| |
| |||||||
Log-Analyse und Auswertung: Windows 7 Recovery vollständig entfernt? Desktop wiederherstellen?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.05.2011, 14:17
| #1 |
 |  Windows 7 Recovery vollständig entfernt? Desktop wiederherstellen? Hallo, ich habe mir gestern den Windows Recovery Trojaner eingefangen. Benutze Windows 7. Habe gestern mit Malwarebytes einen Quickscan und einen kompletten Scan durchgeführt. Hier das Log für den Quickscan: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6641 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 22.05.2011 20:51:18 mbam-log-2011-05-22 (20-51-18).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 167822 Laufzeit: 50 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kJoCBjsHlcALP (Trojan.FakeMS.Gen) -> Value: kJoCBjsHlcALP -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Recycle.Bin.exe (Trojan.SpyEyes) -> Value: Recycle.Bin.exe -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{406964F5-E633-2B9C-2A71-82340297DE6C} (Trojan.ZbotR.Gen) -> Value: {406964F5-E633-2B9C-2A71-82340297DE6C} -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. Infizierte Dateien: c:\programdata\kjocbjshlcalp.exe (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully. c:\programdata\36691704.exe (Rogue.WindowsRecoveryConsole) -> Quarantined and deleted successfully. c:\Users\christoph\AppData\Local\Temp\tmp9952.tmp (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully. c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. Und hier das Log für den kompletten Scan: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6641 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 22.05.2011 23:56:53 mbam-log-2011-05-22 (23-56-53).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 375622 Laufzeit: 1 Stunde(n), 7 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\program files (x86)\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully. Wenn ich meinen Rechner wieder hochfahre wird zwar Windows REcovery nicht mehr ausgeführt, zumindest erscheinen die ganzen angeblichen Fehlermeldungen der Festplatte nicht mehr. Allerdings ist mein Dektophintergrund schwarz, viele Verknüpfungen auf dem Desktop sind verschwunden und es kommt die Fehlermeldung das ATI Catalyst Control Centre nicht mehr funktioniert und beendet werden muss. Meine Fragen sind jetzt: 1) Wurde der Trojaner von meinem Rechner entfernt? 2) Muss ich die ATI Treiber neuinstallieren? 3) Gibt es eine Möglichkeit meinen Desktop wieder so herzustellen, wie er vor dem Befall war? Habe anschließend noch einen Quickscan ausgeführt, der ohne Ergebnisse war. Habe gerade auch noch einen OTL Scan durchgeführt und bekam zwei Logs, die in den nächsten zwei Posts drin sind. OTL hatte ein Problem beim scannen von "veryfy-u". Das Progamm arbeitet einfach nicht weiter. Deshalb habe ich veryfy-u deinstalliert und nochmal einen Scan durchgeführt. veryfy-u habe ich schon vor Monaten installiert um Videos bei Maxdome anzuschauen. Damit kann man sein Alter verifizieren, falls dies für einen Film notwendig ist. Ich hoffe jemand kann mir meine Fragen beantworten und mir helfen. Hier das erste OTL Log:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.05.2011 14:55:16 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Christoph\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 63,04% Memory free
7,93 Gb Paging File | 6,34 Gb Available in Paging File | 79,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,31 Gb Total Space | 89,38 Gb Free Space | 47,97% Space Free | Partition Type: NTFS
Drive D: | 185,91 Gb Total Space | 37,29 Gb Free Space | 20,06% Space Free | Partition Type: NTFS
Computer Name: CHRISTOPH-TOSH | User Name: Christoph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0FB2E75A-1024-331F-77EF-D45F71505D58}" = ATI Catalyst Install Manager
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{1D5F34D0-6329-4D92-B81A-E24E9028910C}" = Crystal Reports Basic Runtime German Language Pack for Visual Studio 2008 (x64)
"{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{7ECA1AEA-2B61-3DE6-8276-6A9A2693F111}" = Microsoft Device Emulator (64 Bit) Version 3.0 - DEU
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{9EE58CAC-21D5-1412-F0F2-CB9CD8834B59}" = ccc-utility64
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{AC2512D4-ED8A-4015-BF87-92478483C171}" = TortoiseSVN 1.6.6.17493 (64 bit)
"{AC888A60-9557-3B74-B52B-F353D01BD544}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{ACD875CC-A146-3125-8F99-D3766F46FD86}" = Visual Studio .NET Prerequisites - English
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"{C31A4909-9C18-3121-AAD4-EAD92013B6E5}" = Microsoft Visual Studio 2008 Remote Debugger - DEU
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FE041ADD-66F3-4B85-A0E2-9E85D0DCBB31}" = Eraser 6.0.6.1376
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"Microsoft Visual Studio 2008 Remote Debugger - DEU" = Microsoft Visual Studio 2008 Remote Debugger - DEU
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0163E195-D5EF-BF70-CBEE-73AA7CBBBEEE}" = CCC Help Thai
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{03883959-80DA-6151-CEAE-46A058CF774F}" = CCC Help Danish
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0823A2E3-69DD-A37A-7CD9-1CBEB037545C}" = Toshiba Photo Service - powered by myphotobook
"{096D1CCF-0F1E-08FB-094F-C40A633D5AEB}" = ccc-core-static
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{13D0EB07-FCA0-C005-A6C5-B1A4B7E5BB48}" = Catalyst Control Center Core Implementation
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}" = Microsoft SQL Server Compact 3.5 DEU
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1C3ADB5F-750E-4453-AC98-B75C5323845C}" = Microsoft SQL Server Compact 3.5 for Devices DEU
"{1D4A3E7D-A580-5BB7-DED3-48508A53D2B2}" = CCC Help Chinese Standard
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22354A21-BE84-0D40-191D-6E530B715CCF}" = CCC Help Polish
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2F36BA32-7986-9E40-B3F6-908B214EC898}" = CCC Help Japanese
"{2F4A39B2-5A2D-3E9F-E8EA-6F891A097ACF}" = CCC Help English
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3924C3E7-C440-4B23-9740-9A9EC0545F21}" = Crystal Reports Basic German Language Pack for Visual Studio 2008
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DBE8669-1F7D-E1C9-2BC8-CC4BAE0A5136}" = CCC Help Turkish
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{3FF5FF03-DB97-2ACE-BAE7-61D6D4A39F9B}" = Catalyst Control Center Graphics Full Existing
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{445174EA-3D3A-308E-84AD-446127E71441}" = Microsoft Visual Studio 2008 Professional Edition - DEU
"{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU
"{4CEE0E9F-2116-BE92-CD54-8D1834935B54}" = Catalyst Control Center Localization All
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DB161C0-7C9C-41D7-8DA1-CB112F60946B}" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"{5DD59391-FED6-576D-B6BD-71111EF96522}" = CCC Help Russian
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6168260A-6D56-50BB-193C-BF6F471394AA}" = CCC Help Greek
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{66EBD70F-A42C-475F-AEDF-277378151031}" = Nero 7 Essentials
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A150790-FC79-D323-92D4-E773E3A03789}" = CCC Help Portuguese
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6CB88B54-4C1C-E6AB-49C6-476DE56327BC}" = CCC Help Spanish
"{6DE880FE-F0C9-BC57-B7C5-2ABEAE1E501E}" = CCC Help German
"{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{79660B73-3DD0-9C3D-3F29-0E266F3AE5EA}" = CCC Help Norwegian
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{81E5E076-F2C1-AE09-A360-0CAC2967FD5F}" = CCC Help Swedish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007
"{90120000-0021-0407-0000-0000000FF1CE}_VisualWebDeveloper_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_VisualWebDeveloper_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{986CAA52-3249-B34F-DC64-07347926CF57}" = CCC Help Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9C19FFB1-25FC-43FC-AC78-919E5E2A6DD0}" = TortoiseSVN 1.6.6.17493 (32 bit)
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{9E4FF410-471F-49E3-9358-74FF0D5E9901}" = Toshiba TEMPRO
"{A0B139A7-E8D5-49E8-A7BF-12421E652208}" = pdfforge Toolbar v4.3
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}" = Amazon.de
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{B1060346-9388-4C5B-AA52-176C39819E43}" = Microsoft .NET Compact Framework 2.0 SP2
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B5B8BA5D-55CA-9351-984B-048FEF97A544}" = Catalyst Control Center Graphics Previews Vista
"{B6DECBD2-EC09-17C3-35AE-8C72B08062C9}" = CCC Help Czech
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BF3AB290-563B-2F6F-9AF0-189B5CCF2C01}" = Catalyst Control Center Graphics Light
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C644BA4B-07D6-A67E-9EB4-157F6DEB68BE}" = CCC Help Chinese Traditional
"{D0831990-FF97-1F08-668D-4743CC32EFBC}" = CCC Help Finnish
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D475588F-91C9-365E-AB40-D588111DD7C4}" = MSDN Library for Visual Studio 2008 - DEU
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{D9835CE0-E294-83FE-AF9F-BC113A0D2EA9}" = CCC Help Hungarian
"{DA7F48EF-5F56-45FE-9169-3B8159A7A323}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E25FA4E1-678F-414F-9777-1E3FDBBDA4D1}" = Catalyst Control Center InstallProxy
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E8B28EF5-2A73-03A7-4F02-2DFF1D182940}" = Catalyst Control Center Graphics Full New
"{E948B551-08DB-4163-8995-8C43B03D1B19}" = maxdome Download Manager 4.1.300.78
"{E94F833D-6435-40A2-112C-4BC18100B91D}" = CCC Help Italian
"{EEA02668-D5D9-AEFF-6FFB-1EB5BC765A52}" = CCC Help French
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FCD674E3-F281-46D6-7717-6EAFDD16D8FC}" = CCC Help Dutch
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ask Toolbar_is1" = Ask Toolbar
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISER" = Microsoft Office Enterprise 2007
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Toshiba Photo Service - powered by myphotobook
"Foxit Reader" = Foxit Reader
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free Audio Dub_is1" = Free Audio Dub version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.37.426
"free-downloads.net Toolbar" = free-downloads.net Toolbar
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"HTML Help Workshop" = HTML Help Workshop
"ICQToolbar" = ICQ Toolbar
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"Microsoft Visual Studio 2008 Professional Edition - DEU" = Microsoft Visual Studio 2008 Professional Edition - DEU
"MonkeyJam_is1" = MonkeyJam 3_050529
"Mozilla Firefox (3.5.19)" = Mozilla Firefox (3.5.19)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"MSDN Library für Visual Studio 2008 - DEU" = MSDN Library für Visual Studio 2008 - DEU
"Uninstall_is1" = Uninstall 1.0.0.1
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.1.7
"Windows7FirewallControl_is1" = Windows7FirewallControl (i386) 3.0.3.21
"WinLiveSuite_Wave3" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.2.7
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22.05.2011 20:25:18 | Computer Name = Christoph-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 22.05.2011 20:25:20 | Computer Name = Christoph-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Die Daten sind unzulässig. .
