| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ControlSet002 ?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.11.2010, 16:12
| #1 |
 |  ControlSet002 ? Hallo, Ich habe das letztens schonmal gehabt, dass ich bein Suchlauf mit Avira Antivir diese komischen ControlSet002s gefunden hab und ich weiß nicht was das ist. manchmal finde ich die, manchmal aber auch nicht. Ich habe hier im Forum gelesen, dass die von irgendeinem Trojaner oder so kommen. Hier mal das Log von AntiVir: Code:
ATTFilter
Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Mittwoch, 17. November 2010 15:34
Es wird nach 3061539 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7
Windowsversion : (plain) [6.1.7600]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ***-PC
Versionsinformationen:
BUILD.DAT : 10.0.0.592 31823 Bytes 09.08.2010 10:49:00
AVSCAN.EXE : 10.0.3.1 434344 Bytes 02.11.2010 13:38:44
AVSCAN.DLL : 10.0.3.0 56168 Bytes 21.04.2010 11:46:48
LUKE.DLL : 10.0.2.3 104296 Bytes 07.03.2010 17:32:59
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 19:16:50
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 19:16:50
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 18:50:49
VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 19:25:13
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 13:01:02
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 22:01:02
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02.06.2010 12:20:09
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23.07.2010 12:05:51
VBASE008.VDF : 7.10.11.133 3454464 Bytes 13.09.2010 14:42:02
VBASE009.VDF : 7.10.13.80 2265600 Bytes 02.11.2010 17:42:23
VBASE010.VDF : 7.10.13.81 2048 Bytes 02.11.2010 17:42:23
VBASE011.VDF : 7.10.13.82 2048 Bytes 02.11.2010 17:42:23
VBASE012.VDF : 7.10.13.83 2048 Bytes 02.11.2010 17:42:23
VBASE013.VDF : 7.10.13.116 147968 Bytes 04.11.2010 13:00:49
VBASE014.VDF : 7.10.13.147 146944 Bytes 07.11.2010 13:01:02
VBASE015.VDF : 7.10.13.180 123904 Bytes 09.11.2010 14:40:00
VBASE016.VDF : 7.10.13.211 122368 Bytes 11.11.2010 13:00:58
VBASE017.VDF : 7.10.13.243 147456 Bytes 15.11.2010 13:00:51
VBASE018.VDF : 7.10.13.244 142848 Bytes 15.11.2010 14:34:16
VBASE019.VDF : 7.10.13.245 2048 Bytes 15.11.2010 14:34:16
VBASE020.VDF : 7.10.13.246 2048 Bytes 15.11.2010 14:34:16
VBASE021.VDF : 7.10.13.247 2048 Bytes 15.11.2010 14:34:16
VBASE022.VDF : 7.10.13.248 2048 Bytes 15.11.2010 14:34:16
VBASE023.VDF : 7.10.13.249 2048 Bytes 15.11.2010 14:34:16
VBASE024.VDF : 7.10.13.250 2048 Bytes 15.11.2010 14:34:16
VBASE025.VDF : 7.10.13.251 2048 Bytes 15.11.2010 14:34:16
VBASE026.VDF : 7.10.13.252 2048 Bytes 15.11.2010 14:34:16
VBASE027.VDF : 7.10.13.253 2048 Bytes 15.11.2010 14:34:16
VBASE028.VDF : 7.10.13.254 2048 Bytes 15.11.2010 14:34:16
VBASE029.VDF : 7.10.13.255 2048 Bytes 15.11.2010 14:34:16
VBASE030.VDF : 7.10.14.0 2048 Bytes 15.11.2010 14:34:16
VBASE031.VDF : 7.10.14.9 36352 Bytes 16.11.2010 14:34:16
Engineversion : 8.2.4.98
AEVDF.DLL : 8.1.2.1 106868 Bytes 29.07.2010 18:44:56
AESCRIPT.DLL : 8.1.3.46 1364347 Bytes 03.11.2010 14:28:04
AESCN.DLL : 8.1.6.1 127347 Bytes 13.05.2010 09:59:04
AESBX.DLL : 8.1.3.1 254324 Bytes 24.04.2010 17:49:23
AERDL.DLL : 8.1.9.2 635252 Bytes 22.09.2010 12:00:53
AEPACK.DLL : 8.2.3.11 471416 Bytes 11.10.2010 12:01:37
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 22.07.2010 12:01:19
AEHEUR.DLL : 8.1.2.41 3043703 Bytes 12.11.2010 13:01:11
AEHELP.DLL : 8.1.14.0 246134 Bytes 11.10.2010 12:01:00
AEGEN.DLL : 8.1.3.24 401781 Bytes 03.11.2010 14:27:38
AEEMU.DLL : 8.1.2.0 393588 Bytes 24.04.2010 17:49:21
AECORE.DLL : 8.1.17.0 196982 Bytes 25.09.2010 12:00:53
AEBB.DLL : 8.1.1.0 53618 Bytes 24.04.2010 17:49:21
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:10
AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 10:59:07
AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 15:47:40
AVREG.DLL : 10.0.3.2 53096 Bytes 02.11.2010 13:38:44
AVSCPLR.DLL : 10.0.3.1 83816 Bytes 02.11.2010 13:38:44
AVARKT.DLL : 10.0.0.14 227176 Bytes 21.04.2010 11:46:47
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 08:53:25
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:53
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:54
NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:55
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08
RCTEXT.DLL : 10.0.58.0 98152 Bytes 02.11.2010 13:38:44
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, E:, Q:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Optimierter Suchlauf..................: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,
Beginn des Suchlaufs: Mittwoch, 17. November 2010 15:34
Der Suchlauf nach versteckten Objekten wird begonnen.
HKEY_USERS\S-1-5-21-1712401592-4033205459-3372233946-1000\Software\Microsoft\Windows NT\CurrentVersion\Devices\hp02eca9 (hp deskjet f4500 series)
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-1712401592-4033205459-3372233946-1000\Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts\hp02eca9 (hp deskjet f4500 series)
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Microsoft\SoftGrid\4.5\Client\AppFS\contextid
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
\\?\Root#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{5C82FA61-FAD6-40B8-BDDE-FE07FA2E7277}
Root#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{5C82FA61-FAD6-40B8-BDDE-FE07FA2E7277}
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{5C82FA61-FAD6-40B8-BDDE-FE07FA2E7277}\Connection\defaultnameresourceid
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{5C82FA61-FAD6-40B8-BDDE-FE07FA2E7277}\Connection\defaultnameindex
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{5C82FA61-FAD6-40B8-BDDE-FE07FA2E7277}\Connection\name
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{5C82FA61-FAD6-40B8-BDDE-FE07FA2E7277}\Connection\name
HKEY_LOCAL_MACHINE\System\ControlSet002\services\iphlpsvc\Parameters\Isatap\{5C82FA61-FAD6-40B8-BDDE-FE07FA2E7277}\reusabletype
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\TCPIP6\Parameters\Interfaces\{5c82fa61-fad6-40b8-bdde-fe07fa2e7277}\dhcpv6iaid
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\TCPIP6\Parameters\Interfaces\{5c82fa61-fad6-40b8-bdde-fe07fa2e7277}\dhcpv6state
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'IELowutil.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'sppsvc.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFSvcs.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFIWmxSvcs.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFSwMgr.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'NDSTray.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'CVHSVC.EXE' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftlist.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'TempoSVC.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeamViewer_Service.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlwriter.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftvsa.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlservr.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '156' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '154' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '121' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'E:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'Q:\'
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '384' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <Vista>
Ende des Suchlaufs: Mittwoch, 17. November 2010 15:57
Benötigte Zeit: 23:14 Minute(n)
Der Suchlauf wurde abgebrochen!
