --------- 174
11.08.2008 14:09 C:\Program Files\MSXML 4.0 --------- 0
----------------------------------------
C:\ProgramData\..
Jan
Mama
Public
Default
All Users
Default User
desktop.ini
----------------------------------------
C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
----------------------------------------
Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process 0 Services 0 24 K
System 4 Services 0 16.240 K
smss.exe 296 Services 0 800 K
csrss.exe 432 Services 0 3.564 K
wininit.exe 472 Services 0 3.484 K
csrss.exe 488 Console 1 9.508 K
services.exe 532 Services 0 7.172 K
lsass.exe 548 Services 0 8.668 K
lsm.exe 556 Services 0 3.148 K
svchost.exe 664 Services 0 6.960 K
winlogon.exe 720 Console 1 4.848 K
svchost.exe 812 Services 0 5.868 K
svchost.exe 872 Services 0 16.948 K
svchost.exe 956 Services 0 68.180 K
svchost.exe 988 Services 0 43.928 K
audiodg.exe 1064 Services 0 15.656 K
svchost.exe 1108 Services 0 11.612 K
svchost.exe 1192 Services 0 11.308 K
spoolsv.exe 1308 Services 0 24.828 K
sched.exe 1428 Services 0 1.092 K
avguard.exe 1500 Services 0 75.068 K
svchost.exe 1528 Services 0 11.860 K
avshadow.exe 1628 Services 0 5.884 K
conhost.exe 1636 Services 0 2.120 K
taskhost.exe 1776 Console 1 7.292 K
dwm.exe 1856 Console 1 26.624 K
explorer.exe 1892 Console 1 54.868 K
taskeng.exe 1148 Console 1 4.440 K
SynTPEnh.exe 1676 Console 1 8.776 K
avgnt.exe 1688 Console 1 3.672 K
jusched.exe 1476 Console 1 3.516 K
RtHDVCpl.exe 1460 Console 1 12.844 K
hkcmd.exe 320 Console 1 7.548 K
igfxpers.exe 108 Console 1 4.752 K
sidebar.exe 2008 Console 1 34.832 K
mDNSResponder.exe 2288 Services 0 4.684 K
svchost.exe 2328 Services 0 10.644 K
svchost.exe 2368 Services 0 6.664 K
sqlservr.exe 2408 Services 0 43.024 K
svchost.exe 2712 Services 0 2.748 K
svchost.exe 2748 Services 0 2.708 K
sftvsa.exe 2964 Services 0 4.012 K
sqlwriter.exe 3000 Services 0 4.816 K
svchost.exe 3024 Services 0 4.316 K
TeamViewer_Service.exe 3064 Services 0 2.760 K
TempoSVC.exe 3108 Services 0 14.728 K
sftlist.exe 3300 Services 0 12.680 K
WmiPrvSE.exe 3564 Services 0 8.660 K
CVHSVC.EXE 3736 Services 0 9.024 K
SearchIndexer.exe 3844 Services 0 19.324 K
svchost.exe 3880 Services 0 5.556 K
NDSTray.exe 4036 Console 1 3.932 K
wmpnetwk.exe 3380 Services 0 4.488 K
SynTPHelper.exe 3908 Console 1 2.492 K
CFSwMgr.exe 3292 Console 1 1.816 K
svchost.exe 4388 Services 0 10.652 K
WmiPrvSE.exe 4440 Services 0 5.240 K
VSSVC.exe 5736 Services 0 5.444 K
svchost.exe 5768 Services 0 4.364 K
CFIWmxSvcs.exe 6076 Services 0 748 K
CFSvcs.exe 1048 Services 0 2.416 K
sppsvc.exe 4184 Services 0 7.500 K
svchost.exe 612 Services 0 42.068 K
taskhost.exe 4692 Console 1 8.144 K
cmd.exe 1088 Console 1 3.248 K
conhost.exe 2720 Console 1 4.336 K
SearchProtocolHost.exe 4084 Services 0 6.380 K
SearchFilterHost.exe 2324 Services 0 4.868 K
tasklist.exe 3344 Console 1 4.380 K
***** Ende des Scans 01.11.2010 um 14:14:42,61 ***
Geändert von oraculum (01.11.2010 um 14:27 Uhr) |
|
02.11.2010, 06:42
| #18 |
| /// Helfer-Team | HTML/Rce.Gen ein frisches TrendMicro™ HijackThis™ -Logfile erstellen und posten
__________________ |
|
02.11.2010, 14:54
| #19 |
| | HTML/Rce.Gen Warum denn jetzt nochmal? Code:
ATTFilter
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
º º
hjtscanlist v2.0
º º
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Microsoft Windows [Version 6.1.7600]
C:
02.11.2010 14:42 C:\System Volume Information --------- 65536
C:\pagefile.sys ---------
C:\hiberfil.sys ---------
31.10.2010 10:44 C:\Windows --------- 28672
28.10.2010 12:42 C:\Config.Msi --------- 0
27.10.2010 16:51 C:\ProgramData --------- 12288
27.10.2010 16:51 C:\Program Files --------- 28672
27.10.2010 14:38 C:\rsit --------- 0
08.10.2010 18:49 C:\$RECYCLE.BIN --------- 0
08.10.2010 18:49 C:\Users --------- 4096
15.04.2010 18:11 C:\Intel --------- 0
06.03.2010 22:08 C:\SureSupply --------- 0
06.03.2010 19:41 C:\MSDOS.SYS --------- 0
06.03.2010 19:41 C:\IO.SYS --------- 0
11.01.2010 14:39 C:\Recovery --------- 0
11.01.2010 14:26 C:\$WINDOWS.~Q --------- 0
11.01.2010 13:58 C:\BOOTSECT.BAK --------- 8192
11.01.2010 13:58 C:\Boot --------- 4096
11.01.2010 13:43 C:\$INPLACE.~TR --------- 0
06.11.2009 21:48 C:\Converted Music --------- 0
17.10.2009 18:06 C:\Westwood --------- 0
16.10.2009 17:40 C:\Toshiba --------- 0
16.10.2009 17:31 C:\Programme --------- 0
16.10.2009 17:31 C:\Dokumente und Einstellungen --------- 0
16.10.2009 16:21 C:\RHDSetup.log --------- 651
14.07.2009 05:53 C:\Documents and Settings --------- 0
14.07.2009 03:37 C:\PerfLogs --------- 0
14.07.2009 02:38 C:\bootmgr --------- 383562
10.06.2009 22:42 C:\config.sys --------- 10
10.06.2009 22:42 C:\autoexec.bat --------- 24
09.02.2009 08:56 C:\SWSTAMP.TXT --------- 229
11.08.2008 15:34 C:\Works --------- 0
11.08.2008 15:28 C:\MSOCache --------- 0
----------------------------------------
C:\Windows
02.11.2010 14:43 C:\Windows\WindowsUpdate.log --------- 1442665
02.11.2010 14:36 C:\Windows\setupact.log --------- 1964950
02.11.2010 14:36 C:\Windows\bootstat.dat --------- 67584
30.10.2010 09:31 C:\Windows\PFRO.log --------- 158870
31.05.2010 13:22 C:\Windows\DirectX.log --------- 90228
17.04.2010 00:45 C:\Windows\WLXPGSS.SCR --------- 307056
15.04.2010 10:02 C:\Windows\ntbtlog.txt --------- 346428
15.04.2010 10:02 C:\Windows\MEMORY.DMP --------- 211412539
01.03.2010 13:31 C:\Windows\hpqins15.dat --------- 23684
11.01.2010 14:26 C:\Windows\comsetup.log --------- 9265
11.01.2010 14:21 C:\Windows\DtcInstall.log --------- 4141
11.01.2010 14:03 C:\Windows\TSSysprep.log --------- 1313
11.01.2010 13:37 C:\Windows\WindowsUpdate (1).log --------- 1778869
11.01.2010 13:05 C:\Windows\diagwrn.xml --------- 2544
11.01.2010 13:05 C:\Windows\diagerr.xml --------- 1890
24.12.2009 18:27 C:\Windows\hpoins46.dat --------- 219106
26.11.2009 11:18 C:\Windows\msxml4-KB973688-deu.LOG --------- 277328
04.11.2009 20:23 C:\Windows\ie8_main.log --------- 191074
31.10.2009 06:45 C:\Windows\explorer.exe --------- 2614272
16.10.2009 20:01 C:\Windows\msxml4-KB954430-deu.LOG --------- 290038
16.10.2009 16:21 C:\Windows\DIFxAPI.dll --------- 319456
16.10.2009 16:21 C:\Windows\HideWin.exe --------- 315392
14.07.2009 05:41 C:\Windows\WindowsShell.Manifest --------- 749
14.07.2009 05:39 C:\Windows\setuperr.log --------- 0
14.07.2009 02:16 C:\Windows\twain_32.dll --------- 51200
14.07.2009 02:14 C:\Windows\write.exe --------- 9216
14.07.2009 02:14 C:\Windows\winhlp32.exe --------- 9728
14.07.2009 02:14 C:\Windows\twunk_32.exe --------- 31232
14.07.2009 02:14 C:\Windows\regedit.exe --------- 398336
14.07.2009 02:14 C:\Windows\notepad.exe --------- 179712
14.07.2009 02:14 C:\Windows\hh.exe --------- 15360
14.07.2009 02:14 C:\Windows\HelpPane.exe --------- 497152
14.07.2009 02:14 C:\Windows\fveupdate.exe --------- 13824
14.07.2009 02:14 C:\Windows\bfsvc.exe --------- 65024
13.07.2009 23:58 C:\Windows\mib.bin --------- 43131
11.06.2009 04:02 C:\Windows\hpomdl46.dat --------- 606
11.06.2009 04:02 C:\Windows\hpomdl46.dat.temp --------- 606
10.06.2009 22:46 C:\Windows\system.ini --------- 219
10.06.2009 22:42 C:\Windows\_default.pif --------- 707
10.06.2009 22:42 C:\Windows\winhelp.exe --------- 256192
10.06.2009 22:41 C:\Windows\twunk_16.exe --------- 49680
10.06.2009 22:41 C:\Windows\twain.dll --------- 94784
10.06.2009 22:34 C:\Windows\WMSysPr9.prx --------- 316640
10.06.2009 22:19 C:\Windows\msdfmap.ini --------- 1405
10.06.2009 22:14 C:\Windows\Starter.xml --------- 48201
10.06.2009 22:14 C:\Windows\HomePremium.xml --------- 48265
13.08.2008 09:48 C:\Windows\csup.txt --------- 10
11.08.2008 15:01 C:\Windows\NDSTray.INI --------- 0
11.08.2008 14:50 C:\Windows\DPINST.LOG --------- 4748
11.08.2008 14:09 C:\Windows\msxml4-KB941833-deu.LOG --------- 267266
08.04.2008 14:14 C:\Windows\RtHDVCpl.exe --------- 6037504
02.04.2008 08:27 C:\Windows\RtlUpd.exe --------- 1196032
05.03.2008 17:07 C:\Windows\RtlExUpd.dll --------- 520192
16.01.2008 11:13 C:\Windows\Thumbs.db --------- 4096
20.11.2007 17:15 C:\Windows\SkyTel.exe --------- 1826816
14.11.2007 14:18 C:\Windows\USetup.iss --------- 553
03.11.2006 13:30 C:\Windows\oemlogo.bmp --------- 43254
02.11.2006 14:04 C:\Windows\win.ini --------- 144
14.01.2004 02:10 C:\Windows\BJPSUNST.EXE --------- 163840
17.11.1998 12:44 C:\Windows\IsUn0407.exe --------- 328704
----------------------------------------
C:\Windows\System
13.07.2009 22:41 C:\Windows\System\OLESVR.DLL --------- 24064
13.07.2009 22:41 C:\Windows\System\WFWNET.DRV --------- 12704
13.07.2009 22:41 C:\Windows\System\COMMDLG.DLL --------- 32816
13.07.2009 22:41 C:\Windows\System\TIMER.DRV --------- 4048
13.07.2009 22:41 C:\Windows\System\MMSYSTEM.DLL --------- 68992
13.07.2009 22:41 C:\Windows\System\mmtask.tsk --------- 1152
13.07.2009 22:41 C:\Windows\System\mouse.drv --------- 2032
13.07.2009 22:41 C:\Windows\System\vga.drv --------- 2176
13.07.2009 22:41 C:\Windows\System\sound.drv --------- 1744
13.07.2009 22:41 C:\Windows\System\keyboard.drv --------- 2000
13.07.2009 22:41 C:\Windows\System\SHELL.DLL --------- 5120
13.07.2009 22:41 C:\Windows\System\system.drv --------- 3360
10.06.2009 22:42 C:\Windows\System\ver.dll --------- 9008
10.06.2009 22:42 C:\Windows\System\olecli.dll --------- 82944
10.06.2009 22:42 C:\Windows\System\lzexpand.dll --------- 9936
10.06.2009 22:25 C:\Windows\System\stdole.tlb --------- 5532
10.06.2009 22:21 C:\Windows\System\msvideo.dll --------- 126912
10.06.2009 22:21 C:\Windows\System\mciwave.drv --------- 28160
10.06.2009 22:21 C:\Windows\System\mciseq.drv --------- 25264
10.06.2009 22:21 C:\Windows\System\mciavi.drv --------- 73376
10.06.2009 22:21 C:\Windows\System\avifile.dll --------- 109456
10.06.2009 22:21 C:\Windows\System\avicap.dll --------- 69584
02.04.2008 14:00 C:\Windows\System\DriveIcon.dll --------- 6428192
27.09.2007 14:32 C:\Windows\System\ms.ico --------- 34530
27.09.2007 14:17 C:\Windows\System\sm.ico --------- 37041
27.09.2007 14:12 C:\Windows\System\sd.ico --------- 38660
27.09.2007 14:04 C:\Windows\System\cf.ico --------- 37300
30.06.2004 15:24 C:\Windows\System\MyMulti.ico --------- 5430
----------------------------------------
C:\Windows\System32
02.11.2010 14:44 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 9504
02.11.2010 14:44 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 9504
02.11.2010 14:40 C:\Windows\system32\config --------- 16384
01.11.2010 14:28 C:\Windows\system32\perfh009.dat --------- 712728
01.11.2010 14:28 C:\Windows\system32\perfc009.dat --------- 144292
01.11.2010 14:28 C:\Windows\system32\perfh007.dat --------- 756664
01.11.2010 14:28 C:\Windows\system32\perfc007.dat --------- 171146
01.11.2010 14:28 C:\Windows\system32\PerfStringBackup.INI --------- 1783520
01.11.2010 13:45 C:\Windows\system32\hjtscanlist.txt --------- 43777
30.10.2010 12:10 C:\Windows\system32\drivers --------- 65536
30.10.2010 12:10 C:\Windows\system32\catroot --------- 4096
30.10.2010 12:10 C:\Windows\system32\DriverStore --------- 4096
29.10.2010 10:28 C:\Windows\system32\catroot2 --------- 12288
28.10.2010 12:38 C:\Windows\system32\javaws.exe --------- 153376
28.10.2010 12:38 C:\Windows\system32\javaw.exe --------- 145184
28.10.2010 12:38 C:\Windows\system32\java.exe --------- 145184
28.10.2010 12:38 C:\Windows\system32\deployJava1.dll --------- 472808
26.10.2010 18:39 C:\Windows\system32\NDF --------- 0
19.10.2010 10:41 C:\Windows\system32\MpSigStub.exe --------- 222080
13.10.2010 15:23 C:\Windows\system32\FNTCACHE.DAT --------- 381480
13.10.2010 15:23 C:\Windows\system32\migration --------- 4096
13.10.2010 13:27 C:\Windows\system32\MRT.exe --------- 35385288
12.10.2010 16:44 C:\Windows\system32\RsFx --------- 0
12.10.2010 16:43 C:\Windows\system32\1033 --------- 0
12.10.2010 16:43 C:\Windows\system32\1031 --------- 0
12.10.2010 16:35 C:\Windows\system32\de-DE --------- 327680
06.10.2010 20:03 C:\Windows\system32\mapisvc.inf --------- 1152
27.09.2010 15:24 C:\Windows\system32\Tasks --------- 4096
08.09.2010 10:17 C:\Windows\system32\QuickTime.qts --------- 69632
08.09.2010 10:17 C:\Windows\system32\QuickTimeVR.qtx --------- 94208
08.09.2010 05:30 C:\Windows\system32\wininet.dll --------- 978432
08.09.2010 05:30 C:\Windows\system32\urlmon.dll --------- 1226752
08.09.2010 05:28 C:\Windows\system32\mstime.dll --------- 606208
08.09.2010 05:28 C:\Windows\system32\mshtmled.dll --------- 67072
08.09.2010 05:28 C:\Windows\system32\mshtml.dll --------- 5977600
08.09.2010 05:28 C:\Windows\system32\msfeedsbs.dll --------- 64512
08.09.2010 05:28 C:\Windows\system32\msfeeds.dll --------- 599040
08.09.2010 05:28 C:\Windows\system32\licmgr10.dll --------- 44544
08.09.2010 05:28 C:\Windows\system32\jsproxy.dll --------- 48128
08.09.2010 05:28 C:\Windows\system32\ieui.dll --------- 176640
08.09.2010 05:28 C:\Windows\system32\iertutil.dll --------- 2058752
08.09.2010 05:28 C:\Windows\system32\iepeers.dll --------- 185856
08.09.2010 05:28 C:\Windows\system32\ieframe.dll --------- 10988544
08.09.2010 05:27 C:\Windows\system32\iedkcs32.dll --------- 381440
08.09.2010 05:25 C:\Windows\system32\msfeedssync.exe --------- 12800
08.09.2010 04:22 C:\Windows\system32\html.iec --------- 386048
08.09.2010 03:48 C:\Windows\system32\mshtml.tlb --------- 1638912
04.09.2010 16:45 C:\Windows\system32\wdi --------- 4096
01.09.2010 05:29 C:\Windows\system32\wmp.dll --------- 11406848
01.09.2010 05:23 C:\Windows\system32\wmploc.DLL --------- 12625408
01.09.2010 03:34 C:\Windows\system32\win32k.sys --------- 2327552
31.08.2010 05:32 C:\Windows\system32\mfc40u.dll --------- 954288
31.08.2010 05:32 C:\Windows\system32\mfc40.dll --------- 954752
27.08.2010 06:46 C:\Windows\system32\srvsvc.dll --------- 168448
26.08.2010 05:39 C:\Windows\system32\t2embed.dll --------- 109056
25.08.2010 18:58 C:\Windows\system32\iglhxs32.vp --------- 51432
25.08.2010 18:46 C:\Windows\system32\TVWSetup.exe --------- 8198680
25.08.2010 18:45 C:\Windows\system32\igfxtray.exe --------- 136216
25.08.2010 18:45 C:\Windows\system32\igfxsrvc.exe --------- 266776
25.08.2010 18:45 C:\Windows\system32\igfxpers.exe --------- 170520
25.08.2010 18:45 C:\Windows\system32\igfxext.exe --------- 179224
25.08.2010 18:45 C:\Windows\system32\hkcmd.exe --------- 171032
25.08.2010 18:45 C:\Windows\system32\GfxUI.exe --------- 3156504
25.08.2010 18:39 C:\Windows\system32\igfxCoIn_v2202.dll --------- 81920
25.08.2010 18:31 C:\Windows\system32\igdumd32.dll --------- 4967424
25.08.2010 18:30 C:\Windows\system32\igcompkrng500.bin --------- 439308
25.08.2010 18:30 C:\Windows\system32\igfcg500m.bin --------- 92356
25.08.2010 18:30 C:\Windows\system32\igkrng500.bin --------- 982240
25.08.2010 18:28 C:\Windows\system32\igdumdx32.dll --------- 571904
25.08.2010 18:23 C:\Windows\system32\igd10umd32.dll --------- 4411904
25.08.2010 18:09 C:\Windows\system32\ig4icd32.dll --------- 11040256
25.08.2010 18:03 C:\Windows\system32\Gfxres.zh-TW.resources --------- 103997
25.08.2010 18:03 C:\Windows\system32\Gfxres.zh-CN.resources --------- 102843
25.08.2010 18:03 C:\Windows\system32\Gfxres.tr-TR.resources --------- 121121
25.08.2010 18:03 C:\Windows\system32\Gfxres.th-TH.resources --------- 189408
25.08.2010 18:02 C:\Windows\system32\Gfxres.sv-SE.resources --------- 119286
25.08.2010 18:02 C:\Windows\system32\Gfxres.sl-SI.resources --------- 114308
25.08.2010 18:02 C:\Windows\system32\Gfxres.sk-SK.resources --------- 117984
25.08.2010 18:02 C:\Windows\system32\Gfxres.ru-RU.resources --------- 165251
25.08.2010 18:02 C:\Windows\system32\Gfxres.pt-PT.resources --------- 118997
25.08.2010 18:02 C:\Windows\system32\Gfxres.pt-BR.resources --------- 120287
25.08.2010 18:02 C:\Windows\system32\Gfxres.pl-PL.resources --------- 118317
25.08.2010 18:02 C:\Windows\system32\Gfxres.nl-NL.resources --------- 119513
25.08.2010 18:02 C:\Windows\system32\Gfxres.ko-KR.resources --------- 123164
25.08.2010 18:02 C:\Windows\system32\Gfxres.nb-NO.resources --------- 114779
25.08.2010 18:02 C:\Windows\system32\Gfxres.it-IT.resources --------- 125477
25.08.2010 18:02 C:\Windows\system32\Gfxres.ja-JP.resources --------- 136327
25.08.2010 18:02 C:\Windows\system32\Gfxres.hu-HU.resources --------- 119533
25.08.2010 18:02 C:\Windows\system32\Gfxres.he-IL.resources --------- 133680
25.08.2010 18:02 C:\Windows\system32\Gfxres.fr-FR.resources --------- 120695
25.08.2010 18:02 C:\Windows\system32\Gfxres.fi-FI.resources --------- 118631
25.08.2010 18:02 C:\Windows\system32\Gfxres.es-ES.resources --------- 122858
25.08.2010 18:02 C:\Windows\system32\Gfxres.el-GR.resources --------- 178288
25.08.2010 18:02 C:\Windows\system32\Gfxres.da-DK.resources --------- 114179
25.08.2010 18:02 C:\Windows\system32\Gfxres.de-DE.resources --------- 122638
25.08.2010 18:02 C:\Windows\system32\Gfxres.cs-CZ.resources --------- 118684
25.08.2010 18:02 C:\Windows\system32\Gfxres.ar-SA.resources --------- 139830
25.08.2010 18:02 C:\Windows\system32\igfxrslv.lrc --------- 85504
25.08.2010 18:02 C:\Windows\system32\igfxrsky.lrc --------- 86016
25.08.2010 18:02 C:\Windows\system32\igfxrtha.lrc --------- 84992
----------------------------------------
C:\Windows\Prefetch
----------------------------------------
C:\Windows\Tasks
02.11.2010 14:38 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job --------- 1086
02.11.2010 14:38 C:\Windows\Tasks\SA.DAT --------- 6
02.11.2010 14:37 C:\Windows\Tasks\SCHEDLGU.TXT --------- 32632
01.11.2010 21:16 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job --------- 1090
----------------------------------------
C:\Windows\Temp
02.11.2010 14:51 C:\Windows\Temp\TMP000000169B0625A16013F263 --------- 204800000
02.11.2010 14:51 C:\Windows\Temp\TMP00000015802ED10677EBC220 --------- 524288
02.11.2010 14:42 C:\Windows\Temp\MpSigStub.log --------- 3276
02.11.2010 14:42 C:\Windows\Temp\hpqddsvc.log --------- 6129
02.11.2010 14:39 C:\Windows\Temp\AVSETUP_4cd0148a --------- 0
02.11.2010 14:37 C:\Windows\Temp\HPSLPSVC0001.log --------- 2434
02.11.2010 14:36 C:\Windows\Temp\SoftGrid Client Service --------- 0
01.11.2010 21:22 C:\Windows\Temp\fwtsqmfile00.sqm --------- 608
01.11.2010 19:50 C:\Windows\Temp\HPSLPSVC0000.log --------- 3297
----------------------------------------
C:\Users\***\AppData\Local\Temp
02.11.2010 14:41 C:\Users\***\AppData\Local\Temp\jusched.log --------- 635
02.11.2010 14:38 C:\Users\***\AppData\Local\Temp\IpAdrSet.log --------- 887
02.11.2010 14:36 C:\Users\***\AppData\Local\Temp\WPDNSE --------- 0
31.10.2010 10:52 C:\Users\***\AppData\Local\Temp\Low --------- 0
11.01.2010 14:41 C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0
----------------------------------------
C:\Program Files
01.11.2010 13:54 C:\Program Files\AutocompletePro --------- 4096
29.10.2010 16:27 C:\Program Files\Mozilla Firefox --------- 40960
28.10.2010 12:28 C:\Program Files\Java --------- 4096
27.10.2010 16:52 C:\Program Files\Malwarebytes' Anti-Malware --------- 4096
27.10.2010 14:38 C:\Program Files\Trend Micro --------- 4096
13.10.2010 15:23 C:\Program Files\Internet Explorer --------- 4096
13.10.2010 15:23 C:\Program Files\Windows Media Player --------- 4096
13.10.2010 15:22 C:\Program Files\Microsoft Silverlight --------- 4096
12.10.2010 17:23 C:\Program Files\Microsoft SDKs --------- 0
12.10.2010 17:21 C:\Program Files\Microsoft ASP.NET --------- 0
12.10.2010 17:21 C:\Program Files\IIS --------- 0
12.10.2010 17:19 C:\Program Files\Microsoft Visual Studio 10.0 --------- 4096
12.10.2010 17:00 C:\Program Files\Common Files --------- 4096
12.10.2010 17:00 C:\Program Files\MSBuild --------- 0
12.10.2010 16:44 C:\Program Files\Microsoft SQL Server --------- 0
12.10.2010 16:43 C:\Program Files\Microsoft Visual Studio 9.0 --------- 0
12.10.2010 16:42 C:\Program Files\Microsoft.NET --------- 0
12.10.2010 16:39 C:\Program Files\Microsoft Synchronization Services --------- 0
12.10.2010 16:39 C:\Program Files\Microsoft SQL Server Compact Edition --------- 0
12.10.2010 16:37 C:\Program Files\Microsoft Help Viewer --------- 0
28.09.2010 13:16 C:\Program Files\Google --------- 4096
25.09.2010 13:14 C:\Program Files\iTunes --------- 8192
25.09.2010 13:13 C:\Program Files\iPod --------- 0
25.09.2010 13:09 C:\Program Files\QuickTime --------- 4096
25.09.2010 13:07 C:\Program Files\Bonjour --------- 4096
25.09.2010 10:52 C:\Program Files\Steam --------- 12288
20.09.2010 20:18 C:\Program Files\InstallShield Installation Information --------- 0
20.09.2010 19:53 C:\Program Files\Ubisoft --------- 0
20.09.2010 19:46 C:\Program Files\Jens Lorek --------- 0
15.09.2010 16:00 C:\Program Files\GIMP-2.0 --------- 0
12.09.2010 00:04 C:\Program Files\Camera Assistant Software for Toshiba --------- 4096
08.09.2010 20:03 C:\Program Files\Safari --------- 4096
30.08.2010 15:53 C:\Program Files\KeePass Password Safe 2 --------- 0
30.08.2010 15:16 C:\Program Files\Steganos Password Manager Free 11 --------- 0
27.08.2010 13:12 C:\Program Files\CCleaner --------- 0
23.08.2010 15:34 C:\Program Files\ICQ7.0 --------- 20480
11.08.2010 22:16 C:\Program Files\Microsoft Works --------- 24576
10.08.2010 17:07 C:\Program Files\ANNO1602 --------- 4096