Error - 22.05.2011 20:26:51 | Computer Name = Christoph-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 22.05.2011 20:26:51 | Computer Name = Christoph-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 22.05.2011 20:41:06 | Computer Name = Christoph-TOSH | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.1.4127 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c0c Startzeit:
01cc18e16de15247 Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
567cc054-84d5-11e0-bf48-0026223d9405
Error - 23.05.2011 07:44:37 | Computer Name = Christoph-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.05.2011 07:44:38 | Computer Name = Christoph-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.05.2011 07:44:45 | Computer Name = Christoph-TOSH | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Die Daten sind unzulässig. .
Error - 23.05.2011 08:53:17 | Computer Name = Christoph-TOSH | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.23.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 898 Startzeit:
01cc194820adb003 Endzeit: 16 Anwendungspfad: C:\Users\Christoph\Desktop\OTL.exe Berichts-ID:
9fa076e8-853b-11e0-a894-0026223d9405
Error - 23.05.2011 08:54:53 | Computer Name = Christoph-TOSH | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.23.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ac4 Startzeit:
01cc1948728dbf17 Endzeit: 0 Anwendungspfad: C:\Users\Christoph\Desktop\OTL.exe Berichts-ID:
d917db0c-853b-11e0-a894-0026223d9405
[ System Events ]
Error - 22.05.2011 20:24:55 | Computer Name = Christoph-TOSH | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 22.05.2011 20:24:55 | Computer Name = Christoph-TOSH | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 22.05.2011 20:25:37 | Computer Name = Christoph-TOSH | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
[verify-U]_System
Error - 22.05.2011 20:25:40 | Computer Name = Christoph-TOSH | Source = Service Control Manager | ID = 7023
Description = Der Dienst "[verify-U]-Service" wurde mit folgendem Fehler beendet:
%%2
Error - 22.05.2011 20:26:51 | Computer Name = Christoph-TOSH | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira AntiVir Planer" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 23.05.2011 07:44:09 | Computer Name = Christoph-TOSH | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\[verify-U]-driver.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 23.05.2011 07:44:20 | Computer Name = Christoph-TOSH | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 23.05.2011 07:44:20 | Computer Name = Christoph-TOSH | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 23.05.2011 07:45:00 | Computer Name = Christoph-TOSH | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
[verify-U]_System
Error - 23.05.2011 07:45:12 | Computer Name = Christoph-TOSH | Source = Service Control Manager | ID = 7023
Description = Der Dienst "[verify-U]-Service" wurde mit folgendem Fehler beendet:
%%2
< End of report >
Und hier das zweite Log:OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.05.2011 14:55:16 - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Christoph\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 63,04% Memory free 7,93 Gb Paging File | 6,34 Gb Available in Paging File | 79,93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 186,31 Gb Total Space | 89,38 Gb Free Space | 47,97% Space Free | Partition Type: NTFS Drive D: | 185,91 Gb Total Space | 37,29 Gb Free Space | 20,06% Space Free | Partition Type: NTFS Computer Name: CHRISTOPH-TOSH | User Name: Christoph | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Christoph\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\TortoiseSVN\bin\TSVNCache.exe (hxxp://tortoisesvn.net) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software) PRC - C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe (Sphinx Software) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\maxdome\DCBin\DCService.exe (Entriq, Inc.) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Modules (SafeList) ========== MOD - C:\Users\Christoph\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation) SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation) SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) SRV - (Windows7FirewallService) -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe (Sphinx Software) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Prosieben) -- C:\Program Files (x86)\maxdome\DCBin\DCService.exe (Entriq, Inc.) SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys () DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation) DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation) DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation) DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation) DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\tbfree.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\tbfree.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.01 12:35:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.11 21:24:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.04.29 21:07:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.05.11 21:24:31 | 000,000,000 | ---D | M] [2010.06.29 11:57:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Extensions [2010.06.29 11:57:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.05.06 00:09:53 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\7j6tf43i.default\extensions [2010.06.19 14:02:00 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\7j6tf43i.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.05.06 00:09:53 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\7j6tf43i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.05.22 18:20:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\hc03mih9.default\extensions [2009.11.13 14:51:09 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\hc03mih9.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2011.05.01 22:07:32 | 000,000,000 | -H-D | M] (FireFTP) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\hc03mih9.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2011.05.06 00:09:53 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\hc03mih9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.11.13 14:51:08 | 000,000,000 | -H-D | M] ("Daily Dilbert") -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\hc03mih9.default\extensions\{C598822D-6E25-4ADB-9137-D52C050F315C} [2010.02.26 17:58:41 | 000,000,000 | -H-D | M] ("Ask Toolbar for Firefox") -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\hc03mih9.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2009.11.16 00:08:22 | 000,000,000 | -H-D | M] ("Firefox Accessibility Extension") -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\hc03mih9.default\extensions\accessext@cita.uiuc.edu [2009.11.16 00:08:23 | 000,000,000 | -H-D | M] (Deutsches Wörterbuch, erweitert für Österreich) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\hc03mih9.default\extensions\de-AT@dictionaries.addons.mozilla.org [2009.11.16 00:08:23 | 000,000,000 | -H-D | M] (United States English Dictionary) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\hc03mih9.default\extensions\en-US@dictionaries.addons.mozilla.org [2011.05.01 22:07:31 | 000,000,000 | -H-D | M] (Firebug) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\hc03mih9.default\extensions\firebug@software.joehewitt.com [2010.07.14 21:58:17 | 000,000,000 | -H-D | M] ([verify-U]-AVS) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\hc03mih9.default\extensions\verify-u@cybits.de [2011.05.06 00:09:53 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\pb3ltllz.default\extensions [2010.06.19 14:02:01 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\pb3ltllz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.05.06 00:09:53 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\pb3ltllz.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.05.12 18:40:06 | 000,001,042 | -H-- | M] () -- C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\7j6tf43i.default\searchplugins\icqplugin.xml [2011.02.25 20:41:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010.09.23 14:46:24 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2011.03.25 23:00:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.25 23:00:22 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.25 23:00:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.25 23:00:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.25 23:00:22 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\tbfree.dll (Conduit Ltd.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\tbfree.dll (Conduit Ltd.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files (x86)\free-downloads.net\tbfree.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [Windows7FirewallControl] C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software) O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe () O4 - Startup: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - File not found O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{04b352e7-fba8-11de-ab4e-0026223d9405}\Shell - "" = AutoRun O33 - MountPoints2\{04b352e7-fba8-11de-ab4e-0026223d9405}\Shell\AutoRun\command - "" = F:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.23 14:51:02 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe [2011.05.23 02:26:36 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTH.scr [2011.05.23 00:21:56 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\SUPERAntiSpyware.com [2011.05.23 00:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2011.05.23 00:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE [2011.05.23 00:21:52 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2011.05.23 00:20:28 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011.05.22 21:02:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer [2011.05.22 18:49:23 | 000,000,000 | -H-D | C] -- C:\Users\Christoph\AppData\Roaming\Malwarebytes [2011.05.22 18:49:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.05.22 18:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.22 18:49:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes [2011.05.22 18:49:15 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.05.22 18:49:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.05.22 18:32:52 | 000,000,000 | -H-D | C] -- C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery [2011.05.16 09:43:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.05.13 07:55:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache [2011.05.12 13:27:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\Skype Extras [2011.05.12 13:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.05.12 13:26:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2011.05.11 21:25:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2011.05.11 21:23:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio [2011.05.11 21:23:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2011.05.11 21:20:54 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office [2011.05.11 12:29:58 | 005,509,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2011.05.11 12:29:56 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2011.05.11 12:29:56 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2011.05.06 00:09:53 | 000,000,000 | -H-D | C] -- C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers [2011.05.06 00:09:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Plasmoo [2011.04.27 21:16:56 | 001,721,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01009.dll [2011.04.27 21:16:56 | 001,002,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinUSBCoInstaller2.