7992 Verzeichnisse wurden überprüft
211206 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
211206 Dateien ohne Befall
1796 Archive wurden durchsucht
0 Warnungen
0 Hinweise
705224 Objekte wurden beim Rootkitscan durchsucht
11 Versteckte Objekte wurden gefunden
Edit : Hier auch noch die RSIT Logfiles: [CODE]info.txtRSIT Logfile: Code:
ATTFilter logfile of random's system information tool 1.08 2010-11-17 16:26:25
======Uninstall list======
32 Bit HP CIO Components Installer-->MsiExec.exe /I{859D40CF-8491-44AD-8FA8-7389CB418C64}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}
4Story 3.4-->"C:\Program Files\Gameforge4D\4Story\unins000.exe"
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
Advertising Center-->MsiExec.exe /X{b2ec4a38-b545-4a00-8214-13fe0e915e6d}
ANNO 1404 - Venedig-->"C:\Program Files\InstallShield Installation Information\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}\setup.exe" -runfromtemp -l0x0007 -removeonly
ANNO 1404-->"C:\Program Files\InstallShield Installation Information\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}\setup.exe" -runfromtemp -l0x0007 -removeonly
ANNO 1602-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F7CAD9-2316-4701-B5CA-E90FD60029E9}\SETUP.exe"
Apple Application Support-->MsiExec.exe /I{17424F35-8B77-4ADF-BC63-BF9B81418539}
Apple Mobile Device Support-->MsiExec.exe /I{308B6AEA-DE50-4666-996D-0FA461719D6B}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
Atheros Driver Installation Program-->C:\Program Files\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe -runfromtemp -l0x0007
Atheros Wi-Fi Protected Setup Library-->C:\Program Files\InstallShield Installation Information\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}\setup.exe -runfromtemp -l0x0007 -removeonly
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Audiosurf-->"C:\Program Files\Steam\steam.exe" steam://uninstall/12900
AutocompletePro-->"C:\Program Files\AutocompletePro\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bonjour-->MsiExec.exe /X{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}
Camera Assistant Software for Toshiba-->C:\Program Files\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe -runfromtemp -l0x0007
Canon iP3300 Benutzerregistrierung-->C:\Program Files\Canon\IJEREG\iP3300\UNINST.EXE
Canon iP3300-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3300\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3300 /L0x0007
Canon Setup Utility 2.3-->"C:\Program Files\Canon\Canon Setup Utility 2.3\Maint.exe" /Uninstall C:\Program Files\Canon\Canon Setup Utility 2.3\uninst.ini
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Canon Utilities Easy-PrintToolBox-->C:\Windows\BJPSUNST.EXE
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer-->C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe -runfromtemp -l0x0007 -removeonly
Command & Conquer Teil 3: Operation Tiberian Sun-->C:\Westwood\SUN\Uninstll.EXE
dBpowerAMP Music Converter-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
Driver Detective-->MsiExec.exe /X{4640FDE1-B83A-4376-84ED-86F86BEE2D41}
Easy-WebPrint-->C:\Windows\IsUn0407.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Free iPad Video Converter 3.7.0.1-->"C:\Program Files\Free iPad Video Converter\unins000.exe"
Free Video to MP3 Converter version 4.0-->"C:\Program Files\DVDVideoSoft\Free Video to MP3 Converter\unins000.exe"
GIMP 2.6.10-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\7.0.517.41\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /X{4286E640-B5FB-11DF-AC4B-005056C00008}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_AC0049E063DE2AEA.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
HP Customer Participation Program 13.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot
HP Deskjet F4500 Printer Driver Software 13.0 Rel .6-->C:\Program Files\HP\Digital Imaging\{7F08A772-2816-4F46-84F1-49578502AD28}\setup\hpzscr01.exe -datfile hposcr46.dat -onestop -forcereboot
HP Imaging Device Functions 13.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Print Projects 1.0-->C:\Program Files\HP\Digital Imaging\HPPrintProjects\hpzscr01.exe -datfile hpqbud19.dat
HP Smart Web Printing 4.60-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 13.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}
HyperCam 2-->"C:\Program Files\HyCam2\UnHyCam2.exe"
ICQ7-->"C:\Program Files\InstallShield Installation Information\{88EB38EF-4D2C-436D-ABD3-56B232674062}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) TV Wizard-->C:\Windows\system32\TVWizudlg.exe -uninstall
Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
iTunes-->MsiExec.exe /I{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020F0}
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 4 Client Profile DEU Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1031 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile DEU Language Pack-->MsiExec.exe /X{F750C986-5310-3A5A-95F8-4EC71C8AC01C}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft .NET Framework 4 Extended DEU Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ExtendedLP\Setup.exe /repair /x86 /lcid 1031 /parameterfolder ExtendedLP
Microsoft .NET Framework 4 Extended DEU Language Pack-->MsiExec.exe /X{C911A0C2-2236-3164-AA47-F2566C01AE5E}
Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702}
Microsoft .NET Framework 4 Multi-Targeting Pack-->MsiExec.exe /I{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}
Microsoft ASP.NET MVC 2 - DEU-->MsiExec.exe /X{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools - DEU-->MsiExec.exe /X{2CE77981-14DE-4773-8106-27C9C964720C}
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools-->MsiExec.exe /X{5BDFAB82-060E-438B-AB4F-A2331B2294C0}
Microsoft ASP.NET MVC 2-->MsiExec.exe /X{1803A630-3C38-4D2B-9B9A-0CB37243539C}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Help Viewer 1.0 Language Pack - DEU-->C:\Program Files\Microsoft Help Viewer\v1.0\Microsoft Help Viewer 1.0 Language Pack - DEU\install.exe
Microsoft Help Viewer 1.0 Language Pack - DEU-->MsiExec.exe /X{1D328E11-3B0C-388C-835D-C9C20E8C7734}
Microsoft Help Viewer 1.0-->C:\Program Files\Microsoft Help Viewer\v1.0\Microsoft Help Viewer 1.0\install.exe
Microsoft Help Viewer 1.0-->MsiExec.exe /X{47C39E4A-28F2-33B1-B9B7-97F24E52D917}
Microsoft Office Click-to-Run 2010 (Beta)-->"C:\PROGRA~1\COMMON~1\MICROS~1\VIRTUA~1\CVHBS.EXE" /removeall
Microsoft Office Click-to-Run 2010 (Beta)-->MsiExec.exe /I{20140000-006D-0407-0000-0000000FF1CE}
Microsoft Office Home and Business 2010 (Beta) - Deutsch-->C:\Program Files\Common Files\microsoft shared\virtualization handler\cvhbs.exe /uninstall {20140062-0062-0407-0000-0000000FF1CE}
Microsoft Silverlight 3 SDK - Deutsch-->MsiExec.exe /X{91F54E1D-804A-46D8-A56C-53EA9C4B3177}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server 2008 Browser-->MsiExec.exe /X{4AF2248C-B3DF-46FB-9596-87F5DB193689}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{4A6F34E2-09E5-4616-B227-4A26A488A6F9}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{5BD39911-A12F-4562-98BA-A6E03E3370B1}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{477415F5-93DA-46AA-85C5-640047825995}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{F3494AB6-6900-41C6-AF57-823626827ED8}
Microsoft SQL Server 2008 Native Client-->MsiExec.exe /I{1C2B3CEA-482E-4453-B3E2-C9731337828A}
Microsoft SQL Server 2008 R2 Management Objects-->MsiExec.exe /I{A106D33E-6B43-42C0-9BFC-D03303261FA7}