19.07.2010 22:15 C:\Program Files\Opera --------- 4096
18.07.2010 18:17 C:\Program Files\Audacity --------- 4096
18.07.2010 18:05 C:\Program Files\DVDVideoSoft --------- 0
10.07.2010 14:46 C:\Program Files\TeamSpeak 3 Client --------- 0
08.07.2010 20:23 C:\Program Files\Free iPad Video Converter --------- 4096
05.07.2010 19:54 C:\Program Files\HP --------- 4096
05.07.2010 15:08 C:\Program Files\AVS4YOU --------- 0
02.07.2010 14:28 C:\Program Files\TeamViewer --------- 0
02.07.2010 14:26 C:\Program Files\T3Desk --------- 0
05.06.2010 21:10 C:\Program Files\DivX --------- 8192
31.05.2010 13:24 C:\Program Files\Windows Live --------- 4096
31.05.2010 13:23 C:\Program Files\Windows Live SkyDrive --------- 0
15.05.2010 20:13 C:\Program Files\JRE --------- 0
15.05.2010 20:13 C:\Program Files\OpenOffice.org 3 --------- 4096
15.05.2010 20:03 C:\Program Files\Adobe --------- 0
12.05.2010 14:51 C:\Program Files\Windows Mail --------- 4096
11.05.2010 11:59 C:\Program Files\Apple Software Update --------- 4096
15.04.2010 18:11 C:\Program Files\Intel --------- 4096
13.04.2010 13:23 C:\Program Files\Microsoft Office --------- 4096
06.03.2010 19:40 C:\Program Files\CamStudio --------- 0
06.03.2010 18:59 C:\Program Files\Haali --------- 0
21.02.2010 10:45 C:\Program Files\PC Drivers HeadQuarters --------- 0
01.02.2010 13:35 C:\Program Files\Game Cam V2 --------- 0
28.01.2010 15:54 C:\Program Files\Microsoft Application Virtualization Client --------- 4096
11.01.2010 14:39 C:\Program Files\Windows NT --------- 4096
11.01.2010 14:39 C:\Program Files\Gemeinsame Dateien --------- 0
11.01.2010 14:11 C:\Program Files\Windows Photo Gallery --------- 0
11.01.2010 14:11 C:\Program Files\Windows Media Components --------- 0
11.01.2010 14:11 C:\Program Files\Windows Collaboration --------- 0
11.01.2010 14:11 C:\Program Files\Windows Calendar --------- 0
11.01.2010 14:11 C:\Program Files\TrackMania --------- 0
11.01.2010 14:11 C:\Program Files\Toshiba TEMPRO --------- 8192
11.01.2010 14:11 C:\Program Files\TOSHIBA --------- 4096
11.01.2010 14:11 C:\Program Files\Skype --------- 0
11.01.2010 14:11 C:\Program Files\Realtek --------- 0
11.01.2010 14:08 C:\Program Files\Nero --------- 0
11.01.2010 14:08 C:\Program Files\myphotobook --------- 8192
11.01.2010 14:08 C:\Program Files\MSECache --------- 0
11.01.2010 14:08 C:\Program Files\Microsoft Windows 7 Upgrade Advisor --------- 4096
11.01.2010 14:08 C:\Program Files\Microsoft Games --------- 4096
11.01.2010 14:08 C:\Program Files\Microsoft --------- 0
11.01.2010 14:08 C:\Program Files\ltmoh --------- 0
11.01.2010 14:08 C:\Program Files\Jumpstart --------- 4096
11.01.2010 14:08 C:\Program Files\Illustrate --------- 0
11.01.2010 14:08 C:\Program Files\HyCam2 --------- 4096
11.01.2010 14:07 C:\Program Files\Gameforge4D --------- 0
11.01.2010 14:06 C:\Program Files\Cisco --------- 0
11.01.2010 14:06 C:\Program Files\CanonBJ --------- 0
11.01.2010 14:06 C:\Program Files\Canon --------- 4096
11.01.2010 14:06 C:\Program Files\Avira --------- 0
11.01.2010 14:06 C:\Program Files\Atheros --------- 0
11.01.2010 14:02 C:\Program Files\Synaptics --------- 0
14.07.2009 09:56 C:\Program Files\DVD Maker --------- 4096
14.07.2009 09:56 C:\Program Files\Windows Journal --------- 4096
14.07.2009 09:47 C:\Program Files\Windows Sidebar --------- 4096
14.07.2009 09:47 C:\Program Files\Windows Photo Viewer --------- 4096
14.07.2009 09:47 C:\Program Files\Windows Defender --------- 4096
14.07.2009 05:53 C:\Program Files\Uninstall Information --------- 0
14.07.2009 05:52 C:\Program Files\Windows Portable Devices --------- 0
14.07.2009 05:52 C:\Program Files\Reference Assemblies --------- 0
14.07.2009 05:41 C:\Program Files\desktop.ini --------- 174
11.08.2008 14:09 C:\Program Files\MSXML 4.0 --------- 0
----------------------------------------
C:\ProgramData\..
***
***
Public
Default
All Users
Default User
desktop.ini
----------------------------------------
C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
----------------------------------------
Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process 0 Services 0 24 K
System 4 Services 0 16.424 K
smss.exe 296 Services 0 800 K
csrss.exe 432 Services 0 3.476 K
wininit.exe 472 Services 0 3.328 K
csrss.exe 484 Console 1 5.952 K
services.exe 532 Services 0 7.228 K
lsass.exe 556 Services 0 8.860 K
lsm.exe 564 Services 0 2.996 K
svchost.exe 672 Services 0 7.084 K
winlogon.exe 720 Console 1 5.124 K
svchost.exe 816 Services 0 6.308 K
svchost.exe 868 Services 0 17.416 K
svchost.exe 952 Services 0 70.260 K
svchost.exe 1108 Services 0 12.168 K
svchost.exe 1196 Services 0 17.436 K
spoolsv.exe 1344 Services 0 24.092 K
svchost.exe 1532 Services 0 11.732 K
taskhost.exe 1772 Console 1 6.468 K
dwm.exe 1852 Console 1 26.104 K
explorer.exe 1876 Console 1 46.932 K
GoogleUpdate.exe 1968 Services 0 684 K
SynTPEnh.exe 1676 Console 1 9.488 K
jusched.exe 1756 Console 1 3.504 K
RtHDVCpl.exe 1696 Console 1 13.096 K
hkcmd.exe 2044 Console 1 8.284 K
igfxpers.exe 332 Console 1 5.496 K
sidebar.exe 608 Console 1 36.024 K
mDNSResponder.exe 2344 Services 0 4.696 K
svchost.exe 2488 Services 0 10.548 K
svchost.exe 2528 Services 0 6.824 K
sqlservr.exe 2564 Services 0 42.876 K
svchost.exe 2704 Services 0 2.716 K
svchost.exe 2740 Services 0 2.652 K
sftvsa.exe 3060 Services 0 3.988 K
sqlwriter.exe 3084 Services 0 4.820 K
TeamViewer_Service.exe 3180 Services 0 2.760 K
TempoSVC.exe 3220 Services 0 14.836 K
sftlist.exe 3360 Services 0 12.656 K
CVHSVC.EXE 4072 Services 0 13.008 K
SearchIndexer.exe 2192 Services 0 18.032 K
svchost.exe 912 Services 0 5.908 K
svchost.exe 2444 Services 0 33.416 K
wmpnetwk.exe 1300 Services 0 5.680 K
SynTPHelper.exe 4300 Console 1 2.688 K
svchost.exe 4424 Services 0 10.736 K
sched.exe 4616 Services 0 1.612 K
avguard.exe 1316 Services 0 15.920 K
avshadow.exe 2160 Services 0 3.424 K
conhost.exe 1096 Services 0 2.124 K
CFIWmxSvcs.exe 5092 Services 0 764 K
CFSvcs.exe 5168 Services 0 1.200 K
svchost.exe 5184 Services 0 58.084 K
avgnt.exe 4324 Console 1 2.776 K
TrustedInstaller.exe 4268 Services 0 5.984 K
audiodg.exe 3668 Services 0 15.608 K
cmd.exe 5784 Console 1 3.200 K
conhost.exe 5916 Console 1 4.240 K
SearchProtocolHost.exe 4352 Services 0 6.392 K
SearchFilterHost.exe 4496 Services 0 4.772 K
tasklist.exe 5552 Console 1 4.372 K
WmiPrvSE.exe 1800 Services 0 5.036 K
***** Ende des Scans 02.11.2010 um 14:51:32,63 ***
|
|
03.11.2010, 06:33
| #20 | |
| /// Helfer-Team | HTML/Rce.GenZitat:
nicht "hjtscanlist", sondern: "TrendMicro™ HijackThis™ -Logfile " durch "RSIT" erstellt worden aber machen wir anders: Lösche unter C:\rsit die log.txt und info.txt Doppelklick auf die RSIT.exe Poste beide Logfiles. |
|
03.11.2010, 15:44
| #21 |
| | HTML/Rce.Gen [CODE]info.txtRSIT Logfile: Code:
ATTFilter logfile of random's system information tool 1.08 2010-11-03 15:37:21
======Uninstall list======
32 Bit HP CIO Components Installer-->MsiExec.exe /I{859D40CF-8491-44AD-8FA8-7389CB418C64}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}
4Story 3.4-->"C:\Program Files\Gameforge4D\4Story\unins000.exe"
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
Advertising Center-->MsiExec.exe /X{b2ec4a38-b545-4a00-8214-13fe0e915e6d}
ANNO 1404 - Venedig-->"C:\Program Files\InstallShield Installation Information\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}\setup.exe" -runfromtemp -l0x0007 -removeonly
ANNO 1404-->"C:\Program Files\InstallShield Installation Information\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}\setup.exe" -runfromtemp -l0x0007 -removeonly
ANNO 1602-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F7CAD9-2316-4701-B5CA-E90FD60029E9}\SETUP.exe"
Apple Application Support-->MsiExec.exe /I{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}
Apple Mobile Device Support-->MsiExec.exe /I{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
Atheros Driver Installation Program-->C:\Program Files\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe -runfromtemp -l0x0007
Atheros Wi-Fi Protected Setup Library-->C:\Program Files\InstallShield Installation Information\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}\setup.exe -runfromtemp -l0x0007 -removeonly
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Audiosurf-->"C:\Program Files\Steam\steam.exe" steam://uninstall/12900
AutocompletePro-->"C:\Program Files\AutocompletePro\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bonjour-->MsiExec.exe /X{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}
Camera Assistant Software for Toshiba-->C:\Program Files\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe -runfromtemp -l0x0007
Canon iP3300 Benutzerregistrierung-->C:\Program Files\Canon\IJEREG\iP3300\UNINST.EXE
Canon iP3300-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3300\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3300 /L0x0007
Canon Setup Utility 2.3-->"C:\Program Files\Canon\Canon Setup Utility 2.3\Maint.exe" /Uninstall C:\Program Files\Canon\Canon Setup Utility 2.3\uninst.ini
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Canon Utilities Easy-PrintToolBox-->C:\Windows\BJPSUNST.EXE
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer-->C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe -runfromtemp -l0x0007 -removeonly
Command & Conquer Teil 3: Operation Tiberian Sun-->C:\Westwood\SUN\Uninstll.EXE
dBpowerAMP Music Converter-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
Driver Detective-->MsiExec.exe /X{4640FDE1-B83A-4376-84ED-86F86BEE2D41}
Easy-WebPrint-->C:\Windows\IsUn0407.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Free iPad Video Converter 3.7.0.1-->"C:\Program Files\Free iPad Video Converter\unins000.exe"
Free Video to MP3 Converter version 4.0-->"C:\Program Files\DVDVideoSoft\Free Video to MP3 Converter\unins000.exe"
GIMP 2.6.10-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\7.0.517.41\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /X{4286E640-B5FB-11DF-AC4B-005056C00008}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_AC0049E063DE2AEA.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
HP Customer Participation Program 13.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot
HP Deskjet F4500 Printer Driver Software 13.0 Rel .6-->C:\Program Files\HP\Digital Imaging\{7F08A772-2816-4F46-84F1-49578502AD28}\setup\hpzscr01.exe -datfile hposcr46.dat -onestop -forcereboot
HP Imaging Device Functions 13.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Print Projects 1.0-->C:\Program Files\HP\Digital Imaging\HPPrintProjects\hpzscr01.exe -datfile hpqbud19.dat
HP Smart Web Printing 4.60-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 13.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}
HyperCam 2-->"C:\Program Files\HyCam2\UnHyCam2.exe"
ICQ7-->"C:\Program Files\InstallShield Installation Information\{88EB38EF-4D2C-436D-ABD3-56B232674062}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) TV Wizard-->C:\Windows\system32\TVWizudlg.exe -uninstall
Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
iTunes-->MsiExec.exe /I{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 4 Client Profile DEU Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1031 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile DEU Language Pack-->MsiExec.exe /X{F750C986-5310-3A5A-95F8-4EC71C8AC01C}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft .NET Framework 4 Extended DEU Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ExtendedLP\Setup.exe /repair /x86 /lcid 1031 /parameterfolder ExtendedLP
Microsoft .NET Framework 4 Extended DEU Language Pack-->MsiExec.exe /X{C911A0C2-2236-3164-AA47-F2566C01AE5E}
Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702}
Microsoft .NET Framework 4 Multi-Targeting Pack-->MsiExec.exe /I{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}
Microsoft ASP.NET MVC 2 - DEU-->MsiExec.exe /X{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools - DEU-->MsiExec.exe /X{2CE77981-14DE-4773-8106-27C9C964720C}
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools-->MsiExec.exe /X{5BDFAB82-060E-438B-AB4F-A2331B2294C0}
Microsoft ASP.NET MVC 2-->MsiExec.exe /X{1803A630-3C38-4D2B-9B9A-0CB37243539C}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Help Viewer 1.0 Language Pack - DEU-->C:\Program Files\Microsoft Help Viewer\v1.0\Microsoft Help Viewer 1.0 Language Pack - DEU\install.exe
Microsoft Help Viewer 1.0 Language Pack - DEU-->MsiExec.exe /X{1D328E11-3B0C-388C-835D-C9C20E8C7734}
Microsoft Help Viewer 1.0-->C:\Program Files\Microsoft Help Viewer\v1.0\Microsoft Help Viewer 1.0\install.exe
Microsoft Help Viewer 1.0-->MsiExec.exe /X{47C39E4A-28F2-33B1-B9B7-97F24E52D917}
Microsoft Office Click-to-Run 2010 (Beta)-->"C:\PROGRA~1\COMMON~1\MICROS~1\VIRTUA~1\CVHBS.EXE" /removeall
Microsoft Office Click-to-Run 2010 (Beta)-->MsiExec.exe /I{20140000-006D-0407-0000-0000000FF1CE}
Microsoft Office Home and Business 2010 (Beta) - Deutsch-->C:\Program Files\Common Files\microsoft shared\virtualization handler\cvhbs.exe /uninstall {20140062-0062-0407-0000-0000000FF1CE}
Microsoft Silverlight 3 SDK - Deutsch-->MsiExec.exe /X{91F54E1D-804A-46D8-A56C-53EA9C4B3177}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server 2008 Browser-->MsiExec.exe /X{4AF2248C-B3DF-46FB-9596-87F5DB193689}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{4A6F34E2-09E5-4616-B227-4A26A488A6F9}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{5BD39911-A12F-4562-98BA-A6E03E3370B1}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{477415F5-93DA-46AA-85C5-640047825995}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{F3494AB6-6900-41C6-AF57-823626827ED8}
Microsoft SQL Server 2008 Native Client-->MsiExec.exe /I{1C2B3CEA-482E-4453-B3E2-C9731337828A}
Microsoft SQL Server 2008 R2 Management Objects-->MsiExec.exe /I{A106D33E-6B43-42C0-9BFC-D03303261FA7}
Microsoft SQL Server 2008 RsFx Driver-->MsiExec.exe /I{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}
Microsoft SQL Server 2008-->"C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /x86
Microsoft SQL Server 2008-->"C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /X86
Microsoft SQL Server Compact 3.5 SP2 DEU-->MsiExec.exe /I{0125D081-30D0-4A97-82A8-C28D444B6256}
Microsoft SQL Server Database Publishing Wizard 1.4-->MsiExec.exe /I{ACE28263-76A4-4BF5-B6F4-8BD719595969}
Microsoft SQL Server System CLR Types-->MsiExec.exe /I{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{D074DC76-F6C9-440E-A1D0-1DE958417FDB}
Microsoft Visual Basic 2010 Express - DEU-->C:\Program Files\Microsoft Visual Studio 10.0\Microsoft Visual Basic 2010 Express - DEU\setup.exe
Microsoft Visual Basic 2010 Express - DEU-->MsiExec.exe /X{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}
Microsoft Visual C# 2010 Express - DEU-->C:\Program Files\Microsoft Visual Studio 10.0\Microsoft Visual C# 2010 Express - DEU\setup.exe
Microsoft Visual C# 2010 Express - DEU-->MsiExec.exe /X{D81641E8-ABF1-3D07-803B-60E8FC619368}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974-->MsiExec.exe /X{B7E38540-E355-3503-AFD7-635B2F2F76E1}
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319-->MsiExec.exe /X{6A86554B-8928-30E4-A53C-D7337689134D}
Microsoft Visual C++ 2010 Express - DEU-->C:\Program Files\Microsoft Visual Studio 10.0\Microsoft Visual C++ 2010 Express - DEU\setup.exe
Microsoft Visual C++ 2010 Express - DEU-->MsiExec.exe /X{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools-->MsiExec.exe /X{616C6F39-4CE1-3434-A665-2F6A04C09A7F}
Microsoft Visual Web Developer 2010 Express - DEU-->C:\Program Files\Microsoft Visual Studio 10.0\Microsoft Visual Web Developer 2010 Express - DEU\setup.exe
Microsoft Visual Web Developer 2010 Express - DEU-->MsiExec.exe /X{638AA518-6A32-33CC-B88F-BCD20B2DCF2E}
Microsoft Works-->MsiExec.exe /I{39D0E034-1042-4905-BECB-5502909FCB7C}
Mozilla Firefox (3.6.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
myphotobook 3.6-->C:\Program Files\myphotobook\uninst.exe
Nero 9 Essentials-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="XM02-508X-MHAT-19WU-9Z3Z-0CH0-3U6E-85W5-MMHH-6647-1Z5L-7M8C-0U45-758P-0000"
Nero ControlCenter-->MsiExec.exe /X{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}
Nero Installer-->MsiExec.exe /X{e8a80433-302b-4ff1-815d-fcc8eac482ff}
Nero Online Upgrade-->MsiExec.exe /X{dba84796-8503-4ff0-af57-1747dd9a166d}
Nero StartSmart OEM-->MsiExec.exe /X{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}
Nero StartSmart-->MsiExec.exe /X{7748ac8c-18e3-43bb-959b-088faea16fb2}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
OpenOffice.org 3.2-->MsiExec.exe /I{192A107E-C6B9-41B9-BDBF-38E3AA226054}
Opera 10.60-->MsiExec.exe /X{1D2C96C3-A3F3-49E7-B839-95279DED837F}
QuickTime-->MsiExec.exe /I{E7004147-2CCA-431C-AA05-2AB166B9785D}
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly
Safari-->MsiExec.exe /I{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7A2C18A1-D2A2-3177-82F1-5FE9CC08ECB0} /parameterfolder Extended
Service Pack 1 für SQL Server 2008 (KB 968369)-->"C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB968369\ServicePack\setup.exe" /Action=RemovePatch /AllInstances
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Sql Server Customer Experience Improvement Program-->MsiExec.exe /I{C965F01C-76EA-4BD7-973E-46236AE312D7}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Steganos Password Manager Free-->C:\Program Files\Steganos Password Manager Free 11\uninstall.exe
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamViewer 5-->C:\Program Files\TeamViewer\Version5\uninstall.exe
TOSHIBA Assist-->C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe -runfromtemp -l0x0007 -removeonly
TOSHIBA Benutzerhandbücher-->C:\Program Files\InstallShield Installation Information\{1C971EE3-B4C4-4367-9676-57549919C6CE}\setup.exe -runfromtemp -l0x0007 -removeonly
TOSHIBA ConfigFree-->MsiExec.exe /X{F3529665-D75E-4D6D-98F0-745C78C68E9B}
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0407
TOSHIBA Hardware Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2883F6F5-0509-43F3-868C-D50330DD9DD3}\setup.exe" -l0
Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by *** at 2010-11-03 15:40:04 Microsoft Windows 7 Home Premium System drive C: has 110 GB (57%) free of 191 GB Total RAM: 2940 MB (64% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:40:06, on 03.11.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16671) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Users\***\Desktop\SAchn\RSIT.exe C:\Program Files\trend micro\***.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file) O1 - Hosts: ::1 localhost O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user') O9 - Extra button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- End of file - 4192 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-14 1348904] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-11-02 281768] ""= [] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-04-08 6037504] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-08-25 136216] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-08-25 171032] "Persistence"=C:\Windows\system32\igfxpers.exe [2010-08-25 170520] " Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-09-21 47904] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2008-09-26 417792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [2008-05-28 20480] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2010-06-09 49208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2010-09-24 421160] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe [2010-09-02 13351304] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] C:\Windows\Skytel.exe [2007-11-20 1826816] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-08-11 68856] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2007-07-10 581632] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [2008-01-11 574864] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe [2008-04-24 103824] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2009-05-21 275768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2010-08-25 228864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "legalnoticetext"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 3 months====== 2010-11-01 13:44:51 ----A---- C:\Windows\system32\hjtscanlist.txt 2010-10-29 15:58:56 ----D---- C:\Windows\pss 2010-10-28 12:38:55 ----A---- C:\Windows\system32\javaws.exe 2010-10-28 12:38:55 ----A---- C:\Windows\system32\javaw.exe 2010-10-28 12:38:55 ----A---- C:\Windows\system32\java.exe 2010-10-27 16:52:30 ----D---- C:\Users\***\AppData\Roaming\Malwarebytes 2010-10-27 16:51:58 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys 2010-10-27 16:51:55 ----D---- C:\ProgramData\Malwarebytes 2010-10-27 16:51:54 ----A---- C:\Windows\system32\drivers\mbam.sys 2010-10-27 16:51:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-10-27 14:37:36 ----D---- C:\rsit 2010-10-27 14:35:31 ----A---- C:\Windows\system32\msdri.dll 2010-10-27 14:35:31 ----A---- C:\Windows\system32\CPFilters.dll 2010-10-27 14:35:21 ----A---- C:\Windows\system32\drivers\Diskdump.sys 2010-10-13 20:04:11 ----D---- C:\Users\***\AppData\Roaming\Microsoft Corporation 2010-10-13 07:14:22 ----A---- C:\Windows\system32\ole32.dll 2010-10-13 07:14:17 ----A---- C:\Windows\system32\mshtml.dll 2010-10-13 07:14:17 ----A---- C:\Windows\system32\iertutil.dll 2010-10-13 07:14:16 ----A---- C:\Windows\system32\ieframe.dll 2010-10-13 07:14:15 ----A---- C:\Windows\system32\wininet.dll 2010-10-13 07:14:15 ----A---- C:\Windows\system32\urlmon.dll 2010-10-13 07:14:15 ----A---- C:\Windows\system32\mstime.dll 2010-10-13 07:14:15 ----A---- C:\Windows\system32\mshtmled.dll 2010-10-13 07:14:15 ----A---- C:\Windows\system32\msfeedssync.exe 2010-10-13 07:14:15 ----A---- C:\Windows\system32\msfeedsbs.dll 2010-10-13 07:14:15 ----A---- C:\Windows\system32\msfeeds.dll 2010-10-13 07:14:15 ----A---- C:\Windows\system32\licmgr10.dll 2010-10-13 07:14:15 ----A---- C:\Windows\system32\jsproxy.dll 2010-10-13 07:14:15 ----A---- C:\Windows\system32\ieui.dll 2010-10-13 07:14:15 ----A---- C:\Windows\system32\iepeers.dll 2010-10-13 07:14:15 ----A---- C:\Windows\system32\iedkcs32.dll 2010-10-13 07:14:04 ----A---- C:\Windows\system32\t2embed.dll 2010-10-13 07:13:57 ----A---- C:\Windows\system32\schannel.dll 2010-10-13 07:13:48 ----A---- C:\Windows\system32\comctl32.dll 2010-10-13 07:13:40 ----A---- C:\Windows\system32\mfc40u.dll 2010-10-13 07:13:40 ----A---- C:\Windows\system32\mfc40.dll 2010-10-13 07:13:31 ----A---- C:\Windows\system32\wmp.dll 2010-10-13 07:13:30 ----A---- C:\Windows\system32\wmploc.DLL 2010-10-13 07:13:21 ----A---- C:\Windows\system32\win32k.sys 2010-10-13 07:13:13 ----A---- C:\Windows\system32\srvsvc.dll 2010-10-13 07:13:13 ----A---- C:\Windows\system32\drivers\srvnet.sys 2010-10-13 07:13:13 ----A---- C:\Windows\system32\drivers\srv2.sys 2010-10-13 07:13:13 ----A---- C:\Windows\system32\drivers\srv.sys 2010-10-13 07:13:05 ----A---- C:\Windows\system32\wmpmde.dll 2010-10-13 07:12:57 ----A---- C:\Windows\system32\StructuredQuery.dll 2010-10-12 17:21:27 ----D---- C:\Program Files\Microsoft ASP.NET 2010-10-12 17:21:23 ----D---- C:\Program Files\IIS 2010-10-12 17:00:16 ----D---- C:\Windows\symbols 2010-10-12 17:00:09 ----D---- C:\Program Files\Common Files\Merge Modules 2010-10-12 16:45:21 ----A---- C:\Windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2010-10-12 16:45:13 ----A---- C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll 2010-10-12 16:44:21 ----D---- C:\Windows\system32\RsFx 2010-10-12 16:43:20 ----D---- C:\Program Files\Microsoft Visual Studio 9.0 2010-10-12 16:43:08 ----D---- C:\Windows\system32\1033 2010-10-12 16:43:08 ----D---- C:\Windows\system32\1031 2010-10-12 16:39:25 ----D---- C:\Program Files\Microsoft SQL Server 2010-10-12 16:39:17 ----D---- C:\Program Files\Microsoft Silverlight 2010-10-12 16:39:04 ----D---- C:\Program Files\Microsoft Synchronization Services 2010-10-12 16:37:11 ----D---- C:\Program Files\Microsoft Visual Studio 10.0 2010-10-12 16:37:11 ----D---- C:\Program Files\Microsoft SDKs 2010-10-12 16:37:11 ----D---- C:\Program Files\Microsoft Help Viewer 2010-09-29 20:16:03 ----A---- C:\Windows\system32\drivers\usbvideo.sys 2010-09-29 20:16:03 ----A---- C:\Windows\system32\drivers\ks.sys 2010-09-29 14:28:55 ----A---- C:\Windows\system32\tzres.dll 2010-09-25 13:13:30 ----D---- C:\Program Files\iPod 2010-09-25 13:13:28 ----D---- C:\Program Files\iTunes 2010-09-25 13:09:14 ----D---- C:\Program Files\QuickTime 2010-09-25 13:07:38 ----D---- C:\Program Files\Bonjour 2010-09-21 13:37:59 ----D---- C:\ProgramData\Solidshield 2010-09-20 20:06:16 ----D---- C:\Users\***\AppData\Roaming\Ubisoft 2010-09-20 20:02:59 ----A---- C:\Windows\system32\drivers\atksgt.sys 2010-09-20 20:02:56 ----A---- C:\Windows\system32\drivers\lirsgt.sys 2010-09-20 20:02:54 ----A---- C:\Windows\system32\d3dx10_41.dll 2010-09-20 20:02:54 ----A---- C:\Windows\system32\D3DCompiler_41.dll 2010-09-20 20:02:53 ----A---- C:\Windows\system32\XAudio2_4.dll 2010-09-20 20:02:53 ----A---- C:\Windows\system32\XAPOFX1_3.dll 2010-09-20 20:02:53 ----A---- C:\Windows\system32\D3DX9_41.dll 2010-09-20 20:02:52 ----A---- C:\Windows\system32\xactengine3_4.dll 2010-09-20 20:02:52 ----A---- C:\Windows\system32\X3DAudio1_6.dll 2010-09-20 20:02:51 ----A---- C:\Windows\system32\D3DX9_40.dll 2010-09-20 20:02:51 ----A---- C:\Windows\system32\D3DCompiler_40.dll 2010-09-20 20:02:50 ----A---- C:\Windows\system32\XAudio2_3.dll 2010-09-20 20:02:50 ----A---- C:\Windows\system32\XAPOFX1_2.dll 2010-09-20 20:02:50 ----A---- C:\Windows\system32\xactengine3_3.dll 2010-09-20 20:02:50 ----A---- C:\Windows\system32\X3DAudio1_5.dll 2010-09-20 20:02:49 ----A---- C:\Windows\system32\XAudio2_2.dll 2010-09-20 20:02:49 ----A---- C:\Windows\system32\XAPOFX1_1.dll 2010-09-20 20:02:49 ----A---- C:\Windows\system32\xactengine3_2.dll 2010-09-20 20:02:48 ----A---- C:\Windows\system32\XAudio2_1.dll 2010-09-20 20:02:48 ----A---- C:\Windows\system32\XAPOFX1_0.dll 2010-09-20 20:02:48 ----A---- C:\Windows\system32\D3DX9_39.dll 2010-09-20 20:02:48 ----A---- C:\Windows\system32\d3dx10_39.dll 2010-09-20 20:02:48 ----A---- C:\Windows\system32\D3DCompiler_39.dll 2010-09-20 20:02:45 ----A---- C:\Windows\system32\xactengine3_1.dll 2010-09-20 20:02:45 ----A---- C:\Windows\system32\X3DAudio1_4.dll 2010-09-20 20:02:45 ----A---- C:\Windows\system32\d3dx10_38.dll 2010-09-20 20:02:45 ----A---- C:\Windows\system32\D3DCompiler_38.dll 2010-09-20 20:02:44 ----A---- C:\Windows\system32\XAudio2_0.dll 2010-09-20 20:02:44 ----A---- C:\Windows\system32\xactengine3_0.dll 2010-09-20 20:02:44 ----A---- C:\Windows\system32\X3DAudio1_3.dll 2010-09-20 20:02:44 ----A---- C:\Windows\system32\D3DX9_38.dll 2010-09-20 20:02:43 ----A---- C:\Windows\system32\d3dx10_37.dll 2010-09-20 20:02:43 ----A---- C:\Windows\system32\D3DCompiler_37.dll 2010-09-20 20:02:42 ----A---- C:\Windows\system32\xactengine2_10.dll 2010-09-20 20:02:42 ----A---- C:\Windows\system32\D3DX9_37.dll 2010-09-20 20:02:41 ----A---- C:\Windows\system32\d3dx10_36.dll 2010-09-20 20:02:41 ----A---- C:\Windows\system32\D3DCompiler_36.dll 2010-09-20 20:02:39 ----A---- C:\Windows\system32\xactengine2_9.dll 2010-09-20 20:02:39 ----A---- C:\Windows\system32\d3dx9_36.dll 2010-09-20 20:02:38 ----A---- C:\Windows\system32\d3dx9_35.dll 2010-09-20 20:02:38 ----A---- C:\Windows\system32\d3dx10_35.dll 2010-09-20 20:02:38 ----A---- C:\Windows\system32\D3DCompiler_35.dll 2010-09-20 20:02:36 ----A---- C:\Windows\system32\xactengine2_8.dll 2010-09-20 20:02:36 ----A---- C:\Windows\system32\X3DAudio1_2.dll 2010-09-20 20:02:36 ----A---- C:\Windows\system32\d3dx9_34.dll 2010-09-20 20:02:36 ----A---- C:\Windows\system32\d3dx10_34.dll 2010-09-20 20:02:36 ----A---- C:\Windows\system32\D3DCompiler_34.dll 2010-09-20 20:02:35 ----A---- C:\Windows\system32\xinput1_3.dll 2010-09-20 20:02:35 ----A---- C:\Windows\system32\xactengine2_7.dll 2010-09-20 20:02:34 ----A---- C:\Windows\system32\xactengine2_6.dll 2010-09-20 20:02:34 ----A---- C:\Windows\system32\d3dx9_33.dll 2010-09-20 20:02:34 ----A---- C:\Windows\system32\d3dx10_33.dll 2010-09-20 20:02:34 ----A---- C:\Windows\system32\D3DCompiler_33.dll 2010-09-20 20:02:33 ----A---- C:\Windows\system32\xactengine2_5.dll 2010-09-20 20:02:33 ----A---- C:\Windows\system32\d3dx10.dll 2010-09-20 20:02:28 ----A---- C:\Windows\system32\xinput1_2.dll 2010-09-20 20:02:28 ----A---- C:\Windows\system32\xactengine2_4.dll 2010-09-20 20:02:28 ----A---- C:\Windows\system32\xactengine2_3.dll 2010-09-20 20:02:28 ----A---- C:\Windows\system32\x3daudio1_1.dll 2010-09-20 20:02:28 ----A---- C:\Windows\system32\d3dx9_31.dll 2010-09-20 20:02:27 ----A---- C:\Windows\system32\xactengine2_2.dll 2010-09-20 20:02:25 ----A---- C:\Windows\system32\xinput1_1.dll 2010-09-20 20:02:25 ----A---- C:\Windows\system32\xactengine2_1.dll 2010-09-20 20:02:09 ----A---- C:\Windows\system32\xactengine2_0.dll 2010-09-20 20:02:09 ----A---- C:\Windows\system32\x3daudio1_0.dll 2010-09-20 20:02:09 ----A---- C:\Windows\system32\d3dx9_30.dll 2010-09-20 20:02:09 ----A---- C:\Windows\system32\d3dx9_29.dll 2010-09-20 20:02:08 ----A---- C:\Windows\system32\d3dx9_28.dll 2010-09-20 20:02:08 ----A---- C:\Windows\system32\d3dx9_27.dll 2010-09-20 20:02:08 ----A---- C:\Windows\system32\d3dx9_26.dll 2010-09-20 20:02:07 ----A---- C:\Windows\system32\d3dx9_25.dll 2010-09-20 20:02:06 ----A---- C:\Windows\system32\d3dx9_24.dll 2010-09-20 19:53:44 ----D---- C:\Program Files\Ubisoft 2010-09-20 19:46:39 ----D---- C:\Users\***\AppData\Roaming\TubeBox 2010-09-20 19:46:22 ----D---- C:\Program Files\Jens Lorek 2010-09-15 16:07:02 ----D---- C:\Users\***\AppData\Roaming\gtk-2.0 2010-09-15 16:00:03 ----D---- C:\Program Files\GIMP-2.0 2010-09-15 14:19:08 ----A---- C:\Windows\system32\spoolsv.exe 2010-08-30 15:17:44 ----D---- C:\Users\***\AppData\Roaming\Steganos 2010-08-30 15:16:41 ----D---- C:\Program Files\Steganos Password Manager Free 11 2010-08-30 13:55:43 ----D---- C:\Users\***\AppData\Roaming\KeePass 2010-08-30 13:48:56 ----D---- C:\Program Files\KeePass Password Safe 2 2010-08-27 13:12:11 ----D---- C:\Program Files\CCleaner 2010-08-25 18:46:02 ----A---- C:\Windows\system32\TVWSetup.exe 2010-08-25 18:45:44 ----A---- C:\Windows\system32\igfxtray.exe 2010-08-25 18:45:42 ----A---- C:\Windows\system32\igfxsrvc.exe 2010-08-25 18:45:40 ----A---- C:\Windows\system32\igfxpers.exe 2010-08-25 18:45:38 ----A---- C:\Windows\system32\igfxext.exe 2010-08-25 18:45:36 ----A---- C:\Windows\system32\hkcmd.exe 2010-08-25 18:45:32 ----A---- C:\Windows\system32\GfxUI.exe 2010-08-25 18:39:46 ----A---- C:\Windows\system32\igfxCoIn_v2202.dll 2010-08-25 18:31:30 ----A---- C:\Windows\system32\drivers\igdkmd32.sys 2010-08-25 18:09:34 ----A---- C:\Windows\system32\ig4icd32.dll 2010-08-25 18:00:00 ----A---- C:\Windows\system32\igfxpph.dll 2010-08-25 18:00:00 ----A---- C:\Windows\system32\igfxexps.dll 2010-08-25 17:59:58 ----A---- C:\Windows\system32\igfxTMM.dll 2010-08-25 17:59:24 ----A---- C:\Windows\system32\igfxdo.dll 2010-08-25 17:59:10 ----A---- C:\Windows\system32\gfxSrvc.dll 2010-08-25 17:59:08 ----A---- C:\Windows\system32\IGFXDEVLib.dll 2010-08-25 17:59:06 ----A---- C:\Windows\system32\igfxress.dll 2010-08-25 07:00:16 ----A---- C:\Windows\system32\oleaut32.dll 2010-08-11 18:15:47 ----A---- C:\Windows\system32\drivers\tcpip.sys 2010-08-11 18:15:13 ----A---- C:\Windows\system32\ir32_32.dll 2010-08-11 18:15:13 ----A---- C:\Windows\system32\iccvid.dll 2010-08-11 18:15:05 ----A---- C:\Windows\system32\rtutils.dll 2010-08-11 18:14:56 ----A---- C:\Windows\system32\msxml3.dll 2010-08-11 18:14:40 ----A---- C:\Windows\system32\ntoskrnl.exe 2010-08-11 18:14:40 ----A---- C:\Windows\system32\ntkrnlpa.exe 2010-08-10 17:06:34 ----D---- C:\Program Files\ANNO1602 2010-08-10 16:52:58 ----D---- C:\Windows\UbiSoft 2010-08-07 20:14:14 ----A---- C:\Windows\system32\shell32.dll ======List of files/folders modified in the last 3 months====== 2010-11-03 15:40:05 ----D---- C:\Program Files\Trend Micro 2010-11-03 15:38:41 ----D---- C:\Windows\Temp 2010-11-03 15:34:13 ----SHD---- C:\System Volume Information 2010-11-03 15:31:17 ----D---- C:\Windows\system32\config 2010-11-02 19:23:05 ----D---- C:\Users\***\AppData\Roaming\Skype 2010-11-01 14:28:17 ----D---- C:\Windows\System32 2010-11-01 14:28:17 ----D---- C:\Windows\inf 2010-11-01 14:28:17 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-11-01 13:54:02 ----D---- C:\Program Files\AutocompletePro 2010-10-31 10:44:28 ----D---- C:\Windows 2010-10-30 12:10:04 ----D---- C:\Windows\system32\drivers 2010-10-30 12:10:03 ----D---- C:\Windows\system32\DriverStore 2010-10-30 12:10:03 ----D---- C:\Windows\system32\catroot 2010-10-30 11:17:32 ----D---- C:\Users\***\AppData\Roaming\skypePM 2010-10-29 17:10:42 ----D---- C:\Users\***\AppData\Roaming\SoftGrid Client 2010-10-29 16:27:10 ----D---- C:\Program Files\Mozilla Firefox 2010-10-29 11:18:29 ----SHD---- C:\Windows\Installer 2010-10-29 10:28:23 ----D---- C:\Windows\system32\catroot2 2010-10-28 19:53:04 ----D---- C:\Windows\Microsoft.NET 2010-10-28 13:55:33 ----RSD---- C:\Windows\assembly 2010-10-28 12:42:44 ----HD---- C:\Config.Msi 2010-10-28 12:38:38 ----A---- C:\Windows\system32\deployJava1.dll 2010-10-28 12:30:13 ----D---- C:\Windows\winsxs 2010-10-28 12:28:27 ----D---- C:\Program Files\Java 2010-10-28 12:28:27 ----D---- C:\Program Files\Common Files\Java 2010-10-27 20:27:18 ----D---- C:\Windows\ehome 2010-10-27 20:27:09 ----D---- C:\Windows\AppPatch 2010-10-27 16:51:55 ----HD---- C:\ProgramData 2010-10-27 16:51:53 ----RD---- C:\Program Files 2010-10-26 18:39:09 ----D---- C:\Windows\system32\NDF 2010-10-21 18:35:20 ----D---- C:\Windows\rescache 2010-10-19 10:41:44 ----N---- C:\Windows\system32\MpSigStub.exe 2010-10-13 15:23:06 ----D---- C:\Windows\system32\migration 2010-10-13 15:23:06 ----D---- C:\Program Files\Internet Explorer 2010-10-13 15:23:04 ----D---- C:\Program Files\Windows Media Player 2010-10-13 13:29:20 ----SD---- C:\ProgramData\Microsoft 2010-10-13 13:27:03 ----A---- C:\Windows\system32\MRT.exe 2010-10-12 17:20:46 ----SD---- C:\Users\***\AppData\Roaming\Microsoft 2010-10-12 17:19:37 ----D---- C:\Program Files\Common Files\microsoft shared 2010-10-12 17:00:09 ----D---- C:\Program Files\MSBuild 2010-10-12 17:00:09 ----D---- C:\Program Files\Common Files 2010-10-12 16:42:54 ----D---- C:\Program Files\Microsoft.NET 2010-10-12 16:39:04 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition 2010-10-12 16:35:38 ----D---- C:\Windows\system32\de-DE 2010-10-09 12:41:26 ----D---- C:\Users\***\AppData\Roaming\ICQ 2010-10-08 18:49:59 ----SHD---- C:\$RECYCLE.BIN 2010-10-08 18:49:53 ----RD---- C:\Users 2010-09-28 13:16:18 ----D---- C:\Program Files\Google 2010-09-27 15:24:40 ----D---- C:\Windows\system32\Tasks 2010-09-25 13:13:29 ----D---- C:\Program Files\Common Files\Apple 2010-09-25 10:52:33 ----D---- C:\Program Files\Steam 2010-09-20 20:18:33 ----HD---- C:\Program Files\InstallShield Installation Information 2010-09-20 20:00:32 ----D---- C:\Windows\Logs 2010-09-18 14:22:12 ----D---- C:\Program Files\Common Files\Steam 2010-09-12 00:04:46 ----D---- C:\Program Files\Camera Assistant Software for Toshiba 2010-09-08 20:03:50 ----D---- C:\Program Files\Safari 2010-09-04 16:45:21 ----D---- C:\Windows\system32\wdi 2010-08-30 13:16:46 ----D---- C:\Windows\Prefetch 2010-08-25 18:31:30 ----A---- C:\Windows\system32\igdumd32.dll 2010-08-25 18:28:22 ----A---- C:\Windows\system32\igdumdx32.dll 2010-08-25 18:23:14 ----A---- C:\Windows\system32\igd10umd32.dll 2010-08-25 17:59:42 ----A---- C:\Windows\system32\igfxsrvc.dll 2010-08-25 17:59:16 ----A---- C:\Windows\system32\hccutils.dll 2010-08-25 17:59:06 ----A---- C:\Windows\system32\igfxdev.dll 2010-08-23 15:34:54 ----D---- C:\Program Files\ICQ7.0 2010-08-11 22:16:31 ----D---- C:\Program Files\Microsoft Works ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2008-04-15 312344] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648] R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 23640] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-11-02 126856] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128] R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-09-20 281760] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-11-02 60936] R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-09-20 25888] R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-13 1035776] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-09-21 1218048] R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-08-25 9024512] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-09 2095512] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048] R3 sftfs;sftfs; \??\C:\Program Files\Microsoft Application Virtualization Client\drivers\sftfslh.sys [2009-09-23 543064] R3 sftplay;sftplay; \??\C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys [2009-09-23 190312] R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2009-09-23 21848] R3 sftvol;sftvol; \??\C:\Program Files\Microsoft Application Virtualization Client\drivers\sftvollh.sys [2009-09-23 14680] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-08-14 203312] R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2008-07-15 17960] R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336] S1 jswpslwf;JumpStart Wireless Filter Driver; C:\Windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384] S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704] S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720] S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888] S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072] S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 16384] S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864] S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [] S3 EagleXNt;EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [] S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368] S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-04-15 118784] S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-04-02 62976] S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-04-19 41984] S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840] S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328] S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944] S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920] S3 XDva289;XDva289; \??\C:\Windows\system32\XDva289.sys [] S4 RsFx0103;RsFx0103 Driver; C:\Windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-11-02 267944] R2 Bonjour Service;Dienst "Bonjour"; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376] R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712] R2 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448] R2 cvhsvc;Client Virtualization Handler; C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2009-09-26 819600] R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392] R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 sftlist;Application Virtualization Client; C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [2009-09-23 447832] R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840] R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-06-28 173352] R2 TempoMonitoringService;Notebook Performance Tuning Service ; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720] R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992] R3 sftvsa;Application Virtualization Service Agent; C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [2009-09-23 203608] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-20 182768] S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-09-24 820008] S3 jswpsapi;Jumpstart Wifi Protected Setup; C:\Program Files\Jumpstart\jswpsapi.exe [2008-04-16 954368] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2009-09-26 149336] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136] S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-08-13 144672] S4 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-11 135664] S4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 47128] S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936] S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808] S4 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-07-28 407336] -----------------EOF----------------- |
|
04.11.2010, 04:09
| #22 |
| /// Helfer-Team | HTML/Rce.Gen Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen 1. Um dein System flotter machen, kannst Du es von unnötigen Aufgaben befreien... unter Start> Zubehör> Systemprogramme> Aufgabenplaner die Aufgabenplanung zu starten: Aufgabenplanung: Task-Scheduler Code:
ATTFilter C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählen→ Häckhen setzen→ "Fix checked" klicken→ PC neu aufstarten): HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen Code:
ATTFilter R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
poste erneut - nach der vorgenommenen Reinigungsaktion: TrendMicro™ HijackThis™ -Logfile wie läuft denn jetzt? |
|
04.11.2010, 13:14
| #23 |
| | HTML/Rce.Gen Ich bin mir jetzt unsicher, welches Log ich genau posten soll, deshalb poste ich mal alle 3. [CODE]info.txtRSIT Logfile: Code:
ATTFilter logfile of random's system information tool 1.08 2010-11-04 13:05:48
======Uninstall list======
32 Bit HP CIO Components Installer-->MsiExec.exe /I{859D40CF-8491-44AD-8FA8-7389CB418C64}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}
4Story 3.4-->"C:\Program Files\Gameforge4D\4Story\unins000.exe"
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
Advertising Center-->MsiExec.exe /X{b2ec4a38-b545-4a00-8214-13fe0e915e6d}
ANNO 1404 - Venedig-->"C:\Program Files\InstallShield Installation Information\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}\setup.exe" -runfromtemp -l0x0007 -removeonly
ANNO 1404-->"C:\Program Files\InstallShield Installation Information\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}\setup.exe" -runfromtemp -l0x0007 -removeonly
ANNO 1602-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F7CAD9-2316-4701-B5CA-E90FD60029E9}\SETUP.exe"