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.23 14:55:18 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.23 14:50:42 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe [2011.05.23 13:52:06 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.23 13:52:06 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.23 13:44:41 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.23 13:44:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.23 13:44:12 | 3193,602,048 | -HS- | M] () -- C:\hiberfil.sys [2011.05.23 00:21:54 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.05.23 00:08:00 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTH.scr [2011.05.22 18:32:21 | 000,000,344 | -H-- | M] () -- C:\ProgramData\36691704 [2011.05.20 12:37:38 | 001,619,686 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.05.20 12:37:38 | 000,700,836 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.05.20 12:37:38 | 000,653,898 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.05.20 12:37:38 | 000,150,040 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.05.20 12:37:38 | 000,121,210 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.05.14 19:05:45 | 000,752,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.05.06 00:09:56 | 000,001,210 | -H-- | M] () -- C:\Users\Christoph\Desktop\DVDVideoSoft Free Studio.lnk [2011.05.06 00:09:39 | 000,001,369 | -H-- | M] () -- C:\Users\Christoph\Desktop\Free YouTube to MP3 Converter.lnk [2011.04.27 21:19:53 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf [2011.04.27 21:16:56 | 001,721,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01009.dll [2011.04.27 21:16:56 | 001,002,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WinUSBCoInstaller2.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.23 00:21:54 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.05.22 18:32:21 | 000,000,344 | -H-- | C] () -- C:\ProgramData\36691704 [2011.05.06 00:09:48 | 000,001,210 | -H-- | C] () -- C:\Users\Christoph\Desktop\DVDVideoSoft Free Studio.lnk [2011.05.06 00:09:39 | 000,001,369 | -H-- | C] () -- C:\Users\Christoph\Desktop\Free YouTube to MP3 Converter.lnk [2011.04.27 21:19:53 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf [2011.04.13 21:16:28 | 000,000,178 | -H-- | C] () -- C:\Users\Christoph\AppData\Roaming\wklnhst.dat [2010.04.20 11:44:47 | 000,000,600 | -H-- | C] () -- C:\Users\Christoph\AppData\Roaming\winscp.rnd [2010.02.01 18:21:39 | 000,006,656 | ---- | C] () -- C:\Windows\SysWow64\CNMVS58.DLL [2010.01.08 13:29:40 | 000,000,316 | ---- | C] () -- C:\Windows\ODBC.INI [2010.01.08 13:28:49 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.11.16 01:33:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.11.12 23:10:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.10.13 17:13:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2009.07.13 23:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2009.07.13 23:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2009.07.13 23:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.04.28 04:37:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll < End of report > |
|
23.05.2011, 20:04
| #2 | |||
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows 7 Recovery vollständig entfernt? Desktop wiederherstellen?Zitat:
Schädlinge sind so programmiert, dass man sie nicht mit 2x scannen entfernen kann. Zitat:
Zitat:
Du kannst das gnaze auch sein lassen und Daten sichern über ein Live-System und Windows komplett neu aufsetzen.
__________________ |
|
23.05.2011, 21:26
| #3 | ||||
| | Windows 7 Recovery vollständig entfernt? Desktop wiederherstellen?Zitat:
Hier das Log des ersten Scans: Zitat:
Zitat:
Kannst du mir sagen was ich alles tun muss um den Trojaner von meinem system zu entfernen? Habe hier im Forum und wo anders auch noch von weiteren Programmen zum suchen von Malware gelesen, kenne mich da aber leider nicht wirklich aus damit, was ich alles beachten muss. Zitat:
Ich habe auch schon unhide.exe ausgeführt, es hat aber nicht alle Einträge im Startmenü wieder sichtbar gemacht. Kenn mich da aber auch nicht gut genug aus und weiß nicht ob das daran liegt, dass ich unhide.exe nicht in Kombination mit den anderen Programmen ausgeführt habe. würde mich über weitere Hilfe bei der Entfernung der Malware freuen. Geändert von krissl (23.05.2011 um 21:37 Uhr) |
|
24.05.2011, 08:58
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 Recovery vollständig entfernt? Desktop wiederherstellen? Zum Startmenü: Durch die Infektion wurde dein Startmenü leergefegt, bei mir bisher bekannten Varianten verschiebt der Schädling alle Verknüpfungen nach %tmp%\smtmp Eigentlich sollte unhide die Verküpfungen selbst zurück an die richtige Stelle kopieren. Wenn nicht, mach es selbst. Deine Verknüpfungen sollten jetzt hier sein: C:\Users\[DEIN_NAME]\AppData\Local\Temp\smtmp Sie müssen passend nach C:\ProgramData\Microsoft\Windows\Start Menu\Programs kopiert werden. Sag danach Bescheid ob es erfolgreich war, danach werd ich mal deine OTL-Logs durchsehen.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.05.2011, 11:01
| #5 |
| | Windows 7 Recovery vollständig entfernt? Desktop wiederherstellen? In dem Ordner gibt es mehrere Unterordner, die "1", "3" und "4" heißen. In "1" gibt es zwei Unterordner, einer heißt "Programme" und einer "Programm". In "Programs" sind mehrere Ordner, die eigentlich in das Startmenü gehören. Die sind aber zum Großteil alle leer. Diesen Ordner nach C:\ProgramData\Microsoft\Windows\Start Menu\Programs zu kopieren hat das Startmenü auch nicht wieder hergestellt. Habe in dem Temp Ordner weiter gesucht, aber nichts gefunden, was die Verknüpfungen aus dem Startmenü enthält. Mir ist auch aufgefallen, dass im Explorer versteckte Datein nachdem ich meinen Rechner heute hochgefahren habe nicht angezeigt werden. Ich habe aber über die Ordneroptionen am Sonntag eingestellt, dass dies gemacht werden soll und habe das danach nicht geändert. Könnte dies ein Zeichen sein, dass der Trojaner noch auf meinem System ist? Geändert von krissl (24.05.2011 um 11:10 Uhr) |
|
24.05.2011, 12:19
| #6 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 Recovery vollständig entfernt? Desktop wiederherstellen?Zitat:
Zitat:
__________________ --> Windows 7 Recovery vollständig entfernt? Desktop wiederherstellen? |
|
24.05.2011, 23:01
| #7 | ||
| | Windows 7 Recovery vollständig entfernt? Desktop wiederherstellen?Zitat:
Die Ordner "1", "3" und "4" sind nicht leer. In "3" sind die Verknüpfungen aus der Schnellstartleiste. "4" enthält nur ein Verknüpfung zu MalWareBytes. In "1" gibt es den Unterordner Programs, der wiederum mehrere Ordner enthält. Diese Ordner sind die, die eigentlich im Startmenü sein sollen. Allerdings sind diese Ordner größtenteils leer oder es fehlen Datein (Bspw. im Ordner Zubehör fehlt der Rechner und weitere). Diese habe ich komplett kopiert und sie werden jetzt auch im Startmenü angezeigt. In den Ordnern "1", "3" und "4" befindet sich jeweils noch eine desktop.ini. Habe mir auch geschützte Systemdatein anzeigen lassen. Mir ist gerade noch eingefallen: Ich habe am Sonntag nach der angeblichen Fehlermeldung die Bereinigungsfunktion von Windows für Festplatten genutzt und dabei auch ausgewählt, das Temp-Datein gelöscht werden. Kann das der Grund sein warum in dem smtp Ordner nicht alle Verknüpfungen aus dem Startmenü sind? Zitat:
Was kann ich noch tun? Und Danke schon mal! |
|
25.05.2011, 09:05
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 Recovery vollständig entfernt? Desktop wiederherstellen?Zitat:
Mach bitte nun ein frisches Log mit OTL: CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.05.2011, 11:26
| #9 |
| | Windows 7 Recovery vollständig entfernt? Desktop wiederherstellen? Okay, dann kümmer ich mich um das Startmenü später selbst. Danke! Heute früh beim Hochfahren wurden mir wiedre die Fehlermeldungen von Windows Recovery angezeigt. Ich habe mit rkill nur alle Prozesse davon beendet. Soll ich da jetzt noch mal mit Malwarebytes einen kompletten Scan und einen OTL Scan machen und erst dann den CustomFix? Oder gleich den CustomFix? Ich poste die Logs heute Abend nachdem ich von Arbeit wieder zu Hause bin. |
|
26.05.2011, 02:07
| #10 |