Microsoft SQL Server 2008 RsFx Driver-->MsiExec.exe /I{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}
Microsoft SQL Server 2008-->"C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /X86
Microsoft SQL Server 2008-->"C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /x86
Microsoft SQL Server Compact 3.5 SP2 DEU-->MsiExec.exe /I{0125D081-30D0-4A97-82A8-C28D444B6256}
Microsoft SQL Server Database Publishing Wizard 1.4-->MsiExec.exe /I{ACE28263-76A4-4BF5-B6F4-8BD719595969}
Microsoft SQL Server System CLR Types-->MsiExec.exe /I{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{D074DC76-F6C9-440E-A1D0-1DE958417FDB}
Microsoft Visual Basic 2010 Express - DEU-->C:\Program Files\Microsoft Visual Studio 10.0\Microsoft Visual Basic 2010 Express - DEU\setup.exe
Microsoft Visual Basic 2010 Express - DEU-->MsiExec.exe /X{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}
Microsoft Visual C# 2010 Express - DEU-->C:\Program Files\Microsoft Visual Studio 10.0\Microsoft Visual C# 2010 Express - DEU\setup.exe
Microsoft Visual C# 2010 Express - DEU-->MsiExec.exe /X{D81641E8-ABF1-3D07-803B-60E8FC619368}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218-->MsiExec.exe /X{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974-->MsiExec.exe /X{B7E38540-E355-3503-AFD7-635B2F2F76E1}
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319-->MsiExec.exe /X{6A86554B-8928-30E4-A53C-D7337689134D}
Microsoft Visual C++ 2010 Express - DEU-->C:\Program Files\Microsoft Visual Studio 10.0\Microsoft Visual C++ 2010 Express - DEU\setup.exe
Microsoft Visual C++ 2010 Express - DEU-->MsiExec.exe /X{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools-->MsiExec.exe /X{616C6F39-4CE1-3434-A665-2F6A04C09A7F}
Microsoft Visual Web Developer 2010 Express - DEU-->C:\Program Files\Microsoft Visual Studio 10.0\Microsoft Visual Web Developer 2010 Express - DEU\setup.exe
Microsoft Visual Web Developer 2010 Express - DEU-->MsiExec.exe /X{638AA518-6A32-33CC-B88F-BCD20B2DCF2E}
Microsoft Works-->MsiExec.exe /I{39D0E034-1042-4905-BECB-5502909FCB7C}
Mozilla Firefox (3.6.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
myphotobook 3.6-->C:\Program Files\myphotobook\uninst.exe
Nero 9 Essentials-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="XM02-508X-MHAT-19WU-9Z3Z-0CH0-3U6E-85W5-MMHH-6647-1Z5L-7M8C-0U45-758P-0000"
Nero ControlCenter-->MsiExec.exe /X{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}
Nero Installer-->MsiExec.exe /X{e8a80433-302b-4ff1-815d-fcc8eac482ff}
Nero Online Upgrade-->MsiExec.exe /X{dba84796-8503-4ff0-af57-1747dd9a166d}
Nero StartSmart OEM-->MsiExec.exe /X{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}
Nero StartSmart-->MsiExec.exe /X{7748ac8c-18e3-43bb-959b-088faea16fb2}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
OpenOffice.org 3.2-->MsiExec.exe /I{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}
Opera 10.60-->MsiExec.exe /X{1D2C96C3-A3F3-49E7-B839-95279DED837F}
QuickTime-->MsiExec.exe /I{E7004147-2CCA-431C-AA05-2AB166B9785D}
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly
Safari-->MsiExec.exe /I{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7A2C18A1-D2A2-3177-82F1-5FE9CC08ECB0} /parameterfolder Extended
Service Pack 1 für SQL Server 2008 (KB 968369)-->"C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB968369\ServicePack\setup.exe" /Action=RemovePatch /AllInstances
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Sql Server Customer Experience Improvement Program-->MsiExec.exe /I{C965F01C-76EA-4BD7-973E-46236AE312D7}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Steganos Password Manager Free-->C:\Program Files\Steganos Password Manager Free 11\uninstall.exe
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamViewer 5-->C:\Program Files\TeamViewer\Version5\uninstall.exe
TOSHIBA Assist-->C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe -runfromtemp -l0x0007 -removeonly
TOSHIBA Benutzerhandbücher-->C:\Program Files\InstallShield Installation Information\{1C971EE3-B4C4-4367-9676-57549919C6CE}\setup.exe -runfromtemp -l0x0007 -removeonly
TOSHIBA ConfigFree-->MsiExec.exe /X{F3529665-D75E-4D6D-98F0-745C78C68E9B}
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0407
TOSHIBA Hardware Setup-->RunDll
Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by *** at 2010-11-17 16:27:49 Microsoft Windows 7 Home Premium System drive C: has 110 GB (58%) free of 191 GB Total RAM: 2940 MB (55% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:28:05, on 17.11.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16671) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\RtHDVCpl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\taskhost.exe C:\Users\***\Desktop\RSIT.exe C:\Program Files\trend micro\***.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [4StoryPrePatch] C:\Program Files\Gameforge4D\4Story\PrePatch.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user') O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O9 - Extra button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- End of file - 4692 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-14 1348904] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-11-02 281768] ""= [] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-08-25 136216] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-08-25 171032] "Persistence"=C:\Windows\system32\igfxpers.exe [2010-08-25 170520] " Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952] "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-09-21 47904] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-04-08 6037504] "4StoryPrePatch"=C:\Program Files\Gameforge4D\4Story\PrePatch.exe [2010-11-15 319488] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-11-11 421160] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-09-21 47904] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2008-09-26 417792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [2008-05-28 20480] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2010-06-09 49208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2010-11-11 421160] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe [2010-09-02 13351304] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] C:\Windows\Skytel.exe [2007-11-20 1826816] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-08-11 68856] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2007-07-10 581632] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [2008-01-11 574864] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe [2008-04-24 103824] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2009-05-21 275768] C:\Users\***\Desktop\SAchn\Startup OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2010-08-25 228864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "legalnoticetext"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-11-16 13:49:43 ----D---- C:\Program Files\iPod 2010-11-16 13:49:42 ----D---- C:\Program Files\iTunes 2010-11-15 18:17:38 ----D---- C:\Program Files\Gameforge4D 2010-11-05 13:23:59 ----D---- C:\Program Files\JRE 2010-11-05 13:18:34 ----A---- C:\Windows\system32\javaws.exe 2010-11-05 13:18:34 ----A---- C:\Windows\system32\javaw.exe 2010-11-05 13:18:34 ----A---- C:\Windows\system32\java.exe 2010-11-01 13:44:51 ----A---- C:\Windows\system32\hjtscanlist.txt 2010-10-29 15:58:56 ----D---- C:\Windows\pss 2010-10-27 16:52:30 ----D---- C:\Users\***\AppData\Roaming\Malwarebytes 2010-10-27 16:51:58 