Apple Application Support-->MsiExec.exe /I{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}
Apple Mobile Device Support-->MsiExec.exe /I{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
Atheros Driver Installation Program-->C:\Program Files\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe -runfromtemp -l0x0007
Atheros Wi-Fi Protected Setup Library-->C:\Program Files\InstallShield Installation Information\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}\setup.exe -runfromtemp -l0x0007 -removeonly
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Audiosurf-->"C:\Program Files\Steam\steam.exe" steam://uninstall/12900
AutocompletePro-->"C:\Program Files\AutocompletePro\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bonjour-->MsiExec.exe /X{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}
Camera Assistant Software for Toshiba-->C:\Program Files\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe -runfromtemp -l0x0007
Canon iP3300 Benutzerregistrierung-->C:\Program Files\Canon\IJEREG\iP3300\UNINST.EXE
Canon iP3300-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3300\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3300 /L0x0007
Canon Setup Utility 2.3-->"C:\Program Files\Canon\Canon Setup Utility 2.3\Maint.exe" /Uninstall C:\Program Files\Canon\Canon Setup Utility 2.3\uninst.ini
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Canon Utilities Easy-PrintToolBox-->C:\Windows\BJPSUNST.EXE
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer-->C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe -runfromtemp -l0x0007 -removeonly
Command & Conquer Teil 3: Operation Tiberian Sun-->C:\Westwood\SUN\Uninstll.EXE
dBpowerAMP Music Converter-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
Driver Detective-->MsiExec.exe /X{4640FDE1-B83A-4376-84ED-86F86BEE2D41}
Easy-WebPrint-->C:\Windows\IsUn0407.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Free iPad Video Converter 3.7.0.1-->"C:\Program Files\Free iPad Video Converter\unins000.exe"
Free Video to MP3 Converter version 4.0-->"C:\Program Files\DVDVideoSoft\Free Video to MP3 Converter\unins000.exe"
GIMP 2.6.10-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\7.0.517.41\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /X{4286E640-B5FB-11DF-AC4B-005056C00008}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_AC0049E063DE2AEA.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
HP Customer Participation Program 13.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot
HP Deskjet F4500 Printer Driver Software 13.0 Rel .6-->C:\Program Files\HP\Digital Imaging\{7F08A772-2816-4F46-84F1-49578502AD28}\setup\hpzscr01.exe -datfile hposcr46.dat -onestop -forcereboot
HP Imaging Device Functions 13.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Print Projects 1.0-->C:\Program Files\HP\Digital Imaging\HPPrintProjects\hpzscr01.exe -datfile hpqbud19.dat
HP Smart Web Printing 4.60-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 13.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}
HyperCam 2-->"C:\Program Files\HyCam2\UnHyCam2.exe"
ICQ7-->"C:\Program Files\InstallShield Installation Information\{88EB38EF-4D2C-436D-ABD3-56B232674062}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) TV Wizard-->C:\Windows\system32\TVWizudlg.exe -uninstall
Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
iTunes-->MsiExec.exe /I{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 4 Client Profile DEU Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1031 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile DEU Language Pack-->MsiExec.exe /X{F750C986-5310-3A5A-95F8-4EC71C8AC01C}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft .NET Framework 4 Extended DEU Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ExtendedLP\Setup.exe /repair /x86 /lcid 1031 /parameterfolder ExtendedLP
Microsoft .NET Framework 4 Extended DEU Language Pack-->MsiExec.exe /X{C911A0C2-2236-3164-AA47-F2566C01AE5E}
Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702}
Microsoft .NET Framework 4 Multi-Targeting Pack-->MsiExec.exe /I{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}
Microsoft ASP.NET MVC 2 - DEU-->MsiExec.exe /X{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools - DEU-->MsiExec.exe /X{2CE77981-14DE-4773-8106-27C9C964720C}
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools-->MsiExec.exe /X{5BDFAB82-060E-438B-AB4F-A2331B2294C0}
Microsoft ASP.NET MVC 2-->MsiExec.exe /X{1803A630-3C38-4D2B-9B9A-0CB37243539C}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Help Viewer 1.0 Language Pack - DEU-->C:\Program Files\Microsoft Help Viewer\v1.0\Microsoft Help Viewer 1.0 Language Pack - DEU\install.exe
Microsoft Help Viewer 1.0 Language Pack - DEU-->MsiExec.exe /X{1D328E11-3B0C-388C-835D-C9C20E8C7734}
Microsoft Help Viewer 1.0-->C:\Program Files\Microsoft Help Viewer\v1.0\Microsoft Help Viewer 1.0\install.exe
Microsoft Help Viewer 1.0-->MsiExec.exe /X{47C39E4A-28F2-33B1-B9B7-97F24E52D917}
Microsoft Office Click-to-Run 2010 (Beta)-->"C:\PROGRA~1\COMMON~1\MICROS~1\VIRTUA~1\CVHBS.EXE" /removeall
Microsoft Office Click-to-Run 2010 (Beta)-->MsiExec.exe /I{20140000-006D-0407-0000-0000000FF1CE}
Microsoft Office Home and Business 2010 (Beta) - Deutsch-->C:\Program Files\Common Files\microsoft shared\virtualization handler\cvhbs.exe /uninstall {20140062-0062-0407-0000-0000000FF1CE}
Microsoft Silverlight 3 SDK - Deutsch-->MsiExec.exe /X{91F54E1D-804A-46D8-A56C-53EA9C4B3177}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server 2008 Browser-->MsiExec.exe /X{4AF2248C-B3DF-46FB-9596-87F5DB193689}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{4A6F34E2-09E5-4616-B227-4A26A488A6F9}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{5BD39911-A12F-4562-98BA-A6E03E3370B1}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{477415F5-93DA-46AA-85C5-640047825995}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{F3494AB6-6900-41C6-AF57-823626827ED8}
Microsoft SQL Server 2008 Native Client-->MsiExec.exe /I{1C2B3CEA-482E-4453-B3E2-C9731337828A}
Microsoft SQL Server 2008 R2 Management Objects-->MsiExec.exe /I{A106D33E-6B43-42C0-9BFC-D03303261FA7}
Microsoft SQL Server 2008 RsFx Driver-->MsiExec.exe /I{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}
Microsoft SQL Server 2008-->"C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /x86
Microsoft SQL Server 2008-->"C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /X86
Microsoft SQL Server Compact 3.5 SP2 DEU-->MsiExec.exe /I{0125D081-30D0-4A97-82A8-C28D444B6256}
Microsoft SQL Server Database Publishing Wizard 1.4-->MsiExec.exe /I{ACE28263-76A4-4BF5-B6F4-8BD719595969}
Microsoft SQL Server System CLR Types-->MsiExec.exe /I{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{D074DC76-F6C9-440E-A1D0-1DE958417FDB}
Microsoft Visual Basic 2010 Express - DEU-->C:\Program Files\Microsoft Visual Studio 10.0\Microsoft Visual Basic 2010 Express - DEU\setup.exe
Microsoft Visual Basic 2010 Express - DEU-->MsiExec.exe /X{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}
Microsoft Visual C# 2010 Express - DEU-->C:\Program Files\Microsoft Visual Studio 10.0\Microsoft Visual C# 2010 Express - DEU\setup.exe
Microsoft Visual C# 2010 Express - DEU-->MsiExec.exe /X{D81641E8-ABF1-3D07-803B-60E8FC619368}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974-->MsiExec.exe /X{B7E38540-E355-3503-AFD7-635B2F2F76E1}
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319-->MsiExec.exe /X{6A86554B-8928-30E4-A53C-D7337689134D}
Microsoft Visual C++ 2010 Express - DEU-->C:\Program Files\Microsoft Visual Studio 10.0\Microsoft Visual C++ 2010 Express - DEU\setup.exe
Microsoft Visual C++ 2010 Express - DEU-->MsiExec.exe /X{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools-->MsiExec.exe /X{616C6F39-4CE1-3434-A665-2F6A04C09A7F}
Microsoft Visual Web Developer 2010 Express - DEU-->C:\Program Files\Microsoft Visual Studio 10.0\Microsoft Visual Web Developer 2010 Express - DEU\setup.exe
Microsoft Visual Web Developer 2010 Express - DEU-->MsiExec.exe /X{638AA518-6A32-33CC-B88F-BCD20B2DCF2E}
Microsoft Works-->MsiExec.exe /I{39D0E034-1042-4905-BECB-5502909FCB7C}
Mozilla Firefox (3.6.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
myphotobook 3.6-->C:\Program Files\myphotobook\uninst.exe
Nero 9 Essentials-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="XM02-508X-MHAT-19WU-9Z3Z-0CH0-3U6E-85W5-MMHH-6647-1Z5L-7M8C-0U45-758P-0000"
Nero ControlCenter-->MsiExec.exe /X{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}
Nero Installer-->MsiExec.exe /X{e8a80433-302b-4ff1-815d-fcc8eac482ff}
Nero Online Upgrade-->MsiExec.exe /X{dba84796-8503-4ff0-af57-1747dd9a166d}
Nero StartSmart OEM-->MsiExec.exe /X{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}
Nero StartSmart-->MsiExec.exe /X{7748ac8c-18e3-43bb-959b-088faea16fb2}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
OpenOffice.org 3.2-->MsiExec.exe /I{192A107E-C6B9-41B9-BDBF-38E3AA226054}
Opera 10.60-->MsiExec.exe /X{1D2C96C3-A3F3-49E7-B839-95279DED837F}
QuickTime-->MsiExec.exe /I{E7004147-2CCA-431C-AA05-2AB166B9785D}
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly
Safari-->MsiExec.exe /I{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7A2C18A1-D2A2-3177-82F1-5FE9CC08ECB0} /parameterfolder Extended
Service Pack 1 für SQL Server 2008 (KB 968369)-->"C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB968369\ServicePack\setup.exe" /Action=RemovePatch /AllInstances
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Sql Server Customer Experience Improvement Program-->MsiExec.exe /I{C965F01C-76EA-4BD7-973E-46236AE312D7}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Steganos Password Manager Free-->C:\Program Files\Steganos Password Manager Free 11\uninstall.exe
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamViewer 5-->C:\Program Files\TeamViewer\Version5\uninstall.exe
TOSHIBA Assist-->C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe -runfromtemp -l0x0007 -removeonly
TOSHIBA Benutzerhandbücher-->C:\Program Files\InstallShield Installation Information\{1C971EE3-B4C4-4367-9676-57549919C6CE}\setup.exe -runfromtemp -l0x0007 -removeonly
TOSHIBA ConfigFree-->MsiExec.exe /X{F3529665-D75E-4D6D-98F0-745C78C68E9B}
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0407
TOSHIBA Hardware Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2883F6F5-0509-43F3-868C-D50330DD9DD3}\setup.exe" -l0x7
Toshiba Online Product Information-->C:\Program Files\InstallShield Installation Information\{2290A680-4083-410A-ADCC-7092C67FC052}\setup.exe -runfromtemp -l0x0007 -removeonly
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Supervisor Password-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}\setup.exe" -l0x7
Toshiba TEMPRO-->MsiExec.exe /X{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}
TRDCReminder-->C:\Program Files\InstallShield Installation Information\{773970F1-5EBA-4474-ADEE-1EA3B0A59492}\setup.exe -runfromtemp -l0x0407
TRORDCLauncher-->C:\Program Files\InstallShield Installation Information\{E65C7D8E-186D-484B-BEA8-DEF0331CE600}\setup.exe -runfromtemp -l0x0407
TubeBox!-->MsiExec.exe /I{8DB77BE4-629D-458D-BD68-9F36667C2177}
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Unterstützungsdateien für Microsoft SQL Server 2008-Setup -->MsiExec.exe /X{9AA2D735-3375-42D4-9A61-3FFEF82599D6}
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU-->MsiExec.exe /X{CFCB8616-A5D1-4281-80E8-389F685BFAE2}
Web Deployment Tool-->MsiExec.exe /I{0F37D969-1260-419E-B308-EF7D29ABDE20}
Windows 7 Upgrade Advisor-->MsiExec.exe /I{9A4D182C-35C7-4791-8484-4304EBC9101A}
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Communications Platform-->MsiExec.exe /I{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{CAFA57E8-8927-4912-AFCF-B0AA3837E989}
Windows Live Fotogalerie-->MsiExec.exe /X{850C7BD3-9F3F-46AD-9396-E7985B38C55E}
Windows Live Movie Maker-->MsiExec.exe /X{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}
Windows Live Sync-->MsiExec.exe /X{586509F0-350D-48B5-B763-9CC2F8D96C4C}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
======System event log======
Computer Name: ***-PC
Event Code: 26
Message: Prozessor 1 in Gruppe 0 weist Folgendes auf:
2 inaktive Zustände
3 Leistungszustände
8 Drosselungszustände
Record Number: 159164
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20100627102307.402820-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: ***-PC
Event Code: 26
Message: Prozessor 0 in Gruppe 0 weist Folgendes auf:
2 inaktive Zustände
3 Leistungszustände
8 Drosselungszustände
Record Number: 159163
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20100627102307.402820-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: ***-PC
Event Code: 89
Message: Die ACPI-Thermozone ACPI\ThermalZone\THRM wurde aufgelistet.
_PSV = 387K
_TC1 = 2
_TC2 = 5
_TSP = 30000ms
_AC0 = 343K
_AC1 = 0K
_AC2 = 0K
_AC3 = 0K
_AC4 = 0K
_AC5 = 0K
_AC6 = 0K
_AC7 = 0K
_AC8 = 0K
_AC9 = 0K
_CRT = 387K
_HOT = 0K
_PSL - siehe Ereignisdaten.
Record Number: 159162
Source Name: Microsoft-Windows-Kernel-Power
Time Written: 20100627102305.562017-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: ***-PC
Event Code: 17
Message: avipbb.sys version 10.0.2.6 successfully loaded
Record Number: 159161
Source Name: avipbb
Time Written: 20100627102303.861614-000
Event Type: Informationen
User:
Computer Name: ***-PC
Event Code: 6
Message: Der Dateisystemfilter "FileInfo" (6.1, ?2009?-?07?-?14T01:21:51.000000000Z) wurde erfolgreich geladen und im Filter-Manager registriert.
Record Number:
Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by *** at 2010-11-04 13:07:55 Microsoft Windows 7 Home Premium System drive C: has 108 GB (57%) free of 191 GB Total RAM: 2940 MB (58% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:07:56, on 04.11.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16671) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\***\Desktop\RSIT.exe C:\Program Files\trend micro\***.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user') O9 - Extra button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- End of file - 4063 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-14 1348904] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-11-02 281768] ""= [] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-04-08 6037504] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-08-25 136216] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-08-25 171032] "Persistence"=C:\Windows\system32\igfxpers.exe [2010-08-25 170520] " Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952] "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-09-21 47904] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-09-21 47904] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2008-09-26 417792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [2008-05-28 20480] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2010-06-09 49208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2010-09-24 421160] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe [2010-09-02 13351304] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] C:\Windows\Skytel.exe [2007-11-20 1826816] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-08-11 68856] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2007-07-10 581632] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [2008-01-11 574864] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe [2008-04-24 103824] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2009-05-21 275768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2010-08-25 228864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "legalnoticetext"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-11-01 13:44:51 ----A---- C:\Windows\system32\hjtscanlist.txt 2010-10-29 15:58:56 ----D---- C:\Windows\pss 2010-10-28 12:38:55 ----A---- C:\Windows\system32\javaws.exe 2010-10-28 12:38:55 ----A---- C:\Windows\system32\javaw.exe 2010-10-28 12:38:55 ----A---- C:\Windows\system32\java.exe 2010-10-27 16:52:30 ----D---- C:\Users\***\AppData\Roaming\Malwarebytes 2010-10-27 16:51:58 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys 2010-10-27 16:51:55 ----D---- C:\ProgramData\Malwarebytes 2010-10-27 16:51:54 ----A---- C:\Windows\system32\drivers\mbam.sys 2010-10-27 16:51:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-10-27 14:37:36 ----D---- C:\rsit 2010-10-27 14:35:31 ----A---- C:\Windows\system32\msdri.dll 2010-10-27 14:35:31 ----A---- C:\Windows\system32\CPFilters.dll 2010-10-27 14:35:21 ----A---- C:\Windows\system32\drivers\Diskdump.sys 2010-10-13 20:04:11 ----D---- C:\Users\***\AppData\Roaming\Microsoft Corporation 2010-10-13 07:14:22 ----A---- C:\Windows\system32\ole32.dll 2010-10-13 07:14:17 ----A---- C:\Windows\system32\mshtml.dll 2010-10-13 07:14:17 ----A---- C:\Windows\system32\iertutil.dll 2010-10-13 07:14:16 ----A---- C:\Windows\system32\ieframe.dll 2010-10-13 07:14:15 ----A---- C:\Windows\system32\wininet.dll 2010-10-13 07:14:15 ----A---- C:\Windows\system32\urlmon.dll 2010-10-13 07:14:15 ----A---- C:\Windows\system32\mstime.dll 2010-10-13 07:14:15 ----A---- C:\Windows\system32\mshtmled.dll 2010-10-13 07:14:15 ----A---- C:\Windows\system32\msfeedssync.exe 2010-10-13 07:14:15 ----A---- C:\Windows\system32\msfeedsbs.dll 2010-10-13 07:14:15 ----A---- C:\Windows\system32\msfeeds.dll 2010-10-13 07:14:15 ----A---- C:\Windows\system32\licmgr10.dll 2010-10-13 07:14:15 ----A---- C:\Windows\system32\jsproxy.dll 2010-10-13 07:14:15 ----A---- C:\Windows\system32\ieui.dll 2010-10-13 07:14:15 ----A---- C:\Windows\system32\iepeers.dll 2010-10-13 07:14:15 ----A---- C:\Windows\system32\iedkcs32.dll 2010-10-13 07:14:04 ----A---- C:\Windows\system32\t2embed.dll 2010-10-13 07:13:57 ----A---- C:\Windows\system32\schannel.dll 2010-10-13 07:13:48 ----A---- C:\Windows\system32\comctl32.dll 2010-10-13 07:13:40 ----A---- C:\Windows\system32\mfc40u.dll 2010-10-13 07:13:40 ----A---- C:\Windows\system32\mfc40.dll 2010-10-13 07:13:31 ----A---- C:\Windows\system32\wmp.dll 2010-10-13 07:13:30 ----A---- C:\Windows\system32\wmploc.DLL 2010-10-13 07:13:21 ----A---- C:\Windows\system32\win32k.sys 2010-10-13 07:13:13 ----A---- C:\Windows\system32\srvsvc.dll 2010-10-13 07:13:13 ----A---- C:\Windows\system32\drivers\srvnet.sys 2010-10-13 07:13:13 ----A---- C:\Windows\system32\drivers\srv2.sys 2010-10-13 07:13:13 ----A---- C:\Windows\system32\drivers\srv.sys 2010-10-13 07:13:05 ----A---- C:\Windows\system32\wmpmde.dll 2010-10-13 07:12:57 ----A---- C:\Windows\system32\StructuredQuery.dll 2010-10-12 17:21:27 ----D---- C:\Program Files\Microsoft ASP.NET 2010-10-12 17:21:23 ----D---- C:\Program Files\IIS 2010-10-12 17:00:16 ----D---- C:\Windows\symbols 2010-10-12 17:00:09 ----D---- C:\Program Files\Common Files\Merge Modules 2010-10-12 16:45:21 ----A---- C:\Windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2010-10-12 16:45:13 ----A---- C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll 2010-10-12 16:44:21 ----D---- C:\Windows\system32\RsFx 2010-10-12 16:43:20 ----D---- C:\Program Files\Microsoft Visual Studio 9.0 2010-10-12 16:43:08 ----D---- C:\Windows\system32\1033 2010-10-12 16:43:08 ----D---- C:\Windows\system32\1031 2010-10-12 16:39:25 ----D---- C:\Program Files\Microsoft SQL Server 2010-10-12 16:39:17 ----D---- C:\Program Files\Microsoft Silverlight 2010-10-12 16:39:04 ----D---- C:\Program Files\Microsoft Synchronization Services 2010-10-12 16:37:11 ----D---- C:\Program Files\Microsoft Visual Studio 10.0 2010-10-12 16:37:11 ----D---- C:\Program Files\Microsoft SDKs 2010-10-12 16:37:11 ----D---- C:\Program Files\Microsoft Help Viewer ======List of files/folders modified in the last 1 months====== 2010-11-04 13:07:56 ----D---- C:\Program Files\Trend Micro 2010-11-04 13:05:04 ----D---- C:\Windows\Temp 2010-11-04 13:00:17 ----D---- C:\Windows\System32 2010-11-04 12:47:21 ----SHD---- C:\System Volume Information 2010-11-04 12:44:47 ----D---- C:\Windows\system32\config 2010-11-03 21:06:48 ----SHD---- C:\Windows\Installer 2010-11-03 21:06:48 ----HD---- C:\Config.Msi 2010-11-02 19:23:05 ----D---- C:\Users\***\AppData\Roaming\Skype 2010-11-01 14:28:17 ----D---- C:\Windows\inf 2010-11-01 14:28:17 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-11-01 13:54:02 ----D---- C:\Program Files\AutocompletePro 2010-10-31 10:44:28 ----D---- C:\Windows 2010-10-30 12:10:04 ----D---- C:\Windows\system32\drivers 2010-10-30 12:10:03 ----D---- C:\Windows\system32\DriverStore 2010-10-30 12:10:03 ----D---- C:\Windows\system32\catroot 2010-10-30 11:17:32 ----D---- C:\Users\***\AppData\Roaming\skypePM 2010-10-29 17:10:42 ----D---- C:\Users\***\AppData\Roaming\SoftGrid Client 2010-10-29 16:27:10 ----D---- C:\Program Files\Mozilla Firefox 2010-10-29 10:28:23 ----D---- C:\Windows\system32\catroot2 2010-10-28 19:53:04 ----D---- C:\Windows\Microsoft.NET 2010-10-28 13:55:33 ----RSD---- C:\Windows\assembly 2010-10-28 12:38:38 ----A---- C:\Windows\system32\deployJava1.dll 2010-10-28 12:30:13 ----D---- C:\Windows\winsxs 2010-10-28 12:28:27 ----D---- C:\Program Files\Java 2010-10-28 12:28:27 ----D---- C:\Program Files\Common Files\Java 2010-10-27 20:27:18 ----D---- C:\Windows\ehome 2010-10-27 20:27:09 ----D---- C:\Windows\AppPatch 2010-10-27 16:51:55 ----HD---- C:\ProgramData 2010-10-27 16:51:53 ----RD---- C:\Program Files 2010-10-26 18:39:09 ----D---- C:\Windows\system32\NDF 2010-10-21 18:35:20 ----D---- C:\Windows\rescache 2010-10-19 19:25:30 ----D---- C:\Users\***\AppData\Roaming\gtk-2.0 2010-10-19 10:41:44 ----N---- C:\Windows\system32\MpSigStub.exe 2010-10-13 15:23:06 ----D---- C:\Windows\system32\migration 2010-10-13 15:23:06 ----D---- C:\Program Files\Internet Explorer 2010-10-13 15:23:04 ----D---- C:\Program Files\Windows Media Player 2010-10-13 13:29:20 ----SD---- C:\ProgramData\Microsoft 2010-10-13 13:27:03 ----A---- C:\Windows\system32\MRT.exe 2010-10-12 17:20:46 ----SD---- C:\Users\***\AppData\Roaming\Microsoft 2010-10-12 17:19:37 ----D---- C:\Program Files\Common Files\microsoft shared 2010-10-12 17:00:09 ----D---- C:\Program Files\MSBuild 2010-10-12 17:00:09 ----D---- C:\Program Files\Common Files 2010-10-12 16:42:54 ----D---- C:\Program Files\Microsoft.NET 2010-10-12 16:39:04 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition 2010-10-12 16:35:38 ----D---- C:\Windows\system32\de-DE 2010-10-09 12:41:26 ----D---- C:\Users\***\AppData\Roaming\ICQ 2010-10-08 18:49:59 ----SHD---- C:\$RECYCLE.BIN 2010-10-08 18:49:53 ----RD---- C:\Users ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2008-04-15 312344] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648] R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 23640] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-11-02 126856] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128] R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-09-20 281760] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-11-02 60936] R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-09-20 25888] R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-13 1035776] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-09-21 1218048] R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-08-25 9024512] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-09 2095512] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048] R3 sftfs;sftfs; \??