| | Windows 7 Recovery vollständig entfernt? Desktop wiederherstellen? Das Log "Extras" ist im Angang. Das Log "Otl" ist hier. (Die Datei war zu groß um sie als Anhang hochzuladen und rar Dateien werden als Anhang nich akzeptiert.)OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.05.2011 02:36:17 - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\*****\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 59,86% Memory free 7,93 Gb Paging File | 6,28 Gb Available in Paging File | 79,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 186,31 Gb Total Space | 88,88 Gb Free Space | 47,71% Space Free | Partition Type: NTFS Drive D: | 185,91 Gb Total Space | 37,68 Gb Free Space | 20,27% Space Free | Partition Type: NTFS Computer Name: CHRISTOPH-TOSH | User Name: Christoph | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.05.23 14:50:42 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe PRC - [2011.05.01 12:35:36 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.28 16:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.03.28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2009.07.14 19:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe PRC - [2009.06.29 16:43:46 | 000,364,544 | ---- | M] (Sphinx Software) -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe PRC - [2009.05.01 18:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) -- C:\Program Files (x86)\maxdome\DCBin\DCService.exe PRC - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2009.01.13 21:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe PRC - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe ========== Modules (SafeList) ========== MOD - [2011.05.23 14:50:42 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.05.04 19:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2009.08.27 13:38:22 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service) SRV:64bit: - [2009.08.05 14:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV:64bit: - [2009.08.04 11:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv) SRV:64bit: - [2009.08.03 18:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV:64bit: - [2009.07.29 23:54:22 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV:64bit: - [2007.11.08 02:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90) SRV - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.08.17 10:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2009.08.10 19:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService) SRV - [2009.08.06 16:02:50 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) SRV - [2009.07.30 05:20:36 | 000,192,368 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2009.07.14 19:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service) SRV - [2009.06.29 16:43:46 | 000,364,544 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.01 18:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) [Auto | Running] -- C:\Program Files (x86)\maxdome\DCBin\DCService.exe -- (Prosieben) SRV - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.04.01 17:07:25 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.04.01 17:07:25 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010.05.12 00:34:44 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2010.05.12 00:34:44 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2010.01.07 18:15:47 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2009.08.26 18:11:12 | 000,942,080 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se) DRV:64bit: - [2009.08.05 14:45:28 | 000,058,744 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb) DRV:64bit: - [2009.08.05 12:56:04 | 000,063,856 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd) DRV:64bit: - [2009.07.30 21:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter) DRV:64bit: - [2009.07.30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009.07.30 17:46:22 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.07.30 12:07:12 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.07.28 20:02:10 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom) DRV:64bit: - [2009.07.24 15:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64) DRV:64bit: - [2009.07.24 11:33:14 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds) DRV:64bit: - [2009.07.20 17:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.07.14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009.07.13 22:12:36 | 000,019,824 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec) DRV:64bit: - [2009.07.07 21:39:08 | 000,211,432 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd) DRV:64bit: - [2009.06.22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.06.19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL) DRV:64bit: - [2009.06.19 10:00:26 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid) DRV:64bit: - [2009.06.19 09:59:32 | 000,050,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp) DRV:64bit: - [2009.06.17 12:01:04 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte) DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.05.22 22:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.05.20 18:04:56 | 000,202,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.01 12:35:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.11 21:24:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.04.29 21:07:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.05.11 21:24:31 | 000,000,000 | ---D | M] [2010.06.29 11:57:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2010.06.29 11:57:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.05.06 00:09:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\7j6tf43i.default\extensions [2010.06.19 14:02:00 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\7j6tf43i.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.05.06 00:09:53 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\7j6tf43i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.05.26 00:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\hc03mih9.default\extensions [2009.11.13 14:51:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\hc03mih9.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2011.05.01 22:07:32 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\hc03mih9.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2011.05.06 00:09:53 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\hc03mih9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.11.13 14:51:08 | 000,000,000 | ---D | M] ("Daily Dilbert") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\hc03mih9.default\extensions\{C598822D-6E25-4ADB-9137-D52C050F315C} [2009.11.16 00:08:22 | 000,000,000 | ---D | M] ("Firefox Accessibility Extension") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\hc03mih9.default\extensions\accessext@cita.uiuc.edu [2009.11.16 00:08:23 | 000,000,000 | ---D | M] (Deutsches Wörterbuch, erweitert für Österreich) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\hc03mih9.default\extensions\de-AT@dictionaries.addons.mozilla.org [2009.11.16 00:08:23 | 000,000,000 | ---D | M] (United States English Dictionary) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\hc03mih9.default\extensions\en-US@dictionaries.addons.mozilla.org [2011.05.01 22:07:31 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\hc03mih9.default\extensions\firebug@software.joehewitt.com [2010.07.14 21:58:17 | 000,000,000 | ---D | M] ([verify-U]-AVS) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\hc03mih9.default\extensions\verify-u@cybits.de [2011.05.06 00:09:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\pb3ltllz.default\extensions [2010.06.19 14:02:01 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\pb3ltllz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.05.06 00:09:53 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\pb3ltllz.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.05.12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7j6tf43i.default\searchplugins\icqplugin.xml [2011.05.24 23:46:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010.09.23 14:46:24 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2011.03.25 23:00:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.25 23:00:22 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.25 23:00:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.25 23:00:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.25 23:00:22 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [Windows7FirewallControl] C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software) O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [yiMjvSkpKyOa] C:\ProgramData\yiMjvSkpKyOa.exe (Microsoft Corporation) O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe () O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - File not found O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{04b352e7-fba8-11de-ab4e-0026223d9405}\Shell - "" = AutoRun O33 - MountPoints2\{04b352e7-fba8-11de-ab4e-0026223d9405}\Shell\AutoRun\command - "" = F:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^Users^Christoph^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe - (TOSHIBA Europe) MsConfig:64bit - StartUpReg: 00TCrdMain - hkey= - key= - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig:64bit - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: Eraser - hkey= - key= - C:\Programme\Eraser\Eraser.exe (The Eraser Project) MsConfig:64bit - StartUpReg: HSON - hkey= - key= - C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) MsConfig:64bit - StartUpReg: ITSecMng - hkey= - key= - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - File not found MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= - File not found MsConfig:64bit - StartUpReg: SmoothView - hkey= - key= - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) MsConfig:64bit - StartUpReg: swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig:64bit - StartUpReg: TOSHIBA Online Product Information - hkey= - key= - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA) MsConfig:64bit - StartUpReg: Toshiba Registration - hkey= - key= - C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) MsConfig:64bit - StartUpReg: Toshiba TEMPRO - hkey= - key= - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) MsConfig:64bit - StartUpReg: ToshibaServiceStation - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) MsConfig:64bit - StartUpReg: TosNC - hkey= - key= - C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) MsConfig:64bit - StartUpReg: TosReelTimeMonitor - hkey= - key= - C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) MsConfig:64bit - StartUpReg: TosSENotify - hkey= - key= - C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) MsConfig:64bit - StartUpReg: TosWaitSrv - hkey= - key= - C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) MsConfig:64bit - StartUpReg: TPwrMain - hkey= - key= - C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) MsConfig:64bit - StartUpReg: TWebCamera - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: mcmscsvc - Service SafeBootMin:64bit: MCODS - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: mcmscsvc - Service SafeBootMin: MCODS - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: mcmscsvc - Service SafeBootNet:64bit: MCODS - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: MpfService - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: mcmscsvc - Service SafeBootNet: MCODS - Service SafeBootNet: Messenger - Service SafeBootNet: MpfService - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{1DE4C716-4A8E-44BE-A053-EF43EEAE57F6} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F4D399F6-F0D3-45A9-54DB-D32371DC8739} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2011.05.26 02:31:36 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2011.05.25 12:07:30 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\41737976.exe [2011.05.25 01:20:47 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery [2011.05.25 01:20:44 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\yiMjvSkpKyOa.exe [2011.05.24 23:46:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.05.24 11:53:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Service [2011.05.24 11:53:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2011.05.24 11:53:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\[verify-U] AVS [2011.05.24 02:52:56 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\vlc [2011.05.23 17:41:27 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Avira [2011.05.23 17:37:46 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.05.23 00:21:56 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\SUPERAntiSpyware.com [2011.05.23 00:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2011.05.23 00:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE [2011.05.23 00:21:52 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2011.05.23 00:20:28 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011.05.22 18:49:23 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes [2011.05.22 18:49:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.05.22 18:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.22 18:49:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.22 18:49:15 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.05.22 18:49:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.05.13 07:55:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache [2011.05.12 13:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras [2011.05.12 13:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.05.12 13:26:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2011.05.11 21:25:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2011.05.11 21:23:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio [2011.05.11 21:23:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2011.05.11 21:20:54 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office [2011.05.06 00:09:53 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers [2011.05.06 00:09:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Plasmoo [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.26 01:55:15 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.26 00:43:42 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.26 00:43:42 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.26 00:40:07 | 001,619,686 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.05.26 00:40:07 | 000,700,836 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.05.26 00:40:07 | 000,653,898 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.05.26 00:40:07 | 000,150,040 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.05.26 00:40:07 | 000,121,210 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.05.26 00:33:30 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.26 00:33:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.26 00:33:06 | 3193,602,048 | -HS- | M] () -- C:\hiberfil.sys [2011.05.25 12:07:43 | 000,000,642 | ---- | M] () -- C:\Users\Christoph\Desktop\Windows 7 Recovery.lnk [2011.05.25 12:07:31 | 000,000,336 | ---- | M] () -- C:\ProgramData\41737976 [2011.05.25 01:20:46 | 000,000,336 | ---- | M] () -- C:\ProgramData\42000120 [2011.05.24 23:42:27 | 000,001,594 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF [2011.05.24 00:40:04 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.05.24 00:38:32 | 000,001,463 | ---- | M] () -- C:\Users\*****\Desktop\Skype.lnk [2011.05.24 00:38:11 | 000,001,632 | ---- | M] () -- C:\Users\*****\Desktop\OpenOffice.lnk [2011.05.24 00:32:18 | 000,001,254 | ---- | M] () -- C:\Users\*****\Desktop\ICQ.lnk [2011.05.24 00:32:00 | 000,001,714 | ---- | M] () -- C:\Users\*****\Desktop\Foxit Reader.lnk [2011.05.24 00:29:52 | 000,001,580 | ---- | M] () -- C:\Users\*****\Desktop\Photoshop.lnk [2011.05.24 00:26:43 | 000,001,976 | ---- | M] () -- C:\Users\*****\Desktop\Mozilla Thunderbird.lnk [2011.05.24 00:26:37 | 000,001,910 | ---- | M] () -- C:\Users\*****\Desktop\Mozilla Firefox.lnk [2011.05.23 14:50:42 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2011.05.23 00:21:54 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.05.22 18:49:19 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.22 18:32:21 | 000,000,344 | ---- | M] () -- C:\ProgramData\36691704 [2011.05.14 19:05:45 | 000,752,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.05.06 00:09:39 | 000,001,369 | ---- | M] () -- C:\Users\*****\Desktop\Free YouTube to MP3 Converter.lnk [2011.04.27 21:19:53 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.25 12:07:43 | 000,000,642 | ---- | C] () -- C:\Users\*****\Desktop\Windows 7 Recovery.lnk [2011.05.25 12:07:31 | 000,000,336 | ---- | C] () -- C:\ProgramData\41737976 [2011.05.25 02:45:09 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.05.25 02:45:09 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.05.25 01:20:46 | 000,000,336 | ---- | C] () -- C:\ProgramData\42000120 [2011.05.24 23:41:31 | 000,001,594 | ---- | C] () -- C:\Windows\VPNUnInstall.MIF [2011.05.24 03:35:01 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.24 00:38:32 | 000,001,463 | ---- | C] () -- C:\Users\*****\Desktop\Skype.lnk [2011.05.24 00:38:11 | 000,001,632 | ---- | C] () -- C:\Users\*****\Desktop\OpenOffice.lnk [2011.05.24 00:32:18 | 000,001,254 | ---- | C] () -- C:\Users\*****\Desktop\ICQ.lnk [2011.05.24 00:32:00 | 000,001,714 | ---- | C] () -- C:\Users\*****\Desktop\Foxit Reader.lnk [2011.05.24 00:29:52 | 000,001,580 | ---- | C] () -- C:\Users\*****\Desktop\Photoshop.lnk [2011.05.24 00:26:43 | 000,001,976 | ---- | C] () -- C:\Users\*****\Desktop\Mozilla Thunderbird.lnk [2011.05.24 00:26:37 | 000,001,910 | ---- | C] () -- C:\Users\*****\Desktop\Mozilla Firefox.lnk [2011.05.22 18:32:21 | 000,000,344 | ---- | C] () -- C:\ProgramData\36691704 [2011.05.06 00:09:39 | 000,001,369 | ---- | C] () -- C:\Users\*****\Desktop\Free YouTube to MP3 Converter.lnk [2011.04.27 21:19:53 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf [2011.04.13 21:16:28 | 000,000,178 | ---- | C] () -- C:\Users\*****\AppData\Roaming\wklnhst.dat [2010.04.20 11:44:47 | 000,000,600 | ---- | C] () -- C:\Users\*****\AppData\Roaming\winscp.rnd [2010.02.01 18:21:39 | 000,006,656 | ---- | C] () -- C:\Windows\SysWow64\CNMVS58.DLL [2010.01.08 13:29:40 | 000,000,316 | ---- | C] () -- C:\Windows\ODBC.INI [2010.01.08 13:28:49 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.11.16 01:33:40 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2009.11.12 23:10:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.10.13 17:13:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2009.07.13 23:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2009.07.13 23:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2009.07.13 23:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.04.28 04:37:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll ========== LOP Check ========== [2010.08.14 16:44:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\21C0E6B7FD61AA898C23C9F895DB96B0 [2011.02.24 04:14:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Alcae [2011.05.25 12:06:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Dropbox [2011.05.06 00:09:53 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers [2010.09.23 14:47:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Foxit [2010.09.23 14:47:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Foxit Software [2011.05.26 01:50:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ [2011.02.26 05:08:49 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Iqnyko [2010.04.24 12:49:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Jan Scholze [2011.02.18 17:33:42 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MonkeyJam [2009.11.15 18:14:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenOffice.org [2010.01.20 12:54:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Subversion [2011.04.13 21:16:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Template [2010.06.29 11:57:54 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird [2009.12.03 22:09:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Toshiba [2011.05.07 20:55:59 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\uTorrent [2011.05.16 00:29:07 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.08.14 16:44:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\21C0E6B7FD61AA898C23C9F895DB96B0 [2011.05.13 06:33:12 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Adobe [2010.05.02 19:11:40 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ahead [2011.02.24 04:14:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Alcae [2009.11.12 17:12:24 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ATI [2011.05.23 17:41:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Avira [2010.06.23 22:51:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DivX [2011.05.25 12:06:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Dropbox [2010.09.27 17:17:24 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\dvdcss [2011.05.06 00:09:53 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers [2010.09.23 14:47:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Foxit [2010.09.23 14:47:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Foxit Software [2009.11.18 21:47:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Google [2011.05.26 01:50:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ [2009.11.12 17:11:46 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Identities [2011.02.26 05:08:49 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Iqnyko [2010.04.24 12:49:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Jan Scholze [2009.09.08 10:13:26 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Macromedia [2011.05.22 18:49:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Malwarebytes [2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Media Center Programs [2011.05.12 18:45:24 | 000,000,000 | --SD | M] -- C:\Users\*****\AppData\Roaming\Microsoft [2011.02.18 17:33:42 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MonkeyJam [2009.11.13 14:50:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Mozilla [2009.11.15 18:14:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenOffice.org [2011.05.26 01:50:26 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Skype [2011.05.26 00:34:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\skypePM [2010.01.20 12:54:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Subversion [2011.05.23 00:21:56 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SUPERAntiSpyware.com [2011.04.13 21:16:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Template [2010.06.29 11:57:54 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird [2010.05.21 00:25:49 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TortoiseSVN [2009.12.03 22:09:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Toshiba [2011.05.07 20:55:59 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\uTorrent [2011.05.24 02:53:56 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\vlc [2009.11.22 18:44:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.02.26 07:10:20 | 021,979,992 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010.09.23 14:54:07 | 000,089,831 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Dropbox\bin\Uninstall.exe [2009.08.05 18:37:36 | 000,038,208 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2007.12.30 05:01:18 | 000,307,200 | ---- | M] (Simon Tatham) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\hc03mih9.