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys 2010-10-27 16:51:55 ----D---- C:\ProgramData\Malwarebytes 2010-10-27 16:51:54 ----A---- C:\Windows\system32\drivers\mbam.sys 2010-10-27 16:51:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-10-27 14:37:36 ----D---- C:\rsit 2010-10-27 14:35:31 ----A---- C:\Windows\system32\msdri.dll 2010-10-27 14:35:31 ----A---- C:\Windows\system32\CPFilters.dll 2010-10-27 14:35:21 ----A---- C:\Windows\system32\drivers\Diskdump.sys ======List of files/folders modified in the last 1 months====== 2010-11-17 16:28:03 ----D---- C:\Program Files\Trend Micro 2010-11-17 16:26:30 ----D---- C:\Windows\Temp 2010-11-17 16:24:02 ----D---- C:\Windows\System32 2010-11-17 16:22:21 ----D---- C:\Windows\system32\Tasks 2010-11-17 16:17:45 ----SHD---- C:\System Volume Information 2010-11-17 15:49:33 ----D---- C:\Windows\system32\config 2010-11-16 19:37:23 ----D---- C:\Windows 2010-11-16 13:53:58 ----D---- C:\Windows\system32\drivers 2010-11-16 13:53:25 ----D---- C:\Windows\inf 2010-11-16 13:51:41 ----HD---- C:\Config.Msi 2010-11-16 13:50:55 ----D---- C:\Windows\system32\catroot 2010-11-16 13:50:39 ----SHD---- C:\Windows\Installer 2010-11-16 13:49:43 ----RD---- C:\Program Files 2010-11-16 13:49:42 ----D---- C:\Program Files\Common Files\Apple 2010-11-16 13:47:53 ----D---- C:\Windows\system32\DriverStore 2010-11-16 13:47:53 ----D---- C:\Windows\system32\catroot2 2010-11-15 17:31:37 ----D---- C:\Windows\Prefetch 2010-11-14 10:33:03 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-11-11 21:09:36 ----D---- C:\Windows\debug 2010-11-11 14:57:58 ----D---- C:\Users\***\AppData\Roaming\Skype 2010-11-11 14:55:52 ----D---- C:\Users\***\AppData\Roaming\skypePM 2010-11-10 17:11:39 ----A---- C:\Windows\system32\MRT.exe 2010-11-07 11:44:55 ----D---- C:\Windows\rescache 2010-11-05 23:06:25 ----D---- C:\Users\ÜÜÜ\AppData\Roaming\SoftGrid Client 2010-11-05 13:25:56 ----D---- C:\Program Files\OpenOffice.org 3 2010-11-05 13:25:08 ----RSD---- C:\Windows\assembly 2010-11-05 13:24:14 ----RSD---- C:\Windows\Fonts 2010-11-05 13:19:42 ----D---- C:\Windows\winsxs 2010-11-05 13:18:09 ----D---- C:\Program Files\Java 2010-11-04 13:31:15 ----D---- C:\Windows\Minidump 2010-11-01 13:54:02 ----D---- C:\Program Files\AutocompletePro 2010-10-29 16:27:10 ----D---- C:\Program Files\Mozilla Firefox 2010-10-28 19:53:04 ----D---- C:\Windows\Microsoft.NET 2010-10-28 12:38:38 ----A---- C:\Windows\system32\deployJava1.dll 2010-10-28 12:28:27 ----D---- C:\Program Files\Common Files\Java 2010-10-27 20:27:18 ----D---- C:\Windows\ehome 2010-10-27 20:27:09 ----D---- C:\Windows\AppPatch 2010-10-27 16:51:55 ----HD---- C:\ProgramData 2010-10-26 18:39:09 ----D---- C:\Windows\system32\NDF 2010-10-19 19:25:30 ----D---- C:\Users\***\AppData\Roaming\gtk-2.0 2010-10-19 10:41:44 ----N---- C:\Windows\system32\MpSigStub.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2008-04-15 312344] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648] R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 23640] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-11-02 126856] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128] R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-09-20 281760] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-11-02 60936] R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-09-20 25888] R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-13 1035776] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-09-21 1218048] R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-08-25 9024512] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-09 2095512] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048] R3 sftfs;sftfs; \??\C:\Program Files\Microsoft Application Virtualization Client\drivers\sftfslh.sys [2009-09-23 543064] R3 sftplay;sftplay; \??\C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys [2009-09-23 190312] R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2009-09-23 21848] R3 sftvol;sftvol; \??\C:\Program Files\Microsoft Application Virtualization Client\drivers\sftvollh.sys [2009-09-23 14680] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-08-14 203312] R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2008-07-15 17960] R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336] S1 jswpslwf;JumpStart Wireless Filter Driver; C:\Windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384] S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704] S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720] S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888] S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072] S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 16384] S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864] S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [] S3 EagleXNt;EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [] S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368] S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-04-15 118784] S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-04-02 62976] S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-09-28 41984] S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840] S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328] S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944] S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920] S3 XDva289;XDva289; \??\C:\Windows\system32\XDva289.sys [] S4 RsFx0103;RsFx0103 Driver; C:\Windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-11-02 267944] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664] R2 Bonjour Service;Dienst "Bonjour"; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376] R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712] R2 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448] R2 cvhsvc;Client Virtualization Handler; C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2009-09-26 819600] R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392] R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 sftlist;Application Virtualization Client; C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [2009-09-23 447832] R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840] R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-06-28 173352] R2 TempoMonitoringService;Notebook Performance Tuning Service ; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720] R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992] R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-11-11 820008] R3 sftvsa;Application Virtualization Service Agent; C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [2009-09-23 203608] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-20 182768] S3 jswpsapi;Jumpstart Wifi Protected Setup; C:\Program Files\Jumpstart\jswpsapi.exe [2008-04-16 954368] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2009-09-26 149336] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136] S4 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-11 135664] S4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 47128] S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936] S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808] S4 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-07-28 407336] -----------------EOF----------------- Geändert von oraculum (17.11.2010 um 16:32 Uhr) |
|
17.11.2010, 20:06
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  ControlSet002 ? Wo sind die Logs von Malwarebytes?