\C:\Program Files\Microsoft Application Virtualization Client\drivers\sftfslh.sys [2009-09-23 543064] R3 sftplay;sftplay; \??\C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys [2009-09-23 190312] R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2009-09-23 21848] R3 sftvol;sftvol; \??\C:\Program Files\Microsoft Application Virtualization Client\drivers\sftvollh.sys [2009-09-23 14680] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-08-14 203312] R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2008-07-15 17960] R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336] S1 jswpslwf;JumpStart Wireless Filter Driver; C:\Windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384] S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704] S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720] S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888] S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072] S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 16384] S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864] S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [] S3 EagleXNt;EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [] S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368] S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-04-15 118784] S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-04-02 62976] S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-04-19 41984] S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840] S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328] S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944] S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920] S3 XDva289;XDva289; \??\C:\Windows\system32\XDva289.sys [] S4 RsFx0103;RsFx0103 Driver; C:\Windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-11-02 267944] R2 Bonjour Service;Dienst "Bonjour"; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376] R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712] R2 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448] R2 cvhsvc;Client Virtualization Handler; C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2009-09-26 819600] R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392] R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 sftlist;Application Virtualization Client; C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [2009-09-23 447832] R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840] R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-06-28 173352] R2 TempoMonitoringService;Notebook Performance Tuning Service ; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720] R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992] R3 sftvsa;Application Virtualization Service Agent; C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [2009-09-23 203608] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-20 182768] S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-09-24 820008] S3 jswpsapi;Jumpstart Wifi Protected Setup; C:\Program Files\Jumpstart\jswpsapi.exe [2008-04-16 954368] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2009-09-26 149336] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136] S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-08-13 144672] S4 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-11 135664] S4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 47128] S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936] S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808] S4 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-07-28 407336] -----------------EOF----------------- Code:
ATTFilter
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
º º
hjtscanlist v2.0
º º
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Microsoft Windows [Version 6.1.7600]
C:
C:\pagefile.sys ---------
C:\hiberfil.sys ---------
04.11.2010 12:47 C:\System Volume Information --------- 65536
03.11.2010 21:06 C:\Config.Msi --------- 0
03.11.2010 15:37 C:\rsit --------- 0
31.10.2010 10:44 C:\Windows --------- 28672
27.10.2010 16:51 C:\ProgramData --------- 12288
27.10.2010 16:51 C:\Program Files --------- 28672
08.10.2010 18:49 C:\$RECYCLE.BIN --------- 0
08.10.2010 18:49 C:\Users --------- 4096
15.04.2010 18:11 C:\Intel --------- 0
06.03.2010 22:08 C:\SureSupply --------- 0
06.03.2010 19:41 C:\MSDOS.SYS --------- 0
06.03.2010 19:41 C:\IO.SYS --------- 0
11.01.2010 14:39 C:\Recovery --------- 0
11.01.2010 14:26 C:\$WINDOWS.~Q --------- 0
11.01.2010 13:58 C:\BOOTSECT.BAK --------- 8192
11.01.2010 13:58 C:\Boot --------- 4096
11.01.2010 13:43 C:\$INPLACE.~TR --------- 0
06.11.2009 21:48 C:\Converted Music --------- 0
17.10.2009 18:06 C:\Westwood --------- 0
16.10.2009 17:40 C:\Toshiba --------- 0
16.10.2009 17:31 C:\Programme --------- 0
16.10.2009 17:31 C:\Dokumente und Einstellungen --------- 0
16.10.2009 16:21 C:\RHDSetup.log --------- 651
14.07.2009 05:53 C:\Documents and Settings --------- 0
14.07.2009 03:37 C:\PerfLogs --------- 0
14.07.2009 02:38 C:\bootmgr --------- 383562
10.06.2009 22:42 C:\config.sys --------- 10
10.06.2009 22:42 C:\autoexec.bat --------- 24
09.02.2009 08:56 C:\SWSTAMP.TXT --------- 229
11.08.2008 15:34 C:\Works --------- 0
11.08.2008 15:28 C:\MSOCache --------- 0
----------------------------------------
C:\Windows
04.11.2010 12:56 C:\Windows\setupact.log --------- 1971214
04.11.2010 12:56 C:\Windows\bootstat.dat --------- 67584
04.11.2010 12:55 C:\Windows\WindowsUpdate.log --------- 1488210
30.10.2010 09:31 C:\Windows\PFRO.log --------- 158870
31.05.2010 13:22 C:\Windows\DirectX.log --------- 90228
17.04.2010 00:45 C:\Windows\WLXPGSS.SCR --------- 307056
15.04.2010 10:02 C:\Windows\ntbtlog.txt --------- 346428
15.04.2010 10:02 C:\Windows\MEMORY.DMP --------- 211412539
01.03.2010 13:31 C:\Windows\hpqins15.dat --------- 23684
11.01.2010 14:26 C:\Windows\comsetup.log --------- 9265
11.01.2010 14:21 C:\Windows\DtcInstall.log --------- 4141
11.01.2010 14:03 C:\Windows\TSSysprep.log --------- 1313
11.01.2010 13:37 C:\Windows\WindowsUpdate (1).log --------- 1778869
11.01.2010 13:05 C:\Windows\diagwrn.xml --------- 2544
11.01.2010 13:05 C:\Windows\diagerr.xml --------- 1890
24.12.2009 18:27 C:\Windows\hpoins46.dat --------- 219106
26.11.2009 11:18 C:\Windows\msxml4-KB973688-deu.LOG --------- 277328
04.11.2009 20:23 C:\Windows\ie8_main.log --------- 191074
31.10.2009 06:45 C:\Windows\explorer.exe --------- 2614272
16.10.2009 20:01 C:\Windows\msxml4-KB954430-deu.LOG --------- 290038
16.10.2009 16:21 C:\Windows\DIFxAPI.dll --------- 319456
16.10.2009 16:21 C:\Windows\HideWin.exe --------- 315392
14.07.2009 05:41 C:\Windows\WindowsShell.Manifest --------- 749
14.07.2009 05:39 C:\Windows\setuperr.log --------- 0
14.07.2009 02:16 C:\Windows\twain_32.dll --------- 51200
14.07.2009 02:14 C:\Windows\write.exe --------- 9216
14.07.2009 02:14 C:\Windows\winhlp32.exe --------- 9728
14.07.2009 02:14 C:\Windows\twunk_32.exe --------- 31232
14.07.2009 02:14 C:\Windows\regedit.exe --------- 398336
14.07.2009 02:14 C:\Windows\notepad.exe --------- 179712
14.07.2009 02:14 C:\Windows\hh.exe --------- 15360
14.07.2009 02:14 C:\Windows\HelpPane.exe --------- 497152
14.07.2009 02:14 C:\Windows\fveupdate.exe --------- 13824
14.07.2009 02:14 C:\Windows\bfsvc.exe --------- 65024
13.07.2009 23:58 C:\Windows\mib.bin --------- 43131
11.06.2009 04:02 C:\Windows\hpomdl46.dat --------- 606
11.06.2009 04:02 C:\Windows\hpomdl46.dat.temp --------- 606
10.06.2009 22:46 C:\Windows\system.ini --------- 219
10.06.2009 22:42 C:\Windows\_default.pif --------- 707
10.06.2009 22:42 C:\Windows\winhelp.exe --------- 256192
10.06.2009 22:41 C:\Windows\twunk_16.exe --------- 49680
10.06.2009 22:41 C:\Windows\twain.dll --------- 94784
10.06.2009 22:34 C:\Windows\WMSysPr9.prx --------- 316640
10.06.2009 22:19 C:\Windows\msdfmap.ini --------- 1405
10.06.2009 22:14 C:\Windows\Starter.xml --------- 48201
10.06.2009 22:14 C:\Windows\HomePremium.xml --------- 48265
13.08.2008 09:48 C:\Windows\csup.txt --------- 10
11.08.2008 15:01 C:\Windows\NDSTray.INI --------- 0
11.08.2008 14:50 C:\Windows\DPINST.LOG --------- 4748
11.08.2008 14:09 C:\Windows\msxml4-KB941833-deu.LOG --------- 267266
08.04.2008 14:14 C:\Windows\RtHDVCpl.exe --------- 6037504
02.04.2008 08:27 C:\Windows\RtlUpd.exe --------- 1196032
05.03.2008 17:07 C:\Windows\RtlExUpd.dll --------- 520192
16.01.2008 11:13 C:\Windows\Thumbs.db --------- 4096
20.11.2007 17:15 C:\Windows\SkyTel.exe --------- 1826816
14.11.2007 14:18 C:\Windows\USetup.iss --------- 553
03.11.2006 13:30 C:\Windows\oemlogo.bmp --------- 43254
02.11.2006 14:04 C:\Windows\win.ini --------- 144
14.01.2004 02:10 C:\Windows\BJPSUNST.EXE --------- 163840
17.11.1998 12:44 C:\Windows\IsUn0407.exe --------- 328704
----------------------------------------
C:\Windows\System
13.07.2009 22:41 C:\Windows\System\OLESVR.DLL --------- 24064
13.07.2009 22:41 C:\Windows\System\WFWNET.DRV --------- 12704
13.07.2009 22:41 C:\Windows\System\COMMDLG.DLL --------- 32816
13.07.2009 22:41 C:\Windows\System\TIMER.DRV --------- 4048
13.07.2009 22:41 C:\Windows\System\MMSYSTEM.DLL --------- 68992
13.07.2009 22:41 C:\Windows\System\mmtask.tsk --------- 1152
13.07.2009 22:41 C:\Windows\System\mouse.drv --------- 2032
13.07.2009 22:41 C:\Windows\System\vga.drv --------- 2176
13.07.2009 22:41 C:\Windows\System\sound.drv --------- 1744
13.07.2009 22:41 C:\Windows\System\keyboard.drv --------- 2000
13.07.2009 22:41 C:\Windows\System\SHELL.DLL --------- 5120
13.07.2009 22:41 C:\Windows\System\system.drv --------- 3360
10.06.2009 22:42 C:\Windows\System\ver.dll --------- 9008
10.06.2009 22:42 C:\Windows\System\olecli.dll --------- 82944
10.06.2009 22:42 C:\Windows\System\lzexpand.dll --------- 9936
10.06.2009 22:25 C:\Windows\System\stdole.tlb --------- 5532
10.06.2009 22:21 C:\Windows\System\msvideo.dll --------- 126912
10.06.2009 22:21 C:\Windows\System\mciwave.drv --------- 28160
10.06.2009 22:21 C:\Windows\System\mciseq.drv --------- 25264
10.06.2009 22:21 C:\Windows\System\mciavi.drv --------- 73376
10.06.2009 22:21 C:\Windows\System\avifile.dll --------- 109456
10.06.2009 22:21 C:\Windows\System\avicap.dll --------- 69584
02.04.2008 14:00 C:\Windows\System\DriveIcon.dll --------- 6428192
27.09.2007 14:32 C:\Windows\System\ms.ico --------- 34530
27.09.2007 14:17 C:\Windows\System\sm.ico --------- 37041
27.09.2007 14:12 C:\Windows\System\sd.ico --------- 38660
27.09.2007 14:04 C:\Windows\System\cf.ico --------- 37300
30.06.2004 15:24 C:\Windows\System\MyMulti.ico --------- 5430
----------------------------------------
C:\Windows\System32
04.11.2010 13:00 C:\Windows\system32\hjtscanlist.txt --------- 8326
04.11.2010 12:48 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 9504
04.11.2010 12:48 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 9504
04.11.2010 12:44 C:\Windows\system32\config --------- 16384
03.11.2010 21:06 C:\Windows\system32\mapisvc.inf --------- 1152
01.11.2010 14:28 C:\Windows\system32\perfh009.dat --------- 712728
01.11.2010 14:28 C:\Windows\system32\perfc009.dat --------- 144292
01.11.2010 14:28 C:\Windows\system32\perfh007.dat --------- 756664
01.11.2010 14:28 C:\Windows\system32\perfc007.dat --------- 171146
01.11.2010 14:28 C:\Windows\system32\PerfStringBackup.INI --------- 1783520
30.10.2010 12:10 C:\Windows\system32\drivers --------- 65536
30.10.2010 12:10 C:\Windows\system32\catroot --------- 4096
30.10.2010 12:10 C:\Windows\system32\DriverStore --------- 4096
29.10.2010 10:28 C:\Windows\system32\catroot2 --------- 12288
28.10.2010 12:38 C:\Windows\system32\javaws.exe --------- 153376
28.10.2010 12:38 C:\Windows\system32\javaw.exe --------- 145184
28.10.2010 12:38 C:\Windows\system32\java.exe --------- 145184
28.10.2010 12:38 C:\Windows\system32\deployJava1.dll --------- 472808
26.10.2010 18:39 C:\Windows\system32\NDF --------- 0
19.10.2010 10:41 C:\Windows\system32\MpSigStub.exe --------- 222080
13.10.2010 15:23 C:\Windows\system32\FNTCACHE.DAT --------- 381480
13.10.2010 15:23 C:\Windows\system32\migration --------- 0
13.10.2010 13:27 C:\Windows\system32\MRT.exe --------- 35385288
12.10.2010 16:44 C:\Windows\system32\RsFx --------- 0
12.10.2010 16:43 C:\Windows\system32\1033 --------- 0
12.10.2010 16:43 C:\Windows\system32\1031 --------- 0
12.10.2010 16:35 C:\Windows\system32\de-DE --------- 327680
27.09.2010 15:24 C:\Windows\system32\Tasks --------- 4096
08.09.2010 10:17 C:\Windows\system32\QuickTimeVR.qtx --------- 94208
08.09.2010 10:17 C:\Windows\system32\QuickTime.qts --------- 69632
08.09.2010 05:30 C:\Windows\system32\wininet.dll --------- 978432
08.09.2010 05:30 C:\Windows\system32\urlmon.dll --------- 1226752
08.09.2010 05:28 C:\Windows\system32\mstime.dll --------- 606208
08.09.2010 05:28 C:\Windows\system32\mshtmled.dll --------- 67072
08.09.2010 05:28 C:\Windows\system32\mshtml.dll --------- 5977600
08.09.2010 05:28 C:\Windows\system32\msfeedsbs.dll --------- 64512
08.09.2010 05:28 C:\Windows\system32\msfeeds.dll --------- 599040
08.09.2010 05:28 C:\Windows\system32\licmgr10.dll --------- 44544
08.09.2010 05:28 C:\Windows\system32\jsproxy.dll --------- 48128
08.09.2010 05:28 C:\Windows\system32\ieui.dll --------- 176640
08.09.2010 05:28 C:\Windows\system32\iertutil.dll --------- 2058752
08.09.2010 05:28 C:\Windows\system32\iepeers.dll --------- 185856
08.09.2010 05:28 C:\Windows\system32\ieframe.dll --------- 10988544
08.09.2010 05:27 C:\Windows\system32\iedkcs32.dll --------- 381440
08.09.2010 05:25 C:\Windows\system32\msfeedssync.exe --------- 12800
08.09.2010 04:22 C:\Windows\system32\html.iec --------- 386048
08.09.2010 03:48 C:\Windows\system32\mshtml.tlb --------- 1638912
04.09.2010 16:45 C:\Windows\system32\wdi --------- 4096
01.09.2010 05:29 C:\Windows\system32\wmp.dll --------- 11406848
01.09.2010 05:23 C:\Windows\system32\wmploc.DLL --------- 12625408
01.09.2010 03:34 C:\Windows\system32\win32k.sys --------- 2327552
31.08.2010 05:32 C:\Windows\system32\mfc40u.dll --------- 954288
31.08.2010 05:32 C:\Windows\system32\mfc40.dll --------- 954752
27.08.2010 06:46 C:\Windows\system32\srvsvc.dll --------- 168448
26.08.2010 05:39 C:\Windows\system32\t2embed.dll --------- 109056
25.08.2010 18:58 C:\Windows\system32\iglhxs32.vp --------- 51432
25.08.2010 18:46 C:\Windows\system32\TVWSetup.exe --------- 8198680
25.08.2010 18:45 C:\Windows\system32\igfxtray.exe --------- 136216
25.08.2010 18:45 C:\Windows\system32\igfxsrvc.exe --------- 266776
25.08.2010 18:45 C:\Windows\system32\igfxpers.exe --------- 170520
25.08.2010 18:45 C:\Windows\system32\igfxext.exe --------- 179224
25.08.2010 18:45 C:\Windows\system32\hkcmd.exe --------- 171032
25.08.2010 18:45 C:\Windows\system32\GfxUI.exe --------- 3156504
25.08.2010 18:39 C:\Windows\system32\igfxCoIn_v2202.dll --------- 81920
25.08.2010 18:31 C:\Windows\system32\igdumd32.dll --------- 4967424
25.08.2010 18:30 C:\Windows\system32\igcompkrng500.bin --------- 439308
25.08.2010 18:30 C:\Windows\system32\igfcg500m.bin --------- 92356
25.08.2010 18:30 C:\Windows\system32\igkrng500.bin --------- 982240
25.08.2010 18:28 C:\Windows\system32\igdumdx32.dll --------- 571904
25.08.2010 18:23 C:\Windows\system32\igd10umd32.dll --------- 4411904
25.08.2010 18:09 C:\Windows\system32\ig4icd32.dll --------- 11040256
25.08.2010 18:03 C:\Windows\system32\Gfxres.zh-TW.resources --------- 103997
25.08.2010 18:03 C:\Windows\system32\Gfxres.zh-CN.resources --------- 102843
25.08.2010 18:03 C:\Windows\system32\Gfxres.tr-TR.resources --------- 121121
25.08.2010 18:03 C:\Windows\system32\Gfxres.th-TH.resources --------- 189408
25.08.2010 18:02 C:\Windows\system32\Gfxres.sv-SE.resources --------- 119286
25.08.2010 18:02 C:\Windows\system32\Gfxres.sl-SI.resources --------- 114308
25.08.2010 18:02 C:\Windows\system32\Gfxres.sk-SK.resources --------- 117984
25.08.2010 18:02 C:\Windows\system32\Gfxres.ru-RU.resources --------- 165251
25.08.2010 18:02 C:\Windows\system32\Gfxres.pt-PT.resources --------- 118997
25.08.2010 18:02 C:\Windows\system32\Gfxres.pt-BR.resources --------- 120287
25.08.2010 18:02 C:\Windows\system32\Gfxres.pl-PL.resources --------- 118317
25.08.2010 18:02 C:\Windows\system32\Gfxres.nl-NL.resources --------- 119513
25.08.2010 18:02 C:\Windows\system32\Gfxres.ko-KR.resources --------- 123164
25.08.2010 18:02 C:\Windows\system32\Gfxres.nb-NO.resources --------- 114779
25.08.2010 18:02 C:\Windows\system32\Gfxres.it-IT.resources --------- 125477
25.08.2010 18:02 C:\Windows\system32\Gfxres.ja-JP.resources --------- 136327
25.08.2010 18:02 C:\Windows\system32\Gfxres.hu-HU.resources --------- 119533
25.08.2010 18:02 C:\Windows\system32\Gfxres.he-IL.resources --------- 133680
25.08.2010 18:02 C:\Windows\system32\Gfxres.fr-FR.resources --------- 120695
25.08.2010 18:02 C:\Windows\system32\Gfxres.fi-FI.resources --------- 118631
25.08.2010 18:02 C:\Windows\system32\Gfxres.es-ES.resources --------- 122858
25.08.2010 18:02 C:\Windows\system32\Gfxres.el-GR.resources --------- 178288
25.08.2010 18:02 C:\Windows\system32\Gfxres.da-DK.resources --------- 114179
25.08.2010 18:02 C:\Windows\system32\Gfxres.de-DE.resources --------- 122638
25.08.2010 18:02 C:\Windows\system32\Gfxres.cs-CZ.resources --------- 118684
25.08.2010 18:02 C:\Windows\system32\Gfxres.ar-SA.resources --------- 139830
25.08.2010 18:02 C:\Windows\system32\igfxrslv.lrc --------- 85504
25.08.2010 18:02 C:\Windows\system32\igfxrsky.lrc --------- 86016
25.08.2010 18:02 C:\Windows\system32\igfxrtha.lrc --------- 84992
----------------------------------------
C:\Windows\Prefetch
04.11.2010 13:00 C:\Windows\Prefetch\DLLHOST.EXE-766398D2.pf --------- 15826
04.11.2010 12:59 C:\Windows\Prefetch\CONSENT.EXE-531BD9EA.pf --------- 90260
04.11.2010 12:59 C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf --------- 15014
04.11.2010 12:59 C:\Windows\Prefetch\DLLHOST.EXE-40DD444D.pf --------- 71956
04.11.2010 12:59 C:\Windows\Prefetch\ReadyBoot --------- 4096
04.11.2010 12:59 C:\Windows\Prefetch\SVCHOST.EXE-C871F054.pf --------- 99168
04.11.2010 12:58 C:\Windows\Prefetch\WMPNSCFG.EXE-FC0D39BF.pf --------- 57288
04.11.2010 12:58 C:\Windows\Prefetch\DLLHOST.EXE-4F28A26F.pf --------- 672442
04.11.2010 12:55 C:\Windows\Prefetch\AgGlFgAppHistory.db --------- 1697160
04.11.2010 12:55 C:\Windows\Prefetch\AgGlFaultHistory.db --------- 575837
04.11.2010 12:55 C:\Windows\Prefetch\AgGlGlobalHistory.db --------- 4179238
04.11.2010 12:55 C:\Windows\Prefetch\AgRobust.db --------- 459248
04.11.2010 12:55 C:\Windows\Prefetch\PfSvPerfStats.bin --------- 508
04.11.2010 12:55 C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf --------- 24112
04.11.2010 12:54 C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf --------- 23302