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe [2007.12.30 05:01:18 | 000,172,032 | ---- | M] (Simon Tatham) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\hc03mih9.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys [2009.06.04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys < MD5 for: IASTORV.SYS > [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\*****\AppData\Local\Temp\RarSFX0\userinit.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\*****\AppData\Local\Temp\RarSFX1\userinit.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\*****\AppData\Local\Temp\RarSFX10\userinit.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\*****\AppData\Local\Temp\RarSFX11\userinit.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\*****\AppData\Local\Temp\RarSFX13\userinit.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\*****\AppData\Local\Temp\RarSFX14\userinit.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\*****\AppData\Local\Temp\RarSFX15\userinit.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\*****\AppData\Local\Temp\RarSFX2\userinit.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\*****\AppData\Local\Temp\RarSFX3\userinit.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\*****\AppData\Local\Temp\RarSFX4\userinit.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\*****\AppData\Local\Temp\RarSFX5\userinit.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\*****\AppData\Local\Temp\RarSFX6\userinit.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\*****\AppData\Local\Temp\RarSFX7\userinit.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\*****\AppData\Local\Temp\RarSFX8\userinit.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\*****\AppData\Local\Temp\RarSFX9\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\*****\AppData\Local\Temp\RarSFX0\winlogon.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\*****\AppData\Local\Temp\RarSFX1\winlogon.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\*****\AppData\Local\Temp\RarSFX10\winlogon.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\*****\AppData\Local\Temp\RarSFX11\winlogon.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\*****\AppData\Local\Temp\RarSFX13\winlogon.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\*****\AppData\Local\Temp\RarSFX14\winlogon.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\*****\AppData\Local\Temp\RarSFX15\winlogon.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\*****\AppData\Local\Temp\RarSFX2\winlogon.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\*****\AppData\Local\Temp\RarSFX3\winlogon.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\*****\AppData\Local\Temp\RarSFX4\winlogon.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\*****\AppData\Local\Temp\RarSFX5\winlogon.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\*****\AppData\Local\Temp\RarSFX6\winlogon.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\*****\AppData\Local\Temp\RarSFX7\winlogon.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\*****\AppData\Local\Temp\RarSFX8\winlogon.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\*****\AppData\Local\Temp\RarSFX9\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > |
|
26.05.2011, 09:32
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 Recovery vollständig entfernt? Desktop wiederherstellen? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
O4 - HKCU..\Run: [yiMjvSkpKyOa] C:\ProgramData\yiMjvSkpKyOa.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{04b352e7-fba8-11de-ab4e-0026223d9405}\Shell - "" = AutoRun
O33 - MountPoints2\{04b352e7-fba8-11de-ab4e-0026223d9405}\Shell\AutoRun\command - "" = F:\autorun.exe
[2011.05.25 01:20:47 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
[2011.05.25 01:20:44 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\yiMjvSkpKyOa.exe
[2011.02.26 05:08:49 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Iqnyko
[2011.05.25 12:07:43 | 000,000,642 | ---- | C] () -- C:\Users\*****\Desktop\Windows 7 Recovery.lnk
[2010.08.14 16:44:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\21C0E6B7FD61AA898C23C9F895DB96B0
:Files
C:\ProgramData\4*
C:\ProgramData\3*
C:\ProgramData\~*
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.05.2011, 12:56
| #12 |
| | Windows 7 Recovery vollständig entfernt? Desktop wiederherstellen? Hier das Log. Mein Rechner wurde nicht neugestartet. ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\yiMjvSkpKyOa deleted successfully. C:\ProgramData\yiMjvSkpKyOa.exe moved successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04b352e7-fba8-11de-ab4e-0026223d9405}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04b352e7-fba8-11de-ab4e-0026223d9405}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04b352e7-fba8-11de-ab4e-0026223d9405}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04b352e7-fba8-11de-ab4e-0026223d9405}\ not found. File F:\autorun.exe not found. C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery folder moved successfully. File C:\ProgramData\yiMjvSkpKyOa.exe not found. C:\Users\*****\\AppData\Roaming\Iqnyko folder moved successfully. C:\Users\*****\\Desktop\Windows 7 Recovery.lnk moved successfully. C:\Users\*****\\AppData\Roaming\21C0E6B7FD61AA898C23C9F895DB96B0 folder moved successfully. ========== FILES ========== C:\ProgramData\41737976 moved successfully. C:\ProgramData\41737976.exe moved successfully. C:\ProgramData\42000120 moved successfully. C:\ProgramData\36691704 moved successfully. File\Folder C:\ProgramData\~* not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.23.0 log created on 05262011_135141 |
|
26.05.2011, 13:15
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 Recovery vollständig entfernt? Desktop wiederherstellen? Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.05.2011, 13:42
| #14 |
| | Windows 7 Recovery vollständig entfernt? Desktop wiederherstellen? Hier das Log von Kaspersky. Einen weiteren Scan mit Malwarebytes habe ich noch nicht gemacht. Soll ich das jetzt noch nachholen? 2011/05/26 14:35:15.0650 4672 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24 2011/05/26 14:35:15.0712 4672 ================================================================================ 2011/05/26 14:35:15.0712 4672 SystemInfo: 2011/05/26 14:35:15.0712 4672 2011/05/26 14:35:15.0712 4672 OS Version: 6.1.7600 ServicePack: 0.0 2011/05/26 14:35:15.0712 4672 Product type: Workstation 2011/05/26 14:35:15.0712 4672 ComputerName: ****** 2011/05/26 14:35:15.0712 4672 UserName: ***** 2011/05/26 14:35:15.0712 4672 Windows directory: C:\Windows 2011/05/26 14:35:15.0712 4672 System windows directory: C:\Windows 2011/05/26 14:35:15.0712 4672 Running under WOW64 2011/05/26 14:35:15.0712 4672 Processor architecture: Intel x64 2011/05/26 14:35:15.0712 4672 Number of processors: 2 2011/05/26 14:35:15.0712 4672 Page size: 0x1000 2011/05/26 14:35:15.0712 4672 Boot type: Normal boot 2011/05/26 14:35:15.0712 4672 ================================================================================ 2011/05/26 14:35:16.0258 4672 Initialize success 2011/05/26 14:35:26.0882 4648 ================================================================================ 2011/05/26 14:35:26.0882 4648 Scan started 2011/05/26 14:35:26.0882 4648 Mode: Manual; 2011/05/26 14:35:26.0882 4648 ================================================================================ 2011/05/26 14:35:27.0303 4648 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 2011/05/26 14:35:27.0459 4648 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 2011/05/26 14:35:27.0584 4648 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 2011/05/26 14:35:27.0755 4648 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/05/26 14:35:27.0911 4648 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 2011/05/26 14:35:28.0036 4648 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 2011/05/26 14:35:28.0192 4648 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys 2011/05/26 14:35:28.0317 4648 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 2011/05/26 14:35:28.0442 4648 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 2011/05/26 14:35:28.0598 4648 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 2011/05/26 14:35:28.0723 4648 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 2011/05/26 14:35:28.0832 4648 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 2011/05/26 14:35:28.0957 4648 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys 2011/05/26 14:35:29.0081 4648 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/05/26 14:35:29.0206 4648 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys 2011/05/26 14:35:29.0378 4648 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 2011/05/26 14:35:29.0518 4648 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 2011/05/26 14:35:29.0627 4648 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 2011/05/26 14:35:29.0768 4648 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/05/26 14:35:29.0893 4648 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 2011/05/26 14:35:30.0064 4648 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys 2011/05/26 14:35:30.0361 4648 atikmdag (173f4c05f87085e9bda3f7037bc9f40e) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/05/26 14:35:30.0657 4648 atksgt (64f07381335e37c142f6d176705ffca6) C:\Windows\system32\DRIVERS\atksgt.sys 2011/05/26 14:35:30.0813 4648 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/05/26 14:35:30.0938 4648 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys 2011/05/26 14:35:31.0078 4648 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 2011/05/26 14:35:31.0219 4648 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 2011/05/26 14:35:31.0375 4648 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 2011/05/26 14:35:31.0531 4648 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/05/26 14:35:31.0655 4648 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 2011/05/26 14:35:31.0780 4648 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/05/26 14:35:31.0889 4648 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/05/26 14:35:32.0014 4648 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 2011/05/26 14:35:32.0139 4648 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/05/26 