__________________
__________________ |
|
19.11.2010, 13:15
| #3 |
| | ControlSet002 ?Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 5143
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
18.11.2010 17:22:49
mbam-log-2010-11-18 (17-22-49).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|Q:\|)
Durchsuchte Objekte: 293215
Laufzeit: 3 Stunde(n), 50 Minute(n), 4 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
19.11.2010, 13:31
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ControlSet002 ? Malwarebytes hat nichts gefunden? Oder ist das nur das eine Log ohne Funde?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.11.2010, 13:34
| #5 |
| | ControlSet002 ? Bei den nichtsichtbaren Schlüsseln sollte man mal die Berechtigungen prüfen. Marc
__________________ When you contact tech support, a lot of people feel like they're either talking to an idiot or being treated like one. |
|
19.11.2010, 13:51
| #6 |
| | ControlSet002 ? Ne hat wirklich nichts gefunden. (Warum sollte ich das mit absicht ohne posten?) Wie die Berechtigung prüfen? |
|
19.11.2010, 13:56
| #7 | |
| | ControlSet002 ?Zitat:
Marc
__________________ When you contact tech support, a lot of people feel like they're either talking to an idiot or being treated like one. |
|
19.11.2010, 13:57
| #8 |
| | ControlSet002 ? Achso okey |
|
19.11.2010, 20:10
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ControlSet002 ? Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.11.2010, 23:37
| #10 |
| | ControlSet002 ?Code:
ATTFilter OTL logfile created on: 19.11.2010 23:22:45 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\***\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 186,15 Gb Total Space | 105,31 Gb Free Space | 56,57% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive E: | 184,99 Gb Total Space | 99,71 Gb Free Space | 53,90% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Gameforge4D\4Story\PrePatch.exe (Zamiinc) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Programme\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (cfWiMAXService) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (TempoMonitoringService) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH) SRV - (jswpsapi) -- C:\Programme\Jumpstart\jswpsapi.exe (Atheros Communications, Inc.) ========== Driver Services (SafeList) ========== DRV - (XDva289) -- C:\Windows\System32\XDva289.sys File not found DRV - (EagleXNt) -- C:\Windows\System32\drivers\EagleXNt.sys File not found DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek ) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (sftvol) -- C:\Programme\Microsoft Application Virtualization Client\drivers\SftVollh.sys (Microsoft Corporation) DRV - (sftplay) -- C:\Programme\Microsoft Application Virtualization Client\drivers\sftplaylh.sys (Microsoft Corporation) DRV - (sftfs) -- C:\Programme\Microsoft Application Virtualization Client\drivers\SftFSlh.sys (Microsoft Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.) DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA; IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA; IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.schuelervz.net/" FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.2 FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.8.4 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11 FF - prefs.js..extensions.enabledItems: {4b0a905d-b508-4574-8d12-b8fe120ace09}:0.5 FF - prefs.js..extensions.enabledItems: max@subfighter.com:1.0.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: escamod@gmx.net0002:2.0 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.5.1 FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.5.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties" FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.03.01 13:28:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com [2010.07.08 20:23:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.29 16:27:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.29 16:27:10 | 000,000,000 | ---D | M] [2010.01.11 14:20:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.11.18 16:51:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a0as2qj6.default\extensions [2010.04.28 11:26:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a0as2qj6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.11.18 16:51:02 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a0as2qj6.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef} [2010.08.10 09:46:50 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a0as2qj6.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010.07.20 16:31:44 | 000,000,000 | ---D | M] (Faark's Grepolis Bericht 2 Image - Exporter) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a0as2qj6.default\extensions\{4b0a905d-b508-4574-8d12-b8fe120ace09} [2010.11.18 16:51:05 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a0as2qj6.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.09.12 10:35:35 | 000,000,000 | ---D | M] (WOT) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a0as2qj6.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010.10.09 11:16:32 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a0as2qj6.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2010.11.03 15:43:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a0as2qj6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.07.25 19:35:39 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a0as2qj6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.11.18 16:51:08 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a0as2qj6.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2010.02.24 14:16:44 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a0as2qj6.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB} [2010.11.18 16:51:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a0as2qj6.default\extensions\de-DE@dictionaries.addons.mozilla.org [2010.01.11 14:20:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a0as2qj6.default\extensions\en-GB@dictionaries.addons.mozilla.org [2010.07.26 13:15:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a0as2qj6.default\extensions\escamod@gmx.net0002 [2010.03.26 15:57:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a0as2qj6.default\extensions\la@dictionaries.addons.mozilla.org [2010.02.27 19:31:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a0as2qj6.default\extensions\max@subfighter.com [2010.10.28 12:39:00 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.03.28 11:02:34 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.05.08 19:16:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.28 12:39:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.10.28 12:38:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.10.22 18:31:34 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.22 18:31:34 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.22 18:31:34 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.22 18:31:34 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.22 18:31:34 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [4StoryPrePatch] C:\Programme\Gameforge4D\4Story\PrePatch.exe (Zamiinc) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - Startup: C:\Users\***\Desktop\SAchn\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.19 23:21:09 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.11.17 19:26:11 | 000,000,000 | ---D | C] -- C:\Users\***Desktop\Neuer Ordner (2) [2010.11.17 16:24:52 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\ControlSet002 Hilfe [2010.11.16 13:49:43 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.11.16 13:49:42 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.11.15 18:17:38 | 000,000,000 | ---D | C] -- C:\Programme\Gameforge4D [2010.11.15 17:49:23 | 1307,855,960 | ---- | C] (Gameforge4D ) -- C:\Users\***\Desktop\4Story_DE_3.4.99.exe [2010.11.15 17:49:09 | 000,344,352 | ---- | C] (Gameforge 4D ) -- C:\Users\***\Desktop\Downloader_4Story_DE_3.4.99.exe [2010.11.15 17:45:06 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner [2010.11.15 17:30:25 | 014,938,992 | ---- | C] (Microsoft Corporation) -- C:\Users\***\Desktop\IE8-WindowsVista-x86-DEU.exe [2010.11.08 15:57:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\MigWiz [2010.11.05 13:23:59 | 000,000,000 | ---D | C] -- C:\Programme\JRE [2010.11.05 13:18:34 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.11.05 13:18:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.11.05 13:18:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.11.01 13:53:45 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\backups [2010.10.29 15:58:56 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010.10.27 16:52:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.10.27 16:51:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.10.27 16:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.10.27 16:51:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.10.27 16:51:53 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.27 14:37:36 | 000,000,000 | ---D | C] -- C:\rsit [2010.10.27 14:35:31 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2010.10.27 14:35:31 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll [2010.10.27 14:35:30 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2010.10.27 14:35:30 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2010.10.27 14:35:21 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys [2010.08.25 17:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.19 23:21:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.11.19 13:19:34 | 000,009,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.19 13:19:34 | 000,009,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.19 13:10:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.19 13:10:30 | 2312,101,888 | -HS- | M] () -- C:\hiberfil.sys [2010.11.18 13:33:25 | 000,756,664 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.11.18 13:33:25 | 000,712,728 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.11.18 13:33:25 | 000,171,146 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.11.18 