04.11.2010 12:54 C:\Windows\Prefetch\FIREFOX.EXE-A606B53C.pf --------- 316548
04.11.2010 12:53 C:\Windows\Prefetch\AVWSC.EXE-4630B658.pf --------- 31314
04.11.2010 12:53 C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf --------- 79932
04.11.2010 12:53 C:\Windows\Prefetch\AUDIODG.EXE-BDFD3029.pf --------- 25578
04.11.2010 12:52 C:\Windows\Prefetch\GOOGLEUPDATE.EXE-FE771DDA.pf --------- 34262
04.11.2010 12:49 C:\Windows\Prefetch\TASKMGR.EXE-5F5F473D.pf --------- 238390
04.11.2010 12:47 C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf --------- 26412
04.11.2010 12:47 C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf --------- 23378
04.11.2010 12:47 C:\Windows\Prefetch\MPAS-D_BD1.EXE-97E29C40.pf --------- 26154
04.11.2010 12:47 C:\Windows\Prefetch\MPSIGSTUB.EXE-6CB27A06.pf --------- 93586
04.11.2010 12:46 C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf --------- 16380
04.11.2010 12:46 C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf --------- 89838
04.11.2010 12:45 C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf --------- 17572
04.11.2010 12:45 C:\Windows\Prefetch\WUAUCLT.EXE-70318591.pf --------- 28516
04.11.2010 12:44 C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf --------- 45548
04.11.2010 12:44 C:\Windows\Prefetch\IELOWUTIL.EXE-3885C25E.pf --------- 328388
04.11.2010 12:44 C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-7226D1F8.pf --------- 167888
04.11.2010 12:44 C:\Windows\Prefetch\TASKHOST.EXE-7238F31D.pf --------- 160322
04.11.2010 12:44 C:\Windows\Prefetch\SVCHOST.EXE-05F624AB.pf --------- 8266
04.11.2010 12:44 C:\Windows\Prefetch\SPPSVC.EXE-B0F8131B.pf --------- 12678
04.11.2010 12:44 C:\Windows\Prefetch\CFSVCS.EXE-B36EE33C.pf --------- 21686
04.11.2010 12:43 C:\Windows\Prefetch\CFIWMXSVCS.EXE-B2259B25.pf --------- 95708
04.11.2010 12:43 C:\Windows\Prefetch\MSCORSVW.EXE-C3C515BD.pf --------- 48044
04.11.2010 12:42 C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf --------- 131950
04.11.2010 12:42 C:\Windows\Prefetch\WMPNETWK.EXE-D9F2A96F.pf --------- 225696
04.11.2010 12:42 C:\Windows\Prefetch\RUNDLL32.EXE-DE9673F9.pf --------- 19846
04.11.2010 12:42 C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 3870102
03.11.2010 21:09 C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf --------- 84150
03.11.2010 21:06 C:\Windows\Prefetch\SOFTWAREUPDATE.EXE-631B74E4.pf --------- 11894
03.11.2010 21:06 C:\Windows\Prefetch\DLLHOST.EXE-7ED62AA2.pf --------- 18614
03.11.2010 20:47 C:\Windows\Prefetch\DISTNOTED.EXE-BFFB20F1.pf --------- 18932
03.11.2010 20:47 C:\Windows\Prefetch\APPLEMOBILEDEVICEHELPER.EXE-96A367D7.pf --------- 50320
03.11.2010 20:46 C:\Windows\Prefetch\ITUNES.EXE-2A42B776.pf --------- 311984
03.11.2010 19:40 C:\Windows\Prefetch\AVSCAN.EXE-E289CD20.pf --------- 203262
03.11.2010 19:08 C:\Windows\Prefetch\MSPAINT.EXE-76E10B24.pf --------- 92522
03.11.2010 18:41 C:\Windows\Prefetch\CCLEANER.EXE-D4D76A60.pf --------- 165684
03.11.2010 18:23 C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-1712401592-4033205459-3372233946-1000.db --------- 842130
03.11.2010 18:23 C:\Windows\Prefetch\AgGlUAD_S-1-5-21-1712401592-4033205459-3372233946-1000.db --------- 1409653
03.11.2010 17:01 C:\Windows\Prefetch\MSFEEDSSYNC.EXE-6E6FBDF4.pf --------- 280130
03.11.2010 17:00 C:\Windows\Prefetch\WSQMCONS.EXE-118B52B7.pf --------- 122628
03.11.2010 16:50 C:\Windows\Prefetch\SVCHOST.EXE-80F4A784.pf --------- 222064
03.11.2010 16:39 C:\Windows\Prefetch\SNDVOL.EXE-5D4CC7D6.pf --------- 79954
03.11.2010 16:38 C:\Windows\Prefetch\IPODSERVICE.EXE-37C43D64.pf --------- 19276
03.11.2010 15:55 C:\Windows\Prefetch\AVCENTER.EXE-C4AEDCEC.pf --------- 156116
03.11.2010 15:54 C:\Windows\Prefetch\RUNDLL32.EXE-1304AE86.pf --------- 28398
03.11.2010 15:38 C:\Windows\Prefetch\WERFAULT.EXE-E69F695A.pf --------- 158542
03.11.2010 15:28 C:\Windows\Prefetch\UPDATE.EXE-026DCA13.pf --------- 470610
03.11.2010 15:27 C:\Windows\Prefetch\AVNOTIFY.EXE-FEC2FEC4.pf --------- 64378
02.11.2010 21:22 C:\Windows\Prefetch\MPCMDRUN.EXE-F401FBB4.pf --------- 29894
02.11.2010 20:25 C:\Windows\Prefetch\JAVAW.EXE-91B81925.pf --------- 130952
02.11.2010 20:25 C:\Windows\Prefetch\JAVAWS.EXE-5FA6EB7C.pf --------- 79850
02.11.2010 20:25 C:\Windows\Prefetch\JAUCHECK.EXE-7E60136B.pf --------- 39158
02.11.2010 17:34 C:\Windows\Prefetch\SKYPENAMES2.EXE-FAE920B5.pf --------- 15842
02.11.2010 15:16 C:\Windows\Prefetch\TASKENG.EXE-48D4E289.pf --------- 60008
02.11.2010 14:37 C:\Windows\Prefetch\SEARCHINDEXER.EXE-4A6353B9.pf --------- 118398
02.11.2010 14:37 C:\Windows\Prefetch\CVHSVC.EXE-5DC3E48B.pf --------- 277790
01.11.2010 16:01 C:\Windows\Prefetch\CEC_MAIN.EXE-B4BEC43C.pf --------- 186244
01.11.2010 16:01 C:\Windows\Prefetch\TRAYBAR.EXE-F735E112.pf --------- 145300
01.11.2010 14:38 C:\Windows\Prefetch\RUNDLL32.EXE-A3E35360.pf --------- 64238
01.11.2010 14:26 C:\Windows\Prefetch\AgCx_SC4.db --------- 317029
31.10.2010 20:52 C:\Windows\Prefetch\ITUNESPHOTOPROCESSOR.EXE-CC2A23A0.pf --------- 173600
31.10.2010 20:51 C:\Windows\Prefetch\COM.YAHOO.GO.SYNC.CLIENT.EXE-4300557A.pf --------- 40718
31.10.2010 20:51 C:\Windows\Prefetch\APPLEMOBILESYNC.EXE-D6664C70.pf --------- 64462
31.10.2010 20:51 C:\Windows\Prefetch\COM.APPLE.WINDOWSCONTACTS.CLI-FEB38509.pf --------- 82020
31.10.2010 20:51 C:\Windows\Prefetch\MDCRASHREPORTTOOL.EXE-711A29B9.pf --------- 66116
31.10.2010 20:50 C:\Windows\Prefetch\APPLEMOBILEBACKUP.EXE-6FE90255.pf --------- 359004
31.10.2010 20:50 C:\Windows\Prefetch\SYNCSERVER.EXE-5B564BE1.pf --------- 103316
31.10.2010 20:50 C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf --------- 64136
31.10.2010 11:18 C:\Windows\Prefetch\SC.EXE-945D79AE.pf --------- 31566
30.10.2010 13:23 C:\Windows\Prefetch\GOOGLEUPDATERSERVICE.EXE-09540BCD.pf --------- 89382
30.10.2010 12:43 C:\Windows\Prefetch\WINSAT.EXE-DE36CB46.pf --------- 114432
30.10.2010 11:52 C:\Windows\Prefetch\HELPPANE.EXE-FEDC965B.pf --------- 66802
30.10.2010 11:17 C:\Windows\Prefetch\SKYPEPM.EXE-EECA8925.pf --------- 219580
29.10.2010 16:36 C:\Windows\Prefetch\OSPPSVC.EXE-E53D3CC0.pf --------- 38172
29.10.2010 16:36 C:\Windows\Prefetch\OFFICEVIRT.EXE-F42AB857.pf --------- 22182
29.10.2010 16:36 C:\Windows\Prefetch\CVH.EXE-308EA697.pf --------- 132118
29.10.2010 10:29 C:\Windows\Prefetch\NDSTRAY.EXE-009FAABD.pf --------- 221870
28.10.2010 19:11 C:\Windows\Prefetch\SVCHOST.EXE-40F9D24E.pf --------- 27098
28.10.2010 13:43 C:\Windows\Prefetch\CFSWMGR.EXE-B6130199.pf --------- 235800
27.10.2010 20:27 C:\Windows\Prefetch\SDBINST.EXE-5CC2F88B.pf --------- 11428
27.10.2010 17:45 C:\Windows\Prefetch\DLLHOST.EXE-6A473D35.pf --------- 70666
27.10.2010 15:06 C:\Windows\Prefetch\GOOGLEEARTH.EXE-4179DA94.pf --------- 292046
26.10.2010 18:43 C:\Windows\Prefetch\DLLHOST.EXE-824949B9.pf --------- 41030
25.10.2010 15:40 C:\Windows\Prefetch\SVCHOST.EXE-7AC6742A.pf --------- 17372
25.10.2010 15:40 C:\Windows\Prefetch\DEFRAG.EXE-588F90AD.pf --------- 54694
25.10.2010 15:40 C:\Windows\Prefetch\Layout.ini --------- 1715310
25.10.2010 12:44 C:\Windows\Prefetch\HPWUCLI.EXE-5427BA4C.pf --------- 133062
23.10.2010 23:28 C:\Windows\Prefetch\AgCx_SC1.db --------- 486178
23.10.2010 23:27 C:\Windows\Prefetch\AgCx_SC1.db.trx --------- 129786
23.10.2010 12:31 C:\Windows\Prefetch\MSASCUI.EXE-07E0123F.pf --------- 34984
21.10.2010 18:24 C:\Windows\Prefetch\RUNDLL32.EXE-411A328D.pf --------- 309364
19.10.2010 10:41 C:\Windows\Prefetch\MPAS-FE_BD.EXE-BB62FD5E.pf --------- 34362
18.10.2010 11:17 C:\Windows\Prefetch\WINWORD.EXE-710E349D.pf --------- 209478
17.10.2010 20:32 C:\Windows\Prefetch\SYNTPHELPER.EXE-0A20AAC4.pf --------- 72300
17.10.2010 20:32 C:\Windows\Prefetch\DWM.EXE-6FFD3DA8.pf --------- 26282
17.10.2010 20:32 C:\Windows\Prefetch\USERINIT.EXE-2257A3E7.pf --------- 12008
17.10.2010 20:32 C:\Windows\Prefetch\ATBROKER.EXE-2E15A492.pf --------- 8072
15.10.2010 18:10 C:\Windows\Prefetch\GOOGLECRASHHANDLER.EXE-8C113626.pf --------- 15996
13.10.2010 15:25 C:\Windows\Prefetch\RTHDVCPL.EXE-B116E9FD.pf --------- 29418
12.10.2010 09:00 C:\Windows\Prefetch\SDCLT.EXE-E10B972A.pf --------- 12466
09.10.2010 11:04 C:\Windows\Prefetch\ICQ.EXE-086D7489.pf --------- 520260
09.10.2010 11:04 C:\Windows\Prefetch\ICQUPDATER.EXE-901BDAC8.pf --------- 30746
08.10.2010 18:52 C:\Windows\Prefetch\WLXQUICKTIMECONTROLHOST.EXE-7A8A02B9.pf --------- 111376
19.09.2010 11:22 C:\Windows\Prefetch\BLACKRA1N.EXE-6A9086FE.pf --------- 39492
18.09.2010 13:16 C:\Windows\Prefetch\AgCx_SC3_6A36721C.db --------- 441263
18.09.2010 13:14 C:\Windows\Prefetch\AgCx_S1_S-1-5-21-1712401592-4033205459-3372233946-1000.snp.db --------- 3803941
30.08.2010 13:21 C:\Windows\Prefetch\CREDWIZ.EXE-8D92A1F8.pf --------- 23444
30.08.2010 13:16 C:\Windows\Prefetch\RUNDLL32.EXE-66D7E84C.pf --------- 38286
30.08.2010 13:16 C:\Windows\Prefetch\DLLHOST.EXE-C2B8534F.pf --------- 19468
30.08.2010 13:15 C:\Windows\Prefetch\RUNDLL32.EXE-5B17BD77.pf --------- 101486
29.08.2010 21:28 C:\Windows\Prefetch\EHRECVR.EXE-96B31E37.pf --------- 36336
29.08.2010 21:28 C:\Windows\Prefetch\MCGLIDHOST.EXE-E3F0E99A.pf --------- 66850
29.08.2010 21:28 C:\Windows\Prefetch\EHREC.EXE-BFABB40F.pf --------- 87740
29.08.2010 21:28 C:\Windows\Prefetch\EHTRAY.EXE-FEBFC005.pf --------- 32612
29.08.2010 21:28 C:\Windows\Prefetch\EHSCHED.EXE-7A86D5F8.pf --------- 26722
28.08.2010 20:49 C:\Windows\Prefetch\EHPRIVJOB.EXE-CE89B169.pf --------- 2430
28.08.2010 20:49 C:\Windows\Prefetch\MCUPDATE.EXE-62E74733.pf --------- 70464
28.08.2010 09:43 C:\Windows\Prefetch\RIBBONS.SCR-853AA7FE.pf --------- 31968
28.08.2010 08:36 C:\Windows\Prefetch\RUNDLL32.EXE-B440F290.pf --------- 22512
27.08.2010 13:11 C:\Windows\Prefetch\CCSETUP235.EXE-6C95A1B9.pf --------- 40460
27.08.2010 12:46 C:\Windows\Prefetch\MPMINISIGSTUB.EXE-9A6FA560.pf --------- 7186
26.08.2010 18:45 C:\Windows\Prefetch\BLACKRA1N.EXE-9F961CC7.pf --------- 12458
26.08.2010 13:18 C:\Windows\Prefetch\RUNDLL32.EXE-C65044A0.pf --------- 22414
24.08.2010 12:37 C:\Windows\Prefetch\MPSIGSTUB.EXE-04762FD3.pf --------- 166102
24.08.2010 12:32 C:\Windows\Prefetch\IGFXPERS.EXE-254DBA08.pf --------- 26860
23.08.2010 19:15 C:\Windows\Prefetch\RUNDLL32.EXE-27FF3AAE.pf --------- 22268
23.08.2010 16:27 C:\Windows\Prefetch\RIBBONS.SCR-9E2C8FF1.pf --------- 132316
23.08.2010 15:35 C:\Windows\Prefetch\ICQ.EXE-8B39CCDC.pf --------- 139034
03.07.2010 07:52 C:\Windows\Prefetch\AgCx_SC2.db --------- 653961
11.01.2010 14:01 C:\Windows\Prefetch\AgAppLaunch.db --------- 332116
----------------------------------------
C:\Windows\Tasks
04.11.2010 12:56 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job --------- 1090
04.11.2010 12:56 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job --------- 1086
04.11.2010 12:56 C:\Windows\Tasks\SA.DAT --------- 6
02.11.2010 14:37 C:\Windows\Tasks\SCHEDLGU.TXT --------- 32632
----------------------------------------
C:\Windows\Temp
04.11.2010 12:58 C:\Windows\Temp\hpqddsvc.log --------- 7562
04.11.2010 12:58 C:\Windows\Temp\HPSLPSVC0002.log --------- 2435
04.11.2010 12:55 C:\Windows\Temp\fwtsqmfile01.sqm --------- 608
04.11.2010 12:47 C:\Windows\Temp\MpSigStub.log --------- 3280
04.11.2010 12:41 C:\Windows\Temp\HPSLPSVC0001.log --------- 3385
04.11.2010 12:41 C:\Windows\Temp\SoftGrid Client Service --------- 0
03.11.2010 21:09 C:\Windows\Temp\WERB6D7.tmp.hdmp --------- 0
03.11.2010 21:09 C:\Windows\Temp\WERB6D6.tmp.WERInternalMetadata.xml --------- 2566
03.11.2010 21:09 C:\Windows\Temp\fwtsqmfile00.sqm --------- 608
03.11.2010 15:24 C:\Windows\Temp\HPSLPSVC0000.log --------- 3385
----------------------------------------
C:\Users\***\AppData\Local\Temp
04.11.2010 12:59 C:\Users\***\AppData\Local\Temp\IpAdrSet.log --------- 1299
04.11.2010 12:57 C:\Users\***\AppData\Local\Temp\WPDNSE --------- 0
04.11.2010 12:46 C:\Users\***\AppData\Local\Temp\jusched.log --------- 601
04.11.2010 12:43 C:\Users\***\AppData\Local\Temp\wmplog02.sqm --------- 1402
04.11.2010 12:43 C:\Users\***\AppData\Local\Temp\wmplog01.sqm --------- 1458
04.11.2010 12:43 C:\Users\***\AppData\Local\Temp\wmplog00.sqm --------- 1458
03.11.2010 20:35 C:\Users\***\AppData\Local\Temp\z3dgwufs.bmp --------- 14592054
03.11.2010 20:35 C:\Users\***\AppData\Local\Temp\jho7jo55.bmp --------- 20969910
03.11.2010 20:34 C:\Users\***\AppData\Local\Temp\9nahfu6a.bmp --------- 4708406
03.11.2010 20:34 C:\Users\***\AppData\Local\Temp\t9t82owv.bmp --------- 16670054
03.11.2010 20:34 C:\Users\***\AppData\Local\Temp\g8c7glaw.bmp --------- 4000054
03.11.2010 20:34 C:\Users\***\AppData\Local\Temp\ztvz380g.bmp --------- 23916054
03.11.2010 20:16 C:\Users\***\AppData\Local\Temp\hcx4rrm1.bmp --------- 1964854
03.11.2010 20:16 C:\Users\***\AppData\Local\Temp\7vhafrhz.bmp --------- 1172554
03.11.2010 20:16 C:\Users\***\AppData\Local\Temp\ut89lgn0.bmp --------- 11599254
03.11.2010 20:16 C:\Users\***\AppData\Local\Temp\h0r7rdt9.bmp --------- 2489574
03.11.2010 20:16 C:\Users\***\AppData\Local\Temp\o0o1zb42.bmp --------- 2489574
03.11.2010 20:16 C:\Users\***\AppData\Local\Temp\ei77n2r0.bmp --------- 10816054
03.11.2010 20:15 C:\Users\***\AppData\Local\Temp\7mztm52n.bmp --------- 757814
03.11.2010 20:15 C:\Users\***\AppData\Local\Temp\y4qzbxpd.bmp --------- 1666278
03.11.2010 20:15 C:\Users\***\AppData\Local\Temp\l3axomvm.bmp --------- 23952054
03.11.2010 20:15 C:\Users\***\AppData\Local\Temp\4pthbgt6.bmp --------- 641078
03.11.2010 20:15 C:\Users\***\AppData\Local\Temp\ykk2ibwl.bmp --------- 297414
03.11.2010 20:15 C:\Users\***\AppData\Local\Temp\o3c86aii.bmp --------- 7819254
03.11.2010 20:15 C:\Users\***\AppData\Local\Temp\b9v7c0xs.bmp --------- 5184054
03.11.2010 20:15 C:\Users\***\AppData\Local\Temp\1snd0rjp.bmp --------- 5184054
03.11.2010 19:25 C:\Users\***\AppData\Local\Temp\dnn521uy.bmp --------- 25280526
03.11.2010 19:22 C:\Users\***\AppData\Local\Temp\l3myxavs.bmp --------- 8722878
03.11.2010 19:17 C:\Users\***\AppData\Local\Temp\a52ujpdt.bmp --------- 5242934
03.11.2010 19:15 C:\Users\***\AppData\Local\Temp\kawnn9p4.bmp --------- 9000054
03.11.2010 19:14 C:\Users\***\AppData\Local\Temp\utbzmv2a.bmp --------- 5242934
03.11.2010 19:08 C:\Users\***\AppData\Local\Temp\ay71hlru.bmp --------- 5242934
03.11.2010 19:08 C:\Users\***\AppData\Local\Temp\r0iduc0p.bmp --------- 5242934
03.11.2010 19:08 C:\Users\***\AppData\Local\Temp\71tx6whd.bmp --------- 11264454
03.11.2010 15:37 C:\Users\***\AppData\Local\Temp\Low --------- 0
03.11.2010 15:24 C:\Users\***\AppData\Local\Temp\History --------- 0
03.11.2010 15:24 C:\Users\***\AppData\Local\Temp\Cookies --------- 0
03.11.2010 15:24 C:\Users\***\AppData\Local\Temp\Temporary Internet Files --------- 0
11.01.2010 14:41 C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0
----------------------------------------
C:\Program Files
03.11.2010 15:40 C:\Program Files\Trend Micro --------- 4096
01.11.2010 13:54 C:\Program Files\AutocompletePro --------- 4096
29.10.2010 16:27 C:\Program Files\Mozilla Firefox --------- 40960
28.10.2010 12:28 C:\Program Files\Java --------- 4096
27.10.2010 16:52 C:\Program Files\Malwarebytes' Anti-Malware --------- 4096
13.10.2010 15:23 C:\Program Files\Internet Explorer --------- 4096
13.10.2010 15:23 C:\Program Files\Windows Media Player --------- 4096
13.10.2010 15:22 C:\Program Files\Microsoft Silverlight --------- 4096
12.10.2010 17:23 C:\Program Files\Microsoft SDKs --------- 0
12.10.2010 17:21 C:\Program Files\Microsoft ASP.NET --------- 0
12.10.2010 17:21 C:\Program Files\IIS --------- 0
12.10.2010 17:19 C:\Program Files\Microsoft Visual Studio 10.0 --------- 4096
12.10.2010 17:00 C:\Program Files\Common Files --------- 4096
12.10.2010 17:00 C:\Program Files\MSBuild --------- 0
12.10.2010 16:44 C:\Program Files\Microsoft SQL Server --------- 0
12.10.2010 16:43 C:\Program Files\Microsoft Visual Studio 9.0 --------- 0
12.10.2010 16:42 C:\Program Files\Microsoft.NET --------- 0
12.10.2010 16:39 C:\Program Files\Microsoft Synchronization Services --------- 0
12.10.2010 16:39 C:\Program Files\Microsoft SQL Server Compact Edition --------- 0
12.10.2010 16:37 C:\Program Files\Microsoft Help Viewer --------- 0
28.09.2010 13:16 C:\Program Files\Google --------- 4096
25.09.2010 13:14 C:\Program Files\iTunes --------- 8192
25.09.2010 13:13 C:\Program Files\iPod --------- 0
25.09.2010 13:09 C:\Program Files\QuickTime --------- 4096
25.09.2010 13:07 C:\Program Files\Bonjour --------- 4096
25.09.2010 10:52 C:\Program Files\Steam --------- 12288
20.09.2010 20:18 C:\Program Files\InstallShield Installation Information --------- 0
20.09.2010 19:53 C:\Program Files\Ubisoft --------- 0
20.09.2010 19:46 C:\Program Files\Jens Lorek --------- 0
15.09.2010 16:00 C:\Program Files\GIMP-2.0 --------- 0
12.09.2010 00:04 C:\Program Files\Camera Assistant Software for Toshiba --------- 4096
08.09.2010 20:03 C:\Program Files\Safari --------- 4096
30.08.2010 15:53 C:\Program Files\KeePass Password Safe 2 --------- 0
30.08.2010 15:16 C:\Program Files\Steganos Password Manager Free 11 --------- 0
27.08.2010 13:12 C:\Program Files\CCleaner --------- 0
23.08.2010 15:34 C:\Program Files\ICQ7.0 --------- 20480
11.08.2010 22:16 C:\Program Files\Microsoft Works --------- 24576
10.08.2010 17:07 C:\Program Files\ANNO1602 --------- 4096
19.07.2010 22:15 C:\Program Files\Opera --------- 4096
18.07.2010 18:17 C:\Program Files\Audacity --------- 0
18.07.2010 18:05 C:\Program Files\DVDVideoSoft --------- 0
10.07.2010 14:46 C:\Program Files\TeamSpeak 3 Client --------- 0
08.07.2010 20:23 C:\Program Files\Free iPad Video Converter --------- 0
05.07.2010 19:54 C:\Program Files\HP --------- 4096
05.07.2010 15:08 C:\Program Files\AVS4YOU --------- 0
02.07.2010 14:28 C:\Program Files\TeamViewer --------- 0
02.07.2010 14:26 C:\Program Files\T3Desk --------- 0
05.06.2010 21:10 C:\Program Files\DivX --------- 0
31.05.2010 13:24 C:\Program Files\Windows Live --------- 4096
31.05.2010 13:23 C:\Program Files\Windows Live SkyDrive --------- 0
15.05.2010 20:13 C:\Program Files\JRE --------- 0
15.05.2010 20:13 C:\Program Files\OpenOffice.org 3 --------- 4096
15.05.2010 20:03 C:\Program Files\Adobe --------- 0
12.05.2010 14:51 C:\Program Files\Windows Mail --------- 0
11.05.2010 11:59 C:\Program Files\Apple Software Update --------- 4096
15.04.2010 18:11 C:\Program Files\Intel --------- 4096
13.04.2010 13:23 C:\Program Files\Microsoft Office --------- 4096
06.03.2010 19:40 C:\Program Files\CamStudio --------- 0
06.03.2010 18:59 C:\Program Files\Haali --------- 0
21.02.2010 10:45 C:\Program Files\PC Drivers HeadQuarters --------- 0
01.02.2010 13:35 C:\Program Files\Game Cam V2 --------- 0
28.01.2010 15:54 C:\Program Files\Microsoft Application Virtualization Client --------- 4096
11.01.2010 14:39 C:\Program Files\Windows NT --------- 4096
11.01.2010 14:39 C:\Program Files\Gemeinsame Dateien --------- 0
11.01.2010 14:11 C:\Program Files\Windows Photo Gallery --------- 0
11.01.2010 14:11 C:\Program Files\Windows Media Components --------- 0
11.01.2010 14:11 C:\Program Files\Windows Collaboration --------- 0
11.01.2010 14:11 C:\Program Files\Windows Calendar --------- 0
11.01.2010 14:11 C:\Program Files\TrackMania --------- 0
11.01.2010 14:11 C:\Program Files\Toshiba TEMPRO --------- 8192
11.01.2010 14:11 C:\Program Files\TOSHIBA --------- 4096
11.01.2010 14:11 C:\Program Files\Skype --------- 0
11.01.2010 14:11 C:\Program Files\Realtek --------- 0
11.01.2010 14:08 C:\Program Files\Nero --------- 0
11.01.2010 14:08 C:\Program Files\myphotobook --------- 0
11.01.2010 14:08 C:\Program Files\MSECache --------- 0
11.01.2010 14:08 C:\Program Files\Microsoft Windows 7 Upgrade Advisor --------- 0
11.01.2010 14:08 C:\Program Files\Microsoft Games --------- 4096
11.01.2010 14:08 C:\Program Files\Microsoft --------- 0
11.01.2010 14:08 C:\Program Files\ltmoh --------- 0
11.01.2010 14:08 C:\Program Files\Jumpstart --------- 0
11.01.2010 14:08 C:\Program Files\Illustrate --------- 0
11.01.2010 14:08 C:\Program Files\HyCam2 --------- 0
11.01.2010 14:07 C:\Program Files\Gameforge4D --------- 0
11.01.2010 14:06 C:\Program Files\Cisco --------- 0
11.01.2010 14:06 C:\Program Files\CanonBJ --------- 0
11.01.2010 14:06 C:\Program Files\Canon --------- 4096
11.01.2010 14:06 C:\Program Files\Avira --------- 0
11.01.2010 14:06 C:\Program Files\Atheros --------- 0
11.01.2010 14:02 C:\Program Files\Synaptics --------- 0
14.07.2009 09:56 C:\Program Files\DVD Maker --------- 4096
14.07.2009 09:56 C:\Program Files\Windows Journal --------- 4096
14.07.2009 09:47 C:\Program Files\Windows Sidebar --------- 4096
14.07.2009 09:47 C:\Program Files\Windows Photo Viewer --------- 4096
14.07.2009 09:47 C:\Program Files\Windows Defender --------- 4096
14.07.2009 05:53 C:\Program Files\Uninstall Information --------- 0
14.07.2009 05:52 C:\Program Files\Windows Portable Devices --------- 0
14.07.2009 05:52 C:\Program Files\Reference Assemblies --------- 0
14.07.2009 05:41 C:\Program Files\desktop.ini --------- 174
11.08.2008 14:09 C:\Program Files\MSXML 4.0 --------- 0
----------------------------------------
C:\ProgramData\..