14:35:32.0264 4648 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/05/26 14:35:32.0357 4648 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/05/26 14:35:32.0482 4648 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/05/26 14:35:32.0623 4648 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/05/26 14:35:32.0763 4648 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 2011/05/26 14:35:32.0903 4648 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 2011/05/26 14:35:33.0013 4648 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 2011/05/26 14:35:33.0153 4648 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/05/26 14:35:33.0278 4648 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 2011/05/26 14:35:33.0403 4648 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys 2011/05/26 14:35:33.0543 4648 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 2011/05/26 14:35:33.0652 4648 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 2011/05/26 14:35:33.0793 4648 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/05/26 14:35:33.0933 4648 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys 2011/05/26 14:35:34.0089 4648 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys 2011/05/26 14:35:34.0214 4648 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 2011/05/26 14:35:34.0354 4648 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 2011/05/26 14:35:34.0479 4648 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys 2011/05/26 14:35:34.0635 4648 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 2011/05/26 14:35:34.0775 4648 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys 2011/05/26 14:35:34.0994 4648 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 2011/05/26 14:35:35.0181 4648 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 2011/05/26 14:35:35.0275 4648 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 2011/05/26 14:35:35.0431 4648 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 2011/05/26 14:35:35.0555 4648 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 2011/05/26 14:35:35.0665 4648 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 2011/05/26 14:35:35.0789 4648 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 2011/05/26 14:35:35.0914 4648 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 2011/05/26 14:35:36.0039 4648 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/05/26 14:35:36.0164 4648 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 2011/05/26 14:35:36.0289 4648 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 2011/05/26 14:35:36.0398 4648 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 2011/05/26 14:35:36.0538 4648 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys 2011/05/26 14:35:36.0647 4648 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/05/26 14:35:36.0835 4648 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 2011/05/26 14:35:36.0991 4648 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 2011/05/26 14:35:37.0115 4648 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/05/26 14:35:37.0240 4648 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/05/26 14:35:37.0349 4648 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 2011/05/26 14:35:37.0459 4648 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 2011/05/26 14:35:37.0615 4648 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 2011/05/26 14:35:37.0739 4648 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 2011/05/26 14:35:37.0864 4648 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 2011/05/26 14:35:37.0989 4648 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 2011/05/26 14:35:38.0114 4648 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/05/26 14:35:38.0223 4648 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys 2011/05/26 14:35:38.0363 4648 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys 2011/05/26 14:35:38.0691 4648 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys 2011/05/26 14:35:38.0956 4648 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 2011/05/26 14:35:39.0143 4648 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\Windows\system32\drivers\RTKVHD64.sys 2011/05/26 14:35:39.0253 4648 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 2011/05/26 14:35:39.0377 4648 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 2011/05/26 14:35:39.0518 4648 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/05/26 14:35:39.0643 4648 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2011/05/26 14:35:39.0752 4648 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 2011/05/26 14:35:39.0877 4648 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 2011/05/26 14:35:40.0017 4648 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 2011/05/26 14:35:40.0126 4648 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/05/26 14:35:40.0251 4648 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/05/26 14:35:40.0376 4648 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/05/26 14:35:40.0516 4648 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys 2011/05/26 14:35:40.0625 4648 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys 2011/05/26 14:35:40.0750 4648 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 2011/05/26 14:35:40.0922 4648 lirsgt (83ba097acaad0b00505634a62d90f93a) C:\Windows\system32\DRIVERS\lirsgt.sys 2011/05/26 14:35:41.0047 4648 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 2011/05/26 14:35:41.0203 4648 LPCFilter (41e122f6d1448c94cc05196bc41d6bfb) C:\Windows\system32\DRIVERS\LPCFilter.sys 2011/05/26 14:35:41.0343 4648 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/05/26 14:35:41.0483 4648 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/05/26 14:35:41.0608 4648 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/05/26 14:35:41.0749 4648 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/05/26 14:35:41.0873 4648 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 2011/05/26 14:35:41.0998 4648 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 2011/05/26 14:35:42.0123 4648 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/05/26 14:35:42.0248 4648 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 2011/05/26 14:35:42.0373 4648 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 2011/05/26 14:35:42.0497 4648 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 2011/05/26 14:35:42.0622 4648 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 2011/05/26 14:35:42.0763 4648 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 2011/05/26 14:35:42.0872 4648 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 2011/05/26 14:35:42.0997 4648 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 2011/05/26 14:35:43.0121 4648 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 2011/05/26 14:35:43.0246 4648 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/05/26 14:35:43.0355 4648 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/05/26 14:35:43.0465 4648 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/05/26 14:35:43.0589 4648 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 2011/05/26 14:35:43.0714 4648 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 2011/05/26 14:35:43.0839 4648 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 2011/05/26 14:35:43.0964 4648 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 2011/05/26 14:35:44.0073 4648 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 2011/05/26 14:35:44.0213 4648 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 2011/05/26 14:35:44.0338 4648 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/05/26 14:35:44.0447 4648 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 2011/05/26 14:35:44.0557 4648 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 2011/05/26 14:35:44.0666 4648 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/05/26 14:35:44.0806 4648 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 2011/05/26 14:35:44.0947 4648 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/05/26 14:35:45.0025 4648 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 2011/05/26 14:35:45.0149 4648 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 2011/05/26 14:35:45.0337 4648 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 2011/05/26 14:35:45.0461 4648 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/05/26 14:35:45.0571 4648 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/05/26 14:35:45.0695 4648 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/05/26 14:35:45.0805 4648 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/05/26 14:35:45.0898 4648 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 2011/05/26 14:35:46.0023 4648 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 2011/05/26 14:35:46.0132 4648 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 2011/05/26 14:35:46.0257 4648 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/05/26 14:35:46.0382 4648 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 2011/05/26 14:35:46.0475 4648 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 2011/05/26 14:35:46.0631 4648 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys 2011/05/26 14:35:46.0756 4648 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 2011/05/26 14:35:46.0865 4648 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys 2011/05/26 14:35:46.0975 4648 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys 2011/05/26 14:35:47.0099 4648 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 2011/05/26 14:35:47.0224 4648 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/05/26 14:35:47.0396 4648 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 2011/05/26 14:35:47.0505 4648 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 2011/05/26 14:35:47.0630 4648 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 2011/05/26 14:35:47.0739 4648 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 2011/05/26 14:35:47.0864 4648 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/05/26 14:35:47.0957 4648 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 2011/05/26 14:35:48.0082 4648 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 2011/05/26 14:35:48.0254 4648 PGEffect (663962900e7fea522126ba287715bb4a) C:\Windows\system32\DRIVERS\pgeffect.sys 2011/05/26 14:35:48.0410 4648 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 2011/05/26 14:35:48.0503 4648 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 2011/05/26 14:35:48.0675 4648 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 2011/05/26 14:35:48.0815 4648 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 2011/05/26 14:35:48.0940 4648 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/05/26 