13:33:25 | 000,144,292 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.17 18:30:31 | 000,001,087 | ---- | M] () -- C:\Users\***\Desktop\regedit.lnk [2010.11.17 18:05:37 | 000,013,990 | ---- | M] () -- C:\Users\***\Desktop\LOL.lnk [2010.11.17 17:34:57 | 000,013,344 | ---- | M] () -- C:\Users\***\Desktop\cmd.lnk [2010.11.16 13:50:26 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.11.15 18:20:23 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\4Story.lnk [2010.11.15 18:15:59 | 1307,855,960 | ---- | M] (Gameforge4D ) -- C:\Users\***\Desktop\4Story_DE_3.4.99.exe [2010.11.15 17:49:12 | 000,344,352 | ---- | M] (Gameforge 4D ) -- C:\Users\***\Desktop\Downloader_4Story_DE_3.4.99.exe [2010.11.15 17:30:50 | 014,938,992 | ---- | M] (Microsoft Corporation) -- C:\Users\***\Desktop\IE8-WindowsVista-x86-DEU.exe [2010.11.07 15:07:00 | 000,001,521 | ---- | M] () -- C:\Users\***\Desktop\4Story.lnk [2010.11.05 19:56:52 | 000,381,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.11.05 14:12:45 | 000,000,146 | ---- | M] () -- C:\Users\***\Desktop\MobileMe - Verknüpfung.lnk [2010.11.05 13:26:21 | 000,001,178 | ---- | M] () -- C:\Users\***\Desktop\SAchn\Startup\OpenOffice.org 3.2.lnk [2010.11.05 13:25:03 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk [2010.11.04 13:44:12 | 000,494,765 | ---- | M] () -- C:\Users\***\Desktop\Melden bei escaria.jpg [2010.11.04 12:56:59 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.11.04 12:56:59 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.11.03 21:06:43 | 000,001,152 | ---- | M] () -- C:\Windows\System32\mapisvc.inf [2010.11.02 19:01:19 | 000,250,583 | ---- | M] () -- C:\Users\***\Desktop\SIM.jpg [2010.11.02 14:38:44 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.11.02 14:38:44 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.10.28 12:38:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.10.28 12:38:38 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.10.28 12:38:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.10.28 12:38:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.10.27 16:52:03 | 000,000,988 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.27 14:35:45 | 000,339,991 | ---- | M] () -- C:\Users\***\Desktop\RSIT.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.17 18:30:31 | 000,001,087 | ---- | C] () -- C:\Users\***\Desktop\regedit.lnk [2010.11.17 18:05:37 | 000,013,990 | ---- | C] () -- C:\Users\***\Desktop\LOL.lnk [2010.11.17 17:34:57 | 000,013,344 | ---- | C] () -- C:\Users\***\Desktop\cmd.lnk [2010.11.16 13:50:26 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.11.15 18:20:23 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\4Story.lnk [2010.11.07 15:07:00 | 000,001,521 | ---- | C] () -- C:\Users\***\Desktop\4Story.lnk [2010.11.05 14:12:45 | 000,000,146 | ---- | C] () -- C:\Users\***\Desktop\MobileMe - Verknüpfung.lnk [2010.11.05 13:26:21 | 000,001,178 | ---- | C] () -- C:\Users\***\Desktop\SAchn\Startup\OpenOffice.org 3.2.lnk [2010.11.05 13:25:03 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk [2010.11.04 13:44:12 | 000,494,765 | ---- | C] () -- C:\Users\***\Desktop\Melden bei escaria.jpg [2010.11.04 12:43:37 | 000,000,044 | ---- | C] () -- C:\Users\***\Desktop\Track02.cda [2010.11.02 19:01:19 | 000,250,583 | ---- | C] () -- C:\Users\***\Desktop\SIM.jpg [2010.10.27 16:52:03 | 000,000,988 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.27 14:35:31 | 000,339,991 | ---- | C] () -- C:\Users\***\Desktop\RSIT.exe [2010.09.20 20:02:59 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.09.20 20:02:56 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.04.15 18:11:20 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2010.03.17 14:19:16 | 000,030,781 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2010.03.06 19:46:32 | 000,000,017 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg [2010.03.06 19:01:01 | 000,004,608 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.01 13:27:43 | 000,000,753 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2010.02.10 23:05:42 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010.02.10 23:05:42 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2010.01.11 14:42:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.12.03 08:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.10.22 22:19:47 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2009.10.16 16:25:25 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2009.10.16 16:25:25 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2009.10.16 16:25:25 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2009.10.16 16:25:25 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2008.08.11 15:01:25 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2008.08.11 14:00:09 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll < End of report > Code:
ATTFilter OTL Extras logfile created on: 19.11.2010 23:22:45 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\***\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186,15 Gb Total Space | 105,31 Gb Free Space | 56,57% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 184,99 Gb Total Space | 99,71 Gb Free Space | 53,90% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3300" = Canon iP3300
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C2B3CEA-482E-4453-B3E2-C9731337828A}" = Microsoft SQL Server 2008 Native Client
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 (Beta)
"{20140062-0062-0407-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 (Beta) - Deutsch
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2CE77981-14DE-4773-8106-27C9C964720C}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools - DEU
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_06_F4500_SW_MIN
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55A7B938-3D1E-4819-A87B-F83E736EF52E}" = F4500
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5BDFAB82-060E-438B-AB4F-A2331B2294C0}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{638AA518-6A32-33CC-B88F-BCD20B2DCF2E}" = Microsoft Visual Web Developer 2010 Express - DEU
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C9FCAE4-E4D5-4465-AAD5-8E1245485E63}" = Steganos Password Manager Free
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7F08A772-2816-4F46-84F1-49578502AD28}" = HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
"{8DB77BE4-629D-458D-BD68-9F36667C2177}" = TubeBox!
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{9AA2D735-3375-42D4-9A61-3FFEF82599D6}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D81641E8-ABF1-3D07-803B-60E8FC619368}" = Microsoft Visual C# 2010 Express - DEU
"{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{e07b0092-590b-4e88-9f48-6f1709016b32}" = Nero 9 Essentials
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}" = iTunes
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"4StoryDE_is1" = 4Story 3.4
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"AutocompletePro2_is1" = AutocompletePro
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon iP3300 Benutzerregistrierung" = Canon iP3300 Benutzerregistrierung
"Canon Setup Utility 2.3" = Canon Setup Utility 2.3
"CCleaner" = CCleaner
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"Free iPad Video Converter_is1" = Free iPad Video Converter 3.7.0.1
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.0
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HyperCam 2" = HyperCam 2
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU
"Microsoft Visual C# 2010 Express - DEU" = Microsoft Visual C# 2010 Express - DEU
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"Microsoft Visual Web Developer 2010 Express - DEU" = Microsoft Visual Web Developer 2010 Express - DEU
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"myphotobook" = myphotobook 3.6
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010 (Beta)
"Shop for HP Supplies" = Shop for HP Supplies
"Steam App 12900" = Audiosurf
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 5" = TeamViewer 5
"Tiberian Sun" = Command & Conquer Teil 3: Operation Tiberian Sun
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TVWiz" = Intel(R) TV Wizard
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12.09.2010 06:42:36 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12.09.2010 06:42:36 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 228713
Error - 12.09.2010 06:42:36 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 228713
Error - 12.09.2010 06:42:37 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12.09.2010 06:42:37 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 229712
Error - 12.09.2010 06:42:37 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 229712
Error - 12.09.2010 06:42:38 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12.09.2010 06:42:38 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 230710
Error - 12.09.2010 06:42:38 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 230710
Error - 12.09.2010 07:33:09 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 21.07.2010 19:47:30 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 01:47:29 - Fehler beim Herstellen der Internetverbindung. 01:47:29
- Serververbindung konnte nicht hergestellt werden..
Error - 21.07.2010 19:47:40 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 01:47:36 - Fehler beim Herstellen der Internetverbindung. 01:47:36
- Serververbindung konnte nicht hergestellt werden..
Error - 21.07.2010 20:47:45 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 02:47:45 - Fehler beim Herstellen der Internetverbindung. 02:47:45
- Serververbindung konnte nicht hergestellt werden..
Error - 21.07.2010 20:47:51 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 02:47:50 - Fehler beim Herstellen der Internetverbindung. 02:47:50
- Serververbindung konnte nicht hergestellt werden..
Error - 21.08.2010 15:07:18 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 21:07:18 - Fehler beim Herstellen der Internetverbindung. 21:07:18
- Serververbindung konnte nicht hergestellt werden..