***
***
Public
Default
All Users
Default User
desktop.ini
----------------------------------------
C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
----------------------------------------
Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process 0 Services 0 24 K
System 4 Services 0 876 K
smss.exe 296 Services 0 792 K
csrss.exe 432 Services 0 3.192 K
wininit.exe 472 Services 0 3.340 K
csrss.exe 480 Console 1 9.908 K
services.exe 536 Services 0 7.804 K
lsass.exe 564 Services 0 8.760 K
lsm.exe 572 Services 0 2.980 K
svchost.exe 684 Services 0 6.964 K
winlogon.exe 704 Console 1 4.856 K
svchost.exe 812 Services 0 6.180 K
svchost.exe 896 Services 0 15.148 K
svchost.exe 940 Services 0 66.096 K
svchost.exe 968 Services 0 25.120 K
audiodg.exe 1044 Services 0 15.704 K
svchost.exe 1100 Services 0 11.984 K
svchost.exe 1184 Services 0 11.316 K
spoolsv.exe 1324 Services 0 23.576 K
sched.exe 1404 Services 0 1.176 K
avguard.exe 1492 Services 0 81.248 K
svchost.exe 1520 Services 0 13.092 K
avshadow.exe 1628 Services 0 3.408 K
conhost.exe 1636 Services 0 2.080 K
taskhost.exe 1740 Console 1 6.160 K
dwm.exe 1792 Console 1 24.064 K
explorer.exe 1848 Console 1 42.464 K
taskeng.exe 2032 Console 1 4.960 K
SynTPEnh.exe 672 Console 1 8.728 K
avgnt.exe 628 Console 1 2.508 K
jusched.exe 1144 Console 1 3.316 K
RtHDVCpl.exe 1208 Console 1 7.588 K
hkcmd.exe 1884 Console 1 7.580 K
igfxpers.exe 1460 Console 1 4.756 K
sidebar.exe 2024 Console 1 34.624 K
NDSTray.exe 2460 Console 1 4.720 K
mDNSResponder.exe 2544 Services 0 4.680 K
svchost.exe 2572 Services 0 10.928 K
svchost.exe 2608 Services 0 6.776 K
sqlservr.exe 2676 Services 0 42.500 K
svchost.exe 2904 Services 0 2.736 K
svchost.exe 2952 Services 0 2.664 K
sftvsa.exe 3276 Services 0 3.960 K
sqlwriter.exe 3296 Services 0 4.860 K
svchost.exe 3324 Services 0 4.228 K
TeamViewer_Service.exe 3364 Services 0 2.724 K
TempoSVC.exe 3480 Services 0 15.032 K
sftlist.exe 3648 Services 0 12.668 K
WmiPrvSE.exe 3944 Services 0 5.980 K
CVHSVC.EXE 4024 Services 0 9.072 K
CFSwMgr.exe 4064 Console 1 4.200 K
svchost.exe 2376 Services 0 5.864 K
SearchIndexer.exe 2280 Services 0 7.064 K
svchost.exe 1980 Services 0 1.928 K
wmpnetwk.exe 1872 Services 0 25.088 K
SynTPHelper.exe 4176 Console 1 2.472 K
SearchProtocolHost.exe 4212 Services 0 5.292 K
SearchFilterHost.exe 4232 Services 0 4.104 K
WmiPrvSE.exe 4388 Services 0 5.032 K
svchost.exe 4680 Services 0 10.976 K
cmd.exe 5808 Console 1 3.152 K
conhost.exe 5816 Console 1 4.288 K
tasklist.exe 1372 Console 1 4.340 K
***** Ende des Scans 04.11.2010 um 13:00:17,85 ***
|
|
06.11.2010, 04:44
| #24 |
| /// Helfer-Team | HTML/Rce.Gen Wie ist den aktuellen Zustand des Rechners? |
|
06.11.2010, 08:42
| #25 |
| | HTML/Rce.Gen Jetzt laüft er eigentlich gut, nur beim anmachen ist er manchmal ein Bisschen langsam, aber sonst ist er schnell. Ist er denn jetzt wieder virenfrei? |
|
06.11.2010, 20:48
| #26 |
| | HTML/Rce.Gen Ich habe vorhin nochmal mein Antivirenprogramm rüberlaufen lassen und habe dabei das hier gefunden: Code:
ATTFilter
Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Samstag, 6. November 2010 17:31
Es wird nach 3017056 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7
Windowsversion : (plain) [6.1.7600]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ***-PC
Versionsinformationen:
BUILD.DAT : 10.0.0.592 31823 Bytes 09.08.2010 10:49:00
AVSCAN.EXE : 10.0.3.1 434344 Bytes 02.11.2010 13:38:44
AVSCAN.DLL : 10.0.3.0 56168 Bytes 21.04.2010 11:46:48
LUKE.DLL : 10.0.2.3 104296 Bytes 07.03.2010 17:32:59
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 19:16:50
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 19:16:50
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 18:50:49
VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 19:25:13
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 13:01:02
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 22:01:02
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02.06.2010 12:20:09
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23.07.2010 12:05:51
VBASE008.VDF : 7.10.11.133 3454464 Bytes 13.09.2010 14:42:02
VBASE009.VDF : 7.10.13.80 2265600 Bytes 02.11.2010 17:42:23
VBASE010.VDF : 7.10.13.81 2048 Bytes 02.11.2010 17:42:23
VBASE011.VDF : 7.10.13.82 2048 Bytes 02.11.2010 17:42:23
VBASE012.VDF : 7.10.13.83 2048 Bytes 02.11.2010 17:42:23
VBASE013.VDF : 7.10.13.116 147968 Bytes 04.11.2010 13:00:49
VBASE014.VDF : 7.10.13.117 2048 Bytes 04.11.2010 13:00:49
VBASE015.VDF : 7.10.13.118 2048 Bytes 04.11.2010 13:00:50
VBASE016.VDF : 7.10.13.119 2048 Bytes 04.11.2010 13:00:50
VBASE017.VDF : 7.10.13.120 2048 Bytes 04.11.2010 13:00:50
VBASE018.VDF : 7.10.13.121 2048 Bytes 04.11.2010 13:00:50
VBASE019.VDF : 7.10.13.122 2048 Bytes 04.11.2010 13:00:50
VBASE020.VDF : 7.10.13.123 2048 Bytes 04.11.2010 13:00:50
VBASE021.VDF : 7.10.13.124 2048 Bytes 04.11.2010 13:00:50
VBASE022.VDF : 7.10.13.125 2048 Bytes 04.11.2010 13:00:50
VBASE023.VDF : 7.10.13.126 2048 Bytes 04.11.2010 13:00:50
VBASE024.VDF : 7.10.13.127 2048 Bytes 04.11.2010 13:00:50
VBASE025.VDF : 7.10.13.128 2048 Bytes 04.11.2010 13:00:50
VBASE026.VDF : 7.10.13.129 2048 Bytes 04.11.2010 13:00:50
VBASE027.VDF : 7.10.13.130 2048 Bytes 04.11.2010 13:00:50
VBASE028.VDF : 7.10.13.131 2048 Bytes 04.11.2010 13:00:50
VBASE029.VDF : 7.10.13.132 2048 Bytes 04.11.2010 13:00:50
VBASE030.VDF : 7.10.13.133 2048 Bytes 04.11.2010 13:00:50
VBASE031.VDF : 7.10.13.142 79872 Bytes 05.11.2010 13:00:58
Engineversion : 8.2.4.92
AEVDF.DLL : 8.1.2.1 106868 Bytes 29.07.2010 18:44:56
AESCRIPT.DLL : 8.1.3.46 1364347 Bytes 03.11.2010 14:28:04
AESCN.DLL : 8.1.6.1 127347 Bytes 13.05.2010 09:59:04
AESBX.DLL : 8.1.3.1 254324 Bytes 24.04.2010 17:49:23
AERDL.DLL : 8.1.9.2 635252 Bytes 22.09.2010 12:00:53
AEPACK.DLL : 8.2.3.11 471416 Bytes 11.10.2010 12:01:37
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 22.07.2010 12:01:19
AEHEUR.DLL : 8.1.2.38 2990455 Bytes 03.11.2010 14:27:58
AEHELP.DLL : 8.1.14.0 246134 Bytes 11.10.2010 12:01:00
AEGEN.DLL : 8.1.3.24 401781 Bytes 03.11.2010 14:27:38
AEEMU.DLL : 8.1.2.0 393588 Bytes 24.04.2010 17:49:21
AECORE.DLL : 8.1.17.0 196982 Bytes 25.09.2010 12:00:53
AEBB.DLL : 8.1.1.0 53618 Bytes 24.04.2010 17:49:21
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:10
AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 10:59:07
AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 15:47:40
AVREG.DLL : 10.0.3.2 53096 Bytes 02.11.2010 13:38:44
AVSCPLR.DLL : 10.0.3.1 83816 Bytes 02.11.2010 13:38:44
AVARKT.DLL : 10.0.0.14 227176 Bytes 21.04.2010 11:46:47
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 08:53:25
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:53
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:54
NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:55
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08
RCTEXT.DLL : 10.0.58.0 98152 Bytes 02.11.2010 13:38:44
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, E:, Q:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Optimierter Suchlauf..................: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,
Beginn des Suchlaufs: Samstag, 6. November 2010 17:31
Der Suchlauf nach versteckten Objekten wird begonnen.
HKEY_LOCAL_MACHINE\Software\Microsoft\SoftGrid\4.5\Client\AppFS\contextid
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
\\?\ROOT#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{7872C0E6-A87F-4B5B-8357-9CF1927526EB}
ROOT#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{7872C0E6-A87F-4B5B-8357-9CF1927526EB}
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{7872C0E6-A87F-4B5B-8357-9CF1927526EB}\Connection\defaultnameresourceid
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{7872C0E6-A87F-4B5B-8357-9CF1927526EB}\Connection\defaultnameindex
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{7872C0E6-A87F-4B5B-8357-9CF1927526EB}\Connection\name
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{7872C0E6-A87F-4B5B-8357-9CF1927526EB}\Connection\name
HKEY_LOCAL_MACHINE\System\ControlSet002\services\iphlpsvc\Parameters\Isatap\{7872C0E6-A87F-4B5B-8357-9CF1927526EB}\reusabletype
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\TCPIP6\Parameters\Interfaces\{7872c0e6-a87f-4b5b-8357-9cf1927526eb}\dhcpv6iaid
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\TCPIP6\Parameters\Interfaces\{7872c0e6-a87f-4b5b-8357-9cf1927526eb}\dhcpv6state
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'taskhost.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'sppsvc.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFSvcs.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFIWmxSvcs.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFSwMgr.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'NDSTray.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'CVHSVC.EXE' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftlist.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'TempoSVC.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeamViewer_Service.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlwriter.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftvsa.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlservr.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '152' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '147' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '121' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'E:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'Q:\'
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '381' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <Vista>
Ende des Suchlaufs: Samstag, 6. November 2010 18:30
Benötigte Zeit: 59:37 Minute(n)
Der Suchlauf wurde abgebrochen!
15121 Verzeichnisse wurden überprüft
611093 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
611093 Dateien ohne Befall
4108 Archive wurden durchsucht
0 Warnungen
0 Hinweise
702561 Objekte wurden beim Rootkitscan durchsucht
9 Versteckte Objekte wurden gefunden
Wenn ich mein Lappi nicht mehr hin bekomme, wie kann ich dann das System neuinstallieren? Weil ich habe keine Windows-CD. Ich hatte am Anfang Windows Vista (Ohne CD) und dann habe ich mir das Upgrade für Windows 7 geholt. Ich habe mir mal so eine CD erstellt, die heißt irgendwie "Rettungsdatenträger Windows 7 Home Premium 32-Bit" oder so. Kann man damit auch das System neu aufsetzen? |
|
06.11.2010, 23:15
| #27 |
| | HTML/Rce.Gen [code]info.txtRSIT Logfile: Code:
ATTFilter logfile of random's system information tool 1.08 2010-11-06 20:27:30
======Uninstall list======
32 Bit HP CIO Components Installer-->MsiExec.exe /I{859D40CF-8491-44AD-8FA8-7389CB418C64}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}
4Story 3.4-->"C:\Program Files\Gameforge4D\4Story\unins000.exe"
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
Advertising Center-->MsiExec.exe /X{b2ec4a38-b545-4a00-8214-13fe0e915e6d}
ANNO 1404 - Venedig-->"C:\Program Files\InstallShield Installation Information\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}\setup.exe" -runfromtemp -l0x0007 -removeonly
ANNO 1404-->"C:\Program Files\InstallShield Installation Information\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}\setup.exe" -runfromtemp -l0x0007 -removeonly
ANNO 1602-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F7CAD9-2316-4701-B5CA-E90FD60029E9}\SETUP.exe"
Apple Application Support-->MsiExec.exe /I{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}
Apple Mobile Device Support-->MsiExec.exe /I{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
Atheros Driver Installation Program-->C:\Program Files\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe -runfromtemp -l0x0007
Atheros Wi-Fi Protected Setup Library-->C:\Program Files\InstallShield Installation Information\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}\setup.exe -runfromtemp -l0x0007 -removeonly
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Audiosurf-->"C:\Program Files\Steam\steam.exe" steam://uninstall/12900
AutocompletePro-->"C:\Program Files\AutocompletePro\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bonjour-->MsiExec.exe /X{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}
Camera Assistant Software for Toshiba-->C:\Program Files\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe -runfromtemp -l0x0007
Canon iP3300 Benutzerregistrierung-->C:\Program Files\Canon\IJEREG\iP3300\UNINST.EXE
Canon iP3300-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3300\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3300 /L0x0007
Canon Setup Utility 2.3-->"C:\Program Files\Canon\Canon Setup Utility 2.3\Maint.exe" /Uninstall C:\Program Files\Canon\Canon Setup Utility 2.3\uninst.ini
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Canon Utilities Easy-PrintToolBox-->C:\Windows\BJPSUNST.EXE
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer-->C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe -runfromtemp -l0x0007 -removeonly
Command & Conquer Teil 3: Operation Tiberian Sun-->C:\Westwood\SUN\Uninstll.EXE
dBpowerAMP Music Converter-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
Driver Detective-->MsiExec.exe /X{4640FDE1-B83A-4376-84ED-86F86BEE2D41}
Easy-WebPrint-->C:\Windows\IsUn0407.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Free iPad Video Converter 3.7.0.1-->"C:\Program Files\Free iPad Video Converter\unins000.exe"
Free Video to MP3 Converter version 4.0-->"C:\Program Files\DVDVideoSoft\Free Video to MP3 Converter\unins000.exe"
GIMP 2.6.10-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\7.0.517.41\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /X{4286E640-B5FB-11DF-AC4B-005056C00008}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_AC0049E063DE2AEA.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
HP Customer Participation Program 13.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot
HP Deskjet F4500 Printer Driver Software 13.0 Rel .6-->C:\Program Files\HP\Digital Imaging\{7F08A772-2816-4F46-84F1-49578502AD28}\setup\hpzscr01.exe -datfile hposcr46.dat -onestop -forcereboot
HP Imaging Device Functions 13.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Print Projects 1.0-->C:\Program Files\HP\Digital Imaging\HPPrintProjects\hpzscr01.exe -datfile hpqbud19.dat
HP Smart Web Printing 4.60-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 13.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}
HyperCam 2-->"C:\Program Files\HyCam2\UnHyCam2.exe"
ICQ7-->"C:\Program Files\InstallShield Installation Information\{88EB38EF-4D2C-436D-ABD3-56B232674062}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) TV Wizard-->C:\Windows\system32\TVWizudlg.exe -uninstall
Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
iTunes-->MsiExec.exe /I{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020F0}
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 4 Client Profile DEU Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1031 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile DEU Language Pack-->MsiExec.exe /X{F750C986-5310-3A5A-95F8-4EC71C8AC01C}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft .NET Framework 4 Extended DEU Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ExtendedLP\Setup.exe /repair /x86 /lcid 1031 /parameterfolder ExtendedLP
Microsoft .NET Framework 4 Extended DEU Language Pack-->MsiExec.exe /X{C911A0C2-2236-3164-AA47-F2566C01AE5E}
Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702}
Microsoft .NET Framework 4 Multi-Targeting Pack-->MsiExec.exe /I{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}
Microsoft ASP.NET MVC 2 - DEU-->MsiExec.exe /X{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools - DEU-->MsiExec.exe /X{2CE77981-14DE-4773-8106-27C9C964720C}
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools-->MsiExec.exe /X{5BDFAB82-060E-438B-AB4F-A2331B2294C0}
Microsoft ASP.NET MVC 2-->MsiExec.exe /X{1803A630-3C38-4D2B-9B9A-0CB37243539C}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Help Viewer 1.0 Language Pack - DEU-->C:\Program Files\Microsoft Help Viewer\v1.0\Microsoft Help Viewer 1.0 Language Pack - DEU\install.exe
Microsoft Help Viewer 1.0 Language Pack - DEU-->MsiExec.exe /X{1D328E11-3B0C-388C-835D-C9C20E8C7734}
Microsoft Help Viewer 1.0-->C:\Program Files\Microsoft Help Viewer\v1.0\Microsoft Help Viewer 1.0\install.exe
Microsoft Help Viewer 1.0-->MsiExec.exe /X{47C39E4A-28F2-33B1-B9B7-97F24E52D917}
Microsoft Office Click-to-Run 2010 (Beta)-->"C:\PROGRA~1\COMMON~1\MICROS~1\VIRTUA~1\CVHBS.EXE" /removeall
Microsoft Office Click-to-Run 2010 (Beta)-->MsiExec.exe /I{20140000-006D-0407-0000-0000000FF1CE}
Microsoft Office Home and Business 2010 (Beta) - Deutsch-->C:\Program Files\Common Files\microsoft shared\virtualization handler\cvhbs.exe /uninstall {20140062-0062-0407-0000-0000000FF1CE}
Microsoft Silverlight 3 SDK - Deutsch-->MsiExec.exe /X{91F54E1D-804A-46D8-A56C-53EA9C4B3177}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server 2008 Browser-->MsiExec.exe /X{4AF2248C-B3DF-46FB-9596-87F5DB193689}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{4A6F34E2-09E5-4616-B227-4A26A488A6F9}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{5BD39911-A12F-4562-98BA-A6E03E3370B1}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{477415F5-93DA-46AA-85C5-640047825995}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{F3494AB6-6900-41C6-AF57-823626827ED8}
Microsoft SQL Server 2008 Native Client-->MsiExec.exe /I{1C2B3CEA-482E-4453-B3E2-C9731337828A}
Microsoft SQL Server 2008 R2 Management Objects-->MsiExec.exe /I{A106D33E-6B43-42C0-9BFC-D03303261FA7}
Microsoft SQL Server 2008 RsFx Driver-->MsiExec.exe /I{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}
Microsoft SQL Server 2008-->"C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /X86
Microsoft SQL Server 2008-->"C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /x86
Microsoft SQL Server Compact 3.5 SP2 DEU-->MsiExec.exe /I{0125D081-30D0-4A97-82A8-C28D444B6256}
Microsoft SQL Server Database Publishing Wizard 1.4-->MsiExec.exe /I{ACE28263-76A4-4BF5-B6F4-8BD719595969}
Microsoft SQL Server System CLR Types-->MsiExec.exe /I{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{D074DC76-F6C9-440E-A1D0-1DE958417FDB}
Microsoft Visual Basic 2010 Express - DEU-->C:\Program Files\Microsoft Visual Studio 10.0\Microsoft Visual Basic 2010 Express - DEU\setup.exe
Microsoft Visual Basic 2010 Express - DEU-->MsiExec.exe /X{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}
Microsoft Visual C# 2010 Express - DEU-->C:\Program Files\Microsoft Visual Studio 10.0\Microsoft Visual C# 2010 Express - DEU\setup.exe
Microsoft Visual C# 2010 Express - DEU-->MsiExec.exe /X{D81641E8-ABF1-3D07-803B-60E8FC619368}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218-->MsiExec.exe /X{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974-->MsiExec.exe /X{B7E38540-E355-3503-AFD7-635B2F2F76E1}
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319-->MsiExec.exe /X{6A86554B-8928-30E4-A53C-D7337689134D}
Microsoft Visual C++ 2010 Express - DEU-->C:\Program Files\Microsoft Visual Studio 10.0\Microsoft Visual C++ 2010 Express - DEU\setup.exe
Microsoft Visual C++ 2010 Express - DEU-->MsiExec.exe /X{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools-->MsiExec.exe /X{616C6F39-4CE1-3434-A665-2F6A04C09A7F}
Microsoft Visual Web Developer 2010 Express - DEU-->C:\Program Files\Microsoft Visual Studio 10.0\Microsoft Visual Web Developer 2010 Express - DEU\setup.exe
Microsoft Visual Web Developer 2010 Express - DEU-->MsiExec.exe /X{638AA518-6A32-33CC-B88F-BCD20B2DCF2E}
Microsoft Works-->MsiExec.exe /I{39D0E034-1042-4905-BECB-5502909FCB7C}
Mozilla Firefox (3.6.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
myphotobook 3.6-->C:\Program Files\myphotobook\uninst.exe
Nero 9 Essentials-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="XM02-508X-MHAT-19WU-9Z3Z-0CH0-3U6E-85W5-MMHH-6647-1Z5L-7M8C-0U45-758P-0000"
Nero ControlCenter-->MsiExec.exe /X{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}
Nero Installer-->MsiExec.exe /X{e8a80433-302b-4ff1-815d-fcc8eac482ff}
Nero Online Upgrade-->MsiExec.exe /X{dba84796-8503-4ff0-af57-1747dd9a166d}
Nero StartSmart OEM-->MsiExec.exe /X{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}
Nero StartSmart-->MsiExec.exe /X{7748ac8c-18e3-43bb-959b-088faea16fb2}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
OpenOffice.org 3.2-->MsiExec.exe /I{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}
Opera 10.60-->MsiExec.exe /X{1D2C96C3-A3F3-49E7-B839-95279DED837F}
QuickTime-->MsiExec.exe /I{E7004147-2CCA-431C-AA05-2AB166B9785D}
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly
Safari-->MsiExec.exe /I{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7A2C18A1-D2A2-3177-82F1-5FE9CC08ECB0} /parameterfolder Extended
Service Pack 1 für SQL Server 2008 (KB 968369)-->"C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB968369\ServicePack\setup.exe" /Action=RemovePatch /AllInstances
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Sql Server Customer Experience Improvement Program-->MsiExec.exe /I{C965F01C-76EA-4BD7-973E-46236AE312D7}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Steganos Password Manager Free-->C:\Program Files\Steganos Password Manager Free 11\uninstall.exe
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamViewer 5-->C:\Program Files\TeamViewer\Version5\uninstall.exe
TOSHIBA Assist-->C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe -runfromtemp -l0x0007 -removeonly
TOSHIBA Benutzerhandbücher-->C:\Program Files\InstallShield Installation Information\{1C971EE3-B4C4-4367-9676-57549919C6CE}\setup.exe -runfromtemp -l0x0007 -removeonly
TOSHIBA ConfigFree-->MsiExec.exe /X{F3529665-D75E-4D6D-98F0-745C78C68E9B}
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0407
TOSHIBA Hardware Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2883F6F5-0509-43F3-868C-D50330DD9DD3}\setup.exe" -l0x7
Toshiba Online Product Information-->C:\Program Files\InstallShield Installation Information\{2290A680-4083-410A-ADCC-7092C67FC052}\setup.exe -runfromtemp -l0x0007 -removeonly
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Supervisor Password-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}\setup.exe" -l0x7
Toshiba TEMPRO-->MsiExec.exe /X{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}
TRDCReminder-->C:\Program Files\InstallShield Installation Information\{773970F1-5EBA-4474-ADEE-1EA3B0A59492}\setup.exe -runfromtemp -l0x0407
TRORDCLauncher-->C:\Program Files\InstallShield Installation Information\{E65C7D8E-186D-484B-BEA8-DEF0331CE600}\setup.exe -runfromtemp -l0x0407
TubeBox!-->MsiExec.exe /I{8DB77BE4-629D-458D-BD68-9F36667C2177}
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Unterstützungsdateien für Microsoft SQL Server 2008-Setup -->MsiExec.exe /X{9AA2D735-3375-42D4-9A61-3FFEF82599D6}
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU-->MsiExec.exe /X{CFCB8616-A5D1-4281-80E8-389F685BFAE2}
Web Deployment Tool-->MsiExec.exe /I{0F37D969-1260-419E-B308-EF7D29ABDE20}
Windows 7 Upgrade Advisor-->MsiExec.exe /I{9A4D182C-35C7-4791-8484-4304EBC9101A}
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Communications Platform-->MsiExec.exe /I{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{CAFA57E8-8927-4912-AFCF-B0AA3837E989}
Windows Live Fotogalerie-->MsiExec.exe /X{850C7BD3-9F3F-46AD-9396-E7985B38C55E}
Windows Live Movie Maker-->MsiExec.exe /X{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}
Windows Live Sync-->MsiExec.exe /X{586509F0-350D-48B5-B763-9CC2F8D96C4C}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
======System event log======
Computer Name: ***-PC
Event Code: 7036
Message: Dienst "Netzwerkspeicher-Schnittstellendienst" befindet sich jetzt im Status "Ausgeführt".