14:35:49.0065 4648 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 2011/05/26 14:35:49.0174 4648 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 2011/05/26 14:35:49.0299 4648 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/05/26 14:35:49.0408 4648 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/05/26 14:35:49.0533 4648 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/05/26 14:35:49.0658 4648 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 2011/05/26 14:35:49.0767 4648 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 2011/05/26 14:35:49.0876 4648 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/05/26 14:35:49.0985 4648 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/05/26 14:35:50.0110 4648 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 2011/05/26 14:35:50.0235 4648 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 2011/05/26 14:35:50.0329 4648 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys 2011/05/26 14:35:50.0453 4648 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 2011/05/26 14:35:50.0578 4648 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys 2011/05/26 14:35:50.0734 4648 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 2011/05/26 14:35:50.0875 4648 RSUSBSTOR (8c22f21c924413d4e109995f748e18bb) C:\Windows\system32\Drivers\RtsUStor.sys 2011/05/26 14:35:50.0999 4648 RTHDMIAzAudService (483c537e69fa97c77f7fe0e2e1c1f102) C:\Windows\system32\drivers\RtHDMIVX.sys 2011/05/26 14:35:51.0155 4648 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys 2011/05/26 14:35:51.0296 4648 rtl8192se (a9ede191b5478d18f0a1bff3b822f7a5) C:\Windows\system32\DRIVERS\rtl8192se.sys 2011/05/26 14:35:51.0514 4648 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 2011/05/26 14:35:51.0623 4648 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 2011/05/26 14:35:51.0764 4648 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 2011/05/26 14:35:51.0889 4648 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 2011/05/26 14:35:52.0029 4648 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 2011/05/26 14:35:52.0138 4648 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 2011/05/26 14:35:52.0201 4648 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/05/26 14:35:52.0294 4648 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2011/05/26 14:35:52.0403 4648 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/05/26 14:35:52.0497 4648 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/05/26 14:35:52.0637 4648 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/05/26 14:35:52.0731 4648 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/05/26 14:35:52.0871 4648 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 2011/05/26 14:35:52.0996 4648 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 2011/05/26 14:35:53.0168 4648 sptd (88e5162e58c8919cc873f5d8946197cf) C:\Windows\system32\Drivers\sptd.sys 2011/05/26 14:35:53.0168 4648 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 88e5162e58c8919cc873f5d8946197cf 2011/05/26 14:35:53.0183 4648 sptd - detected LockedFile.Multi.Generic (1) 2011/05/26 14:35:53.0324 4648 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys 2011/05/26 14:35:53.0449 4648 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys 2011/05/26 14:35:53.0558 4648 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys 2011/05/26 14:35:53.0714 4648 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 2011/05/26 14:35:53.0823 4648 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 2011/05/26 14:35:53.0979 4648 SynTP (be7311da9d6833fa69ed04b744a1c8f8) C:\Windows\system32\DRIVERS\SynTP.sys 2011/05/26 14:35:54.0244 4648 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys 2011/05/26 14:35:54.0431 4648 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys 2011/05/26 14:35:54.0556 4648 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 2011/05/26 14:35:54.0697 4648 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys 2011/05/26 14:35:54.0790 4648 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 2011/05/26 14:35:54.0899 4648 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 2011/05/26 14:35:55.0024 4648 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 2011/05/26 14:35:55.0149 4648 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 2011/05/26 14:35:55.0336 4648 tosporte (8021f63311797085949fa387f7c83583) C:\Windows\system32\DRIVERS\tosporte.sys 2011/05/26 14:35:55.0461 4648 tosrfbd (71bb669bfcade1580fdce010abc76310) C:\Windows\system32\DRIVERS\tosrfbd.sys 2011/05/26 14:35:55.0601 4648 tosrfbnp (62512b5277d88600f8bd4b7aec43569d) C:\Windows\system32\Drivers\tosrfbnp.sys 2011/05/26 14:35:55.0726 4648 Tosrfcom (c523a9186c39d65cc9adebb2e1b93ccd) C:\Windows\system32\Drivers\tosrfcom.sys 2011/05/26 14:35:55.0851 4648 tosrfec (11699d47b3491d86249c168496d55c92) C:\Windows\system32\DRIVERS\tosrfec.sys 2011/05/26 14:35:55.0991 4648 Tosrfhid (451b8c1815c6cc39650af916c2a382cd) C:\Windows\system32\DRIVERS\Tosrfhid.sys 2011/05/26 14:35:56.0116 4648 tosrfnds (b6fdc3c76ffe9c5171eea9c37ea367c2) C:\Windows\system32\DRIVERS\tosrfnds.sys 2011/05/26 14:35:56.0241 4648 TosRfSnd (e1e045240c1184fa6628f3c7e7ff85d8) C:\Windows\system32\drivers\tosrfsnd.sys 2011/05/26 14:35:56.0381 4648 Tosrfusb (da7aa562448e29ca895895920bff8946) C:\Windows\system32\DRIVERS\tosrfusb.sys 2011/05/26 14:35:56.0537 4648 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\Windows\system32\DRIVERS\tos_sps64.sys 2011/05/26 14:35:56.0693 4648 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/05/26 14:35:56.0818 4648 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 2011/05/26 14:35:56.0959 4648 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS 2011/05/26 14:35:57.0083 4648 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\Windows\system32\DRIVERS\TVALZFL.sys 2011/05/26 14:35:57.0177 4648 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 2011/05/26 14:35:57.0302 4648 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 2011/05/26 14:35:57.0411 4648 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 2011/05/26 14:35:57.0536 4648 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 2011/05/26 14:35:57.0645 4648 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 2011/05/26 14:35:57.0754 4648 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/05/26 14:35:57.0910 4648 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 2011/05/26 14:35:58.0019 4648 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys 2011/05/26 14:35:58.0144 4648 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys 2011/05/26 14:35:58.0253 4648 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys 2011/05/26 14:35:58.0378 4648 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 2011/05/26 14:35:58.0487 4648 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/05/26 14:35:58.0597 4648 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/05/26 14:35:58.0721 4648 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys 2011/05/26 14:35:58.0877 4648 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 2011/05/26 14:35:59.0018 4648 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/05/26 14:35:59.0127 4648 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 2011/05/26 14:35:59.0236 4648 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 2011/05/26 14:35:59.0345 4648 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 2011/05/26 14:35:59.0439 4648 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 2011/05/26 14:35:59.0564 4648 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 2011/05/26 14:35:59.0673 4648 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 2011/05/26 14:35:59.0798 4648 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/05/26 14:35:59.0923 4648 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 2011/05/26 14:36:00.0016 4648 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 2011/05/26 14:36:00.0141 4648 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 2011/05/26 14:36:00.0266 4648 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 2011/05/26 14:36:00.0406 4648 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/26 14:36:00.0437 4648 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/26 14:36:00.0578 4648 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 2011/05/26 14:36:00.0703 4648 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 2011/05/26 14:36:00.0890 4648 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/05/26 14:36:00.0999 4648 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 2011/05/26 14:36:01.0186 4648 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys 2011/05/26 14:36:01.0295 4648 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/05/26 14:36:01.0451 4648 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 2011/05/26 14:36:01.0576 4648 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 2011/05/26 14:36:01.0701 4648 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/05/26 14:36:01.0904 4648 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 2011/05/26 14:36:01.0919 4648 ================================================================================ 2011/05/26 14:36:01.0919 4648 Scan finished 2011/05/26 14:36:01.0919 4648 ================================================================================ 2011/05/26 14:36:01.0919 1784 Detected object count: 1 2011/05/26 14:36:01.0919 1784 Actual detected object count: 1 2011/05/26 14:36:21.0981 1784 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot 2011/05/26 14:36:22.0043 1784 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot 2011/05/26 14:36:22.0059 1784 C:\Windows\system32\Drivers\sptd.sys - will be deleted after reboot 2011/05/26 14:36:22.0059 1784 LockedFile.Multi.Generic(sptd) - User select action: Delete |
|
26.05.2011, 14:59
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 Recovery vollständig entfernt? Desktop wiederherstellen? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Windows 7 Recovery vollständig entfernt? Desktop wiederherstellen? |
| 32 bit, 64-bit, anti-malware, appdata, askbar, audacity, beendet, befall, c:\windows\system32\rundll32.exe, canon, conduit, control, dateien, desktop, document, entfernt?, eraser, explorer, fehlermeldungen, festplatte, frage, funktioniert, install.exe, log, malwarebytes, microsoft, microsoft office word, mozilla thunderbird, nicht mehr, office 2007, oldtimer, otl scan, pdfforge toolbar, plug-in, rechner, recovery, sched.exe, searchplugins, security update, shell32.dll, shortcut, software, spigot, sptd.sys, start menu, studio, syswow64, temp, tmp, treiber, trojan.zbotr.gen, trojaner, usb 2.0, verschwunden, visual studio, webcheck, windows |
Textbox.
.
Linear-Darstellung