Error - 21.08.2010 15:07:27 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 21:07:24 - Fehler beim Herstellen der Internetverbindung. 21:07:24
- Serververbindung konnte nicht hergestellt werden..
Error - 21.08.2010 16:07:32 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 22:07:32 - Fehler beim Herstellen der Internetverbindung. 22:07:32
- Serververbindung konnte nicht hergestellt werden..
Error - 21.08.2010 16:07:38 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 22:07:37 - Fehler beim Herstellen der Internetverbindung. 22:07:37
- Serververbindung konnte nicht hergestellt werden..
Error - 22.08.2010 05:10:14 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 11:10:14 - Fehler beim Herstellen der Internetverbindung. 11:10:14
- Serververbindung konnte nicht hergestellt werden..
Error - 22.08.2010 05:10:23 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 11:10:19 - Fehler beim Herstellen der Internetverbindung. 11:10:19
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 16.11.2010 15:50:18 | Computer Name = ***-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
Error - 16.11.2010 15:51:20 | Computer Name = ***-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
Error - 16.11.2010 15:52:21 | Computer Name = ***-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
Error - 16.11.2010 15:53:23 | Computer Name = ***-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
Error - 16.11.2010 15:54:23 | Computer Name = ***-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
Error - 16.11.2010 15:55:24 | Computer Name = ***-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
Error - 17.11.2010 10:32:48 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
jswpslwf
Error - 17.11.2010 10:37:39 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error - 18.11.2010 08:29:10 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
jswpslwf
Error - 19.11.2010 08:12:26 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
jswpslwf
< End of report >
|
|
20.11.2010, 02:24
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ControlSet002 ? Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.11.2010, 10:23
| #12 |
| | ControlSet002 ?Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: ***
->Temp folder emptied: 10713 bytes
->Temporary Internet Files folder emptied: 8308362 bytes
->Java cache emptied: 54275042 bytes
->FireFox cache emptied: 61682729 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 3633 bytes
User: ***
->Temp folder emptied: 71959 bytes
->Temporary Internet Files folder emptied: 686437 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 68458397 bytes
->Flash cache emptied: 456 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33749 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 185,00 mb
OTL by OldTimer - Version 3.2.17.3 log created on 11202010_101810
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
20.11.2010, 18:07
| #13 |
| | ControlSet002 ? Ich hab mir mal in der Registry die Berechtigungen angeguckt und bei HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network sind folgende Berechtigungen eingestellt : Code:
ATTFilter EIGENTÜMERRECHTE
SYSEM
LOKALER DIENST
NETZWERKDIENST
Administartoren (***-PC\Administratoren)
Benutzer (***-PC\Benutzer)
Unbekanntes Konto (S-1-5-32-556)
Dienst
Netman
Dhcp
|
|
21.11.2010, 11:02
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ControlSet002 ? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.11.2010, 13:15
| #15 |
| | ControlSet002 ? So, hier is das CF Log: Code:
ATTFilter ComboFix 10-11-21.02 - *** 22.11.2010 12:54:01.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.2940.1801 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\install.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-10-22 bis 2010-11-22 ))))))))))))))))))))))))))))))
.
2010-11-22 12:00 . 2010-11-22 12:00 -------- d-----w- c:\users\***\AppData\Local\temp
2010-11-20 09:18 . 2010-11-20 09:18 -------- d-----w- C:\_OTL
2010-11-19 12:18 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B889C068-1F30-4E05-83D9-CDD87F5F9E37}\mpengine.dll
2010-11-16 12:49 . 2010-11-16 12:49 -------- d-----w- c:\program files\iPod
2010-11-16 12:49 . 2010-11-16 12:50 -------- d-----w- c:\program files\iTunes
2010-11-15 17:17 . 2010-11-15 17:17 -------- d-----w- c:\program files\Gameforge4D
2010-11-08 14:57 . 2010-11-08 14:57 -------- dc----w- c:\users\***\AppData\Local\MigWiz
2010-11-05 12:23 . 2010-11-05 12:23 -------- d-----w- c:\program files\JRE
2010-11-04 19:52 . 2010-11-04 19:52 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2010-10-27 15:52 . 2010-10-27 15:52 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2010-10-27 15:51 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-27 15:51 . 2010-10-27 15:51 -------- d-----w- c:\programdata\Malwarebytes
2010-10-27 15:51 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-27 15:51 . 2010-10-27 15:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-27 13:37 . 2010-11-17 15:26 -------- d-----w- C:\rsit
2010-10-27 13:35 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-27 13:35 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-27 13:35 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-27 13:35 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-27 13:35 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-22 11:40 . 2009-11-02 12:33 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-02 13:38 . 2009-11-02 12:33 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-10-28 11:38 . 2010-05-08 18:16 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-19 09:41 . 2009-12-30 11:45 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-12 16:22 . 2010-10-12 16:21 563008 ----a-w- c:\programdata\Microsoft\VWDExpress\10.0\1031\ResourceCache.dll
2010-10-12 16:01 . 2010-10-12 16:01 113440 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1031\ResourceCache.dll
2010-10-12 15:52 . 2010-10-12 15:52 207008 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1031\ResourceCache.dll
2010-10-12 15:47 . 2010-10-12 15:38 188896 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1031\ResourceCache.dll
2010-09-28 14:44 . 2010-09-28 14:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 14:44 . 2010-09-28 14:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-20 19:02 . 2010-09-20 19:02 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-09-20 19:02 . 2010-09-20 19:02 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 04:30 . 2010-10-13 06:14 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28 . 2010-10-13 06:14 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22 . 2010-10-13 06:14 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48 . 2010-10-13 06:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 04:23 . 2010-10-13 06:13 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34 . 2010-10-13 06:13 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32 . 2010-10-13 06:13 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32 . 2010-10-13 06:13 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-27 05:46 . 2010-10-13 06:13 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 03:31 . 2010-10-13 06:13 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-27 03:30 . 2010-10-13 06:13 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-27 03:30 . 2010-10-13 06:13 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-26 19:06 . 2010-01-13 19:05 1113408 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-08-26 04:39 . 2010-10-13 06:14 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-08-25 17:46 . 2010-08-25 17:46 8198680 ----a-w- c:\windows\system32\TVWSetup.exe