Record Number: 160922
Source Name: Service Control Manager
Time Written: 20100701114858.547251-000
Event Type: Informationen
User:
Computer Name: ***-PC
Event Code: 7036
Message: Dienst "CNG-Schlüsselisolation" befindet sich jetzt im Status "Ausgeführt".
Record Number: 160921
Source Name: Service Control Manager
Time Written: 20100701114858.547251-000
Event Type: Informationen
User:
Computer Name: ***-PC
Event Code: 7036
Message: Dienst "TCP/IP-NetBIOS-Hilfsdienst" befindet sich jetzt im Status "Ausgeführt".
Record Number: 160920
Source Name: Service Control Manager
Time Written: 20100701114858.547251-000
Event Type: Informationen
User:
Computer Name: ***-PC
Event Code: 7036
Message: Dienst "Windows Driver Foundation - Benutzermodus-Treiberframework" befindet sich jetzt im Status "Ausgeführt".
Record Number: 160919
Source Name: Service Control Manager
Time Written: 20100701114858.516050-000
Event Type: Informationen
User:
Computer Name: ***-PC
Event Code: 7036
Message: Dienst "Sicherheitskonto-Manager" befindet sich jetzt im Status "Ausgeführt".
Record Number: 160918
Source Name: Service Control Manager
Time Written: 20100701114858.469250-000
Event Type: Informationen
User:
=====Application event log=====
Computer Name: ***-PC
Event Code: 9009
Message: Der Desktopfenster-Manager wurde mit dem Code (0x40010004) abgebrochen.
Record Number: 10400
Source Name: Desktop Window Manager
Time Written: 20100106190213.000000-000
Event Type: Informationen
User:
Computer Name: ***-PC
Event Code: 0
Message:
Record Number: 10399
Source Name: gusvc
Time Written: 20100106184230.000000-000
Event Type: Informationen
User:
Computer Name: ***-PC
Event Code: 0
Message:
Record Number: 10398
Source Name: gusvc
Time Written: 20100106184129.000000-000
Event Type: Informationen
User:
Computer Name: ***-PC
Event Code: 1
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 10397
Source Name: SecurityCenter
Time Written: 20100106182902.000000-000
Event Type: Informationen
User:
Computer Name: ***-PC
Event Code: 10
Message: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Record Number: 10396
Source Name: Microsoft-Windows-WMI
Time Written: 20100106182713.000000-000
Event Type: Fehler
User:
=====Security event log=====
Computer Name: ***-PC
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: ***-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Anmeldetyp: 5
Neue Anmeldung:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Prozessinformationen:
Prozess-ID: 0x224
Prozessname: C:\Windows\System32\services.exe
Netzwerkinformationen:
Arbeitsstationsname:
Quellnetzwerkadresse: -
Quellport: -
Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: Advapi
Authentifizierungspaket: Negotiate
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0
Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.
Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".
Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).
Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.
Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.
Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 22149
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100217123116.226842-000
Event Type: Überwachung erfolgreich
User:
Computer Name: ***-PC
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.
Antragsteller:
Sicherheits-ID: S-1-0-0
Kontoname: -
Kontodomäne: -
Anmelde-ID: 0x0
Anmeldetyp: 3
Neue Anmeldung:
Sicherheits-ID: S-1-5-7
Kontoname: ANONYMOUS-ANMELDUNG
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x41273
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Prozessinformationen:
Prozess-ID: 0x0
Prozessname: -
Netzwerkinformationen:
Arbeitsstationsname:
Quellnetzwerkadresse: -
Quellport: -
Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: NtLmSsp
Authentifizierungspaket: NTLM
Übertragene Dienste: -
Paketname (nur NTLM): NTLM V1
Schlüssellänge: 0
Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.
Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".
Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).
Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.
Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.
Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 22148
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100217123104.136821-000
Event Type: Überwachung erfolgreich
User:
Computer Name: ***-PC
Event Code: 5024
Message: Der Windows-Firewalldienst wurde erfolgreich gestartet.
Record Number: 22147
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100217123031.873635-000
Event Type: Überwachung erfolgreich
User:
Computer Name: ***-PC
Event Code: 5033
Message: Der Windows-Firewalltreiber wurde erfolgreich gestartet.
Record Number: 22146
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100217123031.686435-000
Event Type: Überwachung erfolgreich
User:
Computer Name: ***-PC
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Berechtigungen: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 22145
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100217123029.798832-000
Event Type: Überwachung erfolgreich
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"DFSTRACINGON"=FALSE
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"VS100COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 10.0\Common7\Tools\
-----------------EOF-----------------
RSIT Logfile: Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by *** at 2010-11-06 20:27:23 Microsoft Windows 7 Home Premium System drive C: has 108 GB (56%) free of 191 GB Total RAM: 2940 MB (54% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:27:27, on 06.11.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16671) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\program files\avira\antivir desktop\avscan.exe C:\Program Files\Avira\AntiVir Desktop\avscan.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\***\Desktop\HiJackThis.exe C:\Windows\explorer.exe C:\Users\***\Desktop\RSIT.exe C:\Program Files\trend micro\***.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user') O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O9 - Extra button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- End of file - 4630 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-14 1348904] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-11-02 281768] ""= [] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-04-08 6037504] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-08-25 136216] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-08-25 171032] "Persistence"=C:\Windows\system32\igfxpers.exe [2010-08-25 170520] " Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952] "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-09-21 47904] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-09-21 47904] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2008-09-26 417792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [2008-05-28 20480] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2010-06-09 49208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2010-09-24 421160] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe [2010-09-02 13351304] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] C:\Windows\Skytel.exe [2007-11-20 1826816] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-08-11 68856] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2007-07-10 581632] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [2008-01-11 574864] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe [2008-04-24 103824] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2009-05-21 275768] C:\Users\***\Desktop\SAchn\Startup OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2010-08-25 228864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "legalnoticetext"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-11-05 13:23:59 ----D---- C:\Program Files\JRE 2010-11-05 13:18:34 ----A---- C:\Windows\system32\javaws.exe 2010-11-05 13:18:34 ----A---- C:\Windows\system32\javaw.exe 2010-11-05 13:18:34 ----A---- C:\Windows\system32\java.exe 2010-11-01 13:44:51 ----A---- C:\Windows\system32\hjtscanlist.txt 2010-10-29 15:58:56 ----D---- C:\Windows\pss 2010-10-27 16:52:30 ----D---- C:\Users\***\AppData\Roaming\Malwarebytes 2010-10-27 16:51:58 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys 2010-10-27 16:51:55 ----D---- C:\ProgramData\Malwarebytes 2010-10-27 16:51:54 ----A---- C:\Windows\system32\drivers\mbam.sys 2010-10-27 16:51:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-10-27 14:37:36 ----D---- C:\rsit 2010-10-27 14:35:31 ----A---- C:\Windows\system32\msdri.dll 2010-10-27 14:35:31 ----A---- C:\Windows\system32\CPFilters.dll 2010-10-27 14:35:21 ----A---- C:\Windows\system32\drivers\Diskdump.sys 2010-10-13 20:04:11 ----D---- C:\Users\***\AppData\Roaming\Microsoft Corporation 2010-10-13 07:14:22 ----A---- C:\Windows\system32\ole32.dll 2010-10-13 07:14:17 ----A---- C:\Windows\system32\mshtml.dll 2010-10-13 07:14:17 ----A---- C:\Windows\system32\iertutil.dll 2010-10-13 07:14:16 ----A---- C:\Windows\system32\ieframe.dll 2010-10-13 07:14:15 ----A---- C:\Windows\system32\wininet.dll 2010-10-13 07:14:15 ----A---- C:\Windows\system32\urlmon.dll 2010-10-13 07:14:15 ----A---- C:\Windows\system32\mstime.dll 2010-10-13 07:14:15 ----A---- C:\Windows\system32\mshtmled.dll 2010-10-13 07:14:15 ----A---- C:\Windows\system32\msfeedssync.exe 2010-10-13 07:14:15 ----A---- C:\Windows\system32\msfeedsbs.dll 2010-10-13 07:14:15 ----A---- C:\Windows\system32\msfeeds.dll 2010-10-13 07:14:15 ----A---- C:\Windows\system32\licmgr10.dll 2010-10-13 07:14:15 ----A---- C:\Windows\system32\jsproxy.dll 2010-10-13 07:14:15 ----A---- C:\Windows\system32\ieui.dll 2010-10-13 07:14:15 ----A---- C:\Windows\system32\iepeers.dll 2010-10-13 07:14:15 ----A---- C:\Windows\system32\iedkcs32.dll 2010-10-13 07:14:04 ----A---- C:\Windows\system32\t2embed.dll 2010-10-13 07:13:57 ----A---- C:\Windows\system32\schannel.dll 2010-10-13 07:13:48 ----A---- C:\Windows\system32\comctl32.dll 2010-10-13 07:13:40 ----A---- C:\Windows\system32\mfc40u.dll 2010-10-13 07:13:40 ----A---- C:\Windows\system32\mfc40.dll 2010-10-13 07:13:31 ----A---- C:\Windows\system32\wmp.dll 2010-10-13 07:13:30 ----A---- C:\Windows\system32\wmploc.DLL 2010-10-13 07:13:21 ----A---- C:\Windows\system32\win32k.sys 2010-10-13 07:13:13 ----A---- C:\Windows\system32\srvsvc.dll 2010-10-13 07:13:13 ----A---- C:\Windows\system32\drivers\srvnet.sys 2010-10-13 07:13:13 ----A---- C:\Windows\system32\drivers\srv2.sys 2010-10-13 07:13:13 ----A---- C:\Windows\system32\drivers\srv.sys 2010-10-13 07:13:05 ----A---- C:\Windows\system32\wmpmde.dll 2010-10-13 07:12:57 ----A---- C:\Windows\system32\StructuredQuery.dll 2010-10-12 17:21:27 ----D---- C:\Program Files\Microsoft ASP.NET 2010-10-12 17:21:23 ----D---- C:\Program Files\IIS 2010-10-12 17:00:16 ----D---- C:\Windows\symbols 2010-10-12 17:00:09 ----D---- C:\Program Files\Common Files\Merge Modules 2010-10-12 16:45:21 ----A---- C:\Windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2010-10-12 16:45:13 ----A---- C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll 2010-10-12 16:44:21 ----D---- C:\Windows\system32\RsFx 2010-10-12 16:43:20 ----D---- C:\Program Files\Microsoft Visual Studio 9.0 2010-10-12 16:43:08 ----D---- C:\Windows\system32\1033 2010-10-12 16:43:08 ----D---- C:\Windows\system32\1031 2010-10-12 16:39:25 ----D---- C:\Program Files\Microsoft SQL Server 2010-10-12 16:39:17 ----D---- C:\Program Files\Microsoft Silverlight 2010-10-12 16:39:04 ----D---- C:\Program Files\Microsoft Synchronization Services 2010-10-12 16:37:11 ----D---- C:\Program Files\Microsoft Visual Studio 10.0 2010-10-12 16:37:11 ----D---- C:\Program Files\Microsoft SDKs 2010-10-12 16:37:11 ----D---- C:\Program Files\Microsoft Help Viewer ======List of files/folders modified in the last 1 months====== 2010-11-06 20:27:25 ----D---- C:\Program Files\Trend Micro 2010-11-06 20:24:26 ----SHD---- C:\System Volume Information 2010-11-06 20:17:52 ----D---- C:\Windows\system32\config 2010-11-06 20:07:39 ----D---- C:\Windows\Temp 2010-11-06 20:06:26 ----D---- C:\Windows 2010-11-05 23:06:25 ----D---- C:\Users\***\AppData\Roaming\SoftGrid Client 2010-11-05 13:25:56 ----SHD---- C:\Windows\Installer 2010-11-05 13:25:56 ----D---- C:\Program Files\OpenOffice.org 3 2010-11-05 13:25:09 ----HD---- C:\Config.Msi 2010-11-05 13:25:08 ----RSD---- C:\Windows\assembly 2010-11-05 13:24:14 ----RSD---- C:\Windows\Fonts 2010-11-05 13:23:59 ----RD---- C:\Program Files 2010-11-05 13:19:42 ----D---- C:\Windows\winsxs 2010-11-05 13:18:34 ----D---- C:\Windows\System32 2010-11-05 13:18:09 ----D---- C:\Program Files\Java 2010-11-04 18:51:14 ----D---- C:\Windows\system32\catroot2 2010-11-04 13:31:15 ----D---- C:\Windows\Minidump 2010-11-04 13:31:15 ----D---- C:\Windows\debug 2010-11-02 19:23:05 ----D---- C:\Users\***\AppData\Roaming\Skype 2010-11-01 14:28:17 ----D---- C:\Windows\inf 2010-11-01 14:28:17 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-11-01 13:54:02 ----D---- C:\Program Files\AutocompletePro 2010-10-30 12:10:04 ----D---- C:\Windows\system32\drivers 2010-10-30 12:10:03 ----D---- C:\Windows\system32\DriverStore 2010-10-30 12:10:03 ----D---- C:\Windows\system32\catroot 2010-10-30 11:17:32 ----D---- C:\Users\***\AppData\Roaming\skypePM 2010-10-29 16:27:10 ----D---- C:\Program Files\Mozilla Firefox 2010-10-28 19:53:04 ----D---- C:\Windows\Microsoft.NET 2010-10-28 12:38:38 ----A---- C:\Windows\system32\deployJava1.dll 2010-10-28 12:28:27 ----D---- C:\Program Files\Common Files\Java 2010-10-27 20:27:18 ----D---- C:\Windows\ehome 2010-10-27 20:27:09 ----D---- C:\Windows\AppPatch 2010-10-27 16:51:55 ----HD---- C:\ProgramData 2010-10-26 18:39:09 ----D---- C:\Windows\system32\NDF 2010-10-21 18:35:20 ----D---- C:\Windows\rescache 2010-10-19 19:25:30 ----D---- C:\Users\***\AppData\Roaming\gtk-2.0 2010-10-19 10:41:44 ----N---- C:\Windows\system32\MpSigStub.exe 2010-10-13 15:23:06 ----D---- C:\Windows\system32\migration 2010-10-13 15:23:06 ----D---- C:\Program Files\Internet Explorer 2010-10-13 15:23:04 ----D---- C:\Program Files\Windows Media Player 2010-10-13 13:29:20 ----SD---- C:\ProgramData\Microsoft 2010-10-13 13:27:03 ----A---- C:\Windows\system32\MRT.exe 2010-10-12 17:20:46 ----SD---- C:\Users\***\AppData\Roaming\Microsoft 2010-10-12 17:19:37 ----D---- C:\Program Files\Common Files\microsoft shared 2010-10-12 17:00:09 ----D---- C:\Program Files\MSBuild 2010-10-12 17:00:09 ----D---- C:\Program Files\Common Files 2010-10-12 16:42:54 ----D---- C:\Program Files\Microsoft.NET 2010-10-12 16:39:04 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition 2010-10-12 16:35:38 ----D---- C:\Windows\system32\de-DE 2010-10-09 12:41:26 ----D---- C:\Users\***\AppData\Roaming\ICQ 2010-10-08 18:49:59 ----SHD---- C:\$RECYCLE.BIN 2010-10-08 18:49:53 ----RD---- C:\Users ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2008-04-15 312344] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648] R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 23640] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-11-02 126856] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128] R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-09-20 281760] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-11-02 60936] R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-09-20 25888] R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-13 1035776] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-09-21 1218048] R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-08-25 9024512] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-09 2095512] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048] R3 sftfs;sftfs; \??\C:\Program Files\Microsoft Application Virtualization Client\drivers\sftfslh.sys [2009-09-23 543064] R3 sftplay;sftplay; \??\C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys [2009-09-23 190312] R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2009-09-23 21848] R3 sftvol;sftvol; \??\C:\Program Files\Microsoft Application Virtualization Client\drivers\sftvollh.sys [2009-09-23 14680] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-08-14 203312] R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2008-07-15 17960] R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336] S1 jswpslwf;JumpStart Wireless Filter Driver; C:\Windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384] S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704] S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720] S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888] S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072] S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 16384] S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864] S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [] S3 EagleXNt;EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [] S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368] S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-04-15 118784] S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-04-02 62976] S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-04-19 41984] S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840] S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328] S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944] S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920] S3 XDva289;XDva289; \??\C:\Windows\system32\XDva289.sys [] S4 RsFx0103;RsFx0103 Driver; C:\Windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-11-02 267944] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-08-13 144672] R2 Bonjour Service;Dienst "Bonjour"; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376] R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712] R2 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448] R2 cvhsvc;Client Virtualization Handler; C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2009-09-26 819600] R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392] R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 sftlist;Application Virtualization Client; C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [2009-09-23 447832] R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840] R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-06-28 173352] R2 TempoMonitoringService;Notebook Performance Tuning Service ; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720] R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992] R3 sftvsa;Application Virtualization Service Agent; C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [2009-09-23 203608] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-20 182768] S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-09-24 820008] S3 jswpsapi;Jumpstart Wifi Protected Setup; C:\Program Files\Jumpstart\jswpsapi.exe [2008-04-16 954368] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2009-09-26 149336] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136] S4 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-11 135664] S4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 47128] S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936] S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808] S4 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-07-28 407336] -----------------EOF----------------- Hoffe da ist jetzt nichts mehr. |
|
07.11.2010, 10:14
| #28 |
| | HTML/Rce.Gen Nach einem weiteren Scan von Avira wurde nichts mehr gefunden und der Kaspersky online Scanner und Malwarebytes haben auch nichts gefunden  |
|
11.11.2010, 08:06
| #29 | |
| /// Helfer-Team | HTML/Rce.Gen 1. Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf: Code:
ATTFilter HijackThis/Trend Micro
filelist.bat
CCleaner
2. Wenn alles gut verlaufen und dein System läuft stabil, mache folgendes: Systemsteuerung/System und Sicherheit/System/Computerschutz/Systemeigenschaften poppt auf und dann einen Sicherungspunkt erstellen Systemwiederherstellung deaktivieren: Windows 7 - einen manuellen Systemwiederherstellungspunkt erstellen also zuerst deaktivieren-> dann aktivieren - am Ende soll wieder aktiviert sein! Lesestoff:
Zitat:
|
|
11.11.2010, 14:57
| #30 |
| | HTML/Rce.Gen Das mit der Sicherung hab ich aber schon letzten Sonntag (7.11.2019) gemacht. |
|
| Themen zu HTML/Rce.Gen |
| antivir, fertig, gefunde, html/rce.gen, meldung, müsst |
Linear-Darstellung