2010-08-25 17:45 . 2010-08-25 17:45 136216 ----a-w- c:\windows\system32\igfxtray.exe
2010-08-25 17:45 . 2010-08-25 17:45 266776 ----a-w- c:\windows\system32\igfxsrvc.exe
2010-08-25 17:45 . 2010-08-25 17:45 170520 ----a-w- c:\windows\system32\igfxpers.exe
2010-08-25 17:45 . 2010-08-25 17:45 179224 ----a-w- c:\windows\system32\igfxext.exe
2010-08-25 17:45 . 2010-08-25 17:45 171032 ----a-w- c:\windows\system32\hkcmd.exe
2010-08-25 17:45 . 2010-08-25 17:45 3156504 ----a-w- c:\windows\system32\GfxUI.exe
2010-08-25 17:39 . 2010-08-25 17:39 81920 ----a-w- c:\windows\system32\igfxCoIn_v2202.dll
2010-08-25 17:31 . 2010-08-25 17:31 9024512 ----a-w- c:\windows\system32\drivers\igdkmd32.sys
2010-08-25 17:31 . 2010-02-10 22:50 4967424 ----a-w- c:\windows\system32\igdumd32.dll
2010-08-25 17:28 . 2010-02-10 22:45 571904 ----a-w- c:\windows\system32\igdumdx32.dll
2010-08-25 17:23 . 2009-07-13 22:09 4411904 ----a-w- c:\windows\system32\igd10umd32.dll
2010-08-25 17:09 . 2010-08-25 17:09 11040256 ----a-w- c:\windows\system32\ig4icd32.dll
2010-08-25 17:02 . 2010-08-25 17:02 86016 ----a-w- c:\windows\system32\igfxrsky.lrc
2010-08-25 17:02 . 2010-08-25 17:02 85504 ----a-w- c:\windows\system32\igfxrslv.lrc
2010-08-25 17:02 . 2010-08-25 17:02 86528 ----a-w- c:\windows\system32\igfxresn.lrc
2010-08-25 17:02 . 2010-08-25 17:02 85504 ----a-w- c:\windows\system32\igfxrtrk.lrc
2010-08-25 17:02 . 2010-08-25 17:02 85504 ----a-w- c:\windows\system32\igfxrsve.lrc
2010-08-25 17:02 . 2010-08-25 17:02 84992 ----a-w- c:\windows\system32\igfxrtha.lrc
2010-08-25 17:02 . 2010-08-25 17:02 86016 ----a-w- c:\windows\system32\igfxrrus.lrc
2010-08-25 17:02 . 2010-08-25 17:02 86016 ----a-w- c:\windows\system32\igfxrptg.lrc
2010-08-25 17:02 . 2010-08-25 17:02 86016 ----a-w- c:\windows\system32\igfxrplk.lrc
2010-08-25 17:02 . 2010-08-25 17:02 85504 ----a-w- c:\windows\system32\igfxrptb.lrc
2010-08-25 17:02 . 2010-08-25 17:02 85504 ----a-w- c:\windows\system32\igfxrnor.lrc
2010-08-25 17:02 . 2010-08-25 17:02 86016 ----a-w- c:\windows\system32\igfxrita.lrc
2010-08-25 17:02 . 2010-08-25 17:02 85504 ----a-w- c:\windows\system32\igfxrhun.lrc
2010-08-25 17:02 . 2010-08-25 17:02 84480 ----a-w- c:\windows\system32\igfxrheb.lrc
2010-08-25 17:02 . 2010-08-25 17:02 82944 ----a-w- c:\windows\system32\igfxrkor.lrc
2010-08-25 17:02 . 2010-08-25 17:02 82944 ----a-w- c:\windows\system32\igfxrjpn.lrc
2010-08-25 17:02 . 2010-08-25 17:02 86528 ----a-w- c:\windows\system32\igfxrfra.lrc
2010-08-25 17:02 . 2010-08-25 17:02 86528 ----a-w- c:\windows\system32\igfxrell.lrc
2010-08-25 17:02 . 2010-08-25 17:02 86016 ----a-w- c:\windows\system32\igfxrnld.lrc
2010-08-25 17:02 . 2010-08-25 17:02 86016 ----a-w- c:\windows\system32\igfxrdeu.lrc
2010-08-25 17:02 . 2010-08-25 17:02 85504 ----a-w- c:\windows\system32\igfxrfin.lrc
2010-08-25 17:02 . 2010-08-25 17:02 85504 ----a-w- c:\windows\system32\igfxrcsy.lrc
2010-08-25 17:02 . 2010-08-25 17:02 84992 ----a-w- c:\windows\system32\igfxrdan.lrc
2010-08-25 17:02 . 2010-08-25 17:02 84480 ----a-w- c:\windows\system32\igfxrara.lrc
2010-08-25 17:02 . 2010-08-25 17:02 81920 ----a-w- c:\windows\system32\igfxrcht.lrc
2010-08-25 17:02 . 2010-08-25 17:02 81920 ----a-w- c:\windows\system32\igfxrchs.lrc
2010-08-25 17:00 . 2010-08-25 17:00 23552 ----a-w- c:\windows\system32\igfxexps.dll
2010-08-25 17:00 . 2010-08-25 17:00 194560 ----a-w- c:\windows\system32\igfxpph.dll
2010-08-25 16:59 . 2010-08-25 16:59 261632 ----a-w- c:\windows\system32\igfxTMM.dll
2010-08-25 16:59 . 2010-08-25 16:59 115200 ----a-w- c:\windows\system32\igfxcpl.cpl
2010-08-25 16:59 . 2010-02-10 22:15 57344 ----a-w- c:\windows\system32\igfxsrvc.dll
2010-08-25 16:59 . 2010-08-25 16:59 130048 ----a-w- c:\windows\system32\igfxdo.dll
2010-08-25 16:59 . 2010-02-10 22:15 94720 ----a-w- c:\windows\system32\hccutils.dll
2010-08-25 16:59 . 2010-08-25 16:59 120320 ----a-w- c:\windows\system32\gfxSrvc.dll
2010-08-25 16:59 . 2010-08-25 16:59 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2010-08-25 16:59 . 2010-08-25 16:59 85504 ----a-w- c:\windows\system32\igfxrenu.lrc
2010-08-25 16:59 . 2010-08-25 16:59 828928 ----a-w- c:\windows\system32\igfxress.dll
2010-08-25 16:59 . 2010-02-10 22:14 228864 ----a-w- c:\windows\system32\igfxdev.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"4StoryPrePatch"="c:\program files\Gameforge4D\4Story\PrePatch.exe" [2010-11-15 319488]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-10 421160]
c:\users\***\Desktop\SAchn\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 23:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-09-21 22:28 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2008-09-26 12:22 417792 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
2004-01-14 01:10 409600 ----a-w- c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-05-28 11:40 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-09 18:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-10 23:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 13:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-20 16:15 1826816 ----a-w- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-08-11 14:26 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
2007-07-10 07:24 581632 ----a-w- c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2008-01-11 02:07 574864 ----a-w- c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPO]
2008-04-24 08:22 103824 ----a-w- c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R3 XDva289;XDva289;c:\windows\system32\XDva289.sys [x]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-11 135664]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2009-09-26 819600]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2009-09-23 447832]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-06-28 173352]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 sftfs;sftfs;c:\program files\Microsoft Application Virtualization Client\drivers\sftfslh.sys [2009-09-23 543064]
S3 sftplay;sftplay;c:\program files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys [2009-09-23 190312]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-09-23 21848]
S3 sftvol;sftvol;c:\program files\Microsoft Application Virtualization Client\drivers\sftvollh.sys [2009-09-23 14680]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2009-09-23 203608]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
2010-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-11 20:49]
2010-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-11 20:49]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
uInternet Settings,ProxyOverride = *.local
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\a0as2qj6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.schuelervz.net/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\a0as2qj6.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-11-22 13:03:23
ComboFix-quarantined-files.txt 2010-11-22 12:03
Vor Suchlauf: 13 Verzeichnis(se), 112.199.860.224 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 112.100.528.128 Bytes frei
- - End Of File - - A5E4075326E86191F40DC6704CB21F52
 Also im Control Center von Avira steht, dass der Guard aktiviert ist, aber in der Startleiste nicht. Ich starte denn jetzt erstmal PC neu, um zu gucken, ob das denn wieder geht. Edit : Ok, jetzt gehts wieder alles |
|
Linear-Darstellung
