Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Virus aus Russland (https://www.trojaner-board.de/103105-virus-russland.html)

RanaXT 02.09.2011 09:23
Virus aus Russland
 
Hallo,

also ich habe mir vor kurzem (keine ahnung wie) einen Virus eingefangen. Ich hatte meinen Pc laufen und als ich wieder kam war auf einmal eine komische Datei auf dem Desktop. In der Detailbeschreibung war eine (ich glaube) Papierfabrik in Russland als Ursprung genannt und der Name etc. war auf russisch.

Ich habe also die Datei gelöscht. Darauf sind aber nacheinander immer wieder Windows Fenster aufgegangen, in denen ich aufgefordert wurde eine Installation zuzulassen -> natürlich abgelehnt. Weil das aber nicht aufhörte habe ich den Laptop ausgeschaltet und wieder hochgefahren. Das problem mit den Fenstern war nun weg, aber der Virus hat mein System trotzdem infiziert und legt es total lahm, das heißt der mein Pc läuft nurnoch verdammt langsam...

Habe daraufhin versucht mit verschiedenen Virenprogrammen was zu finden bzw. es zu lösen aber keine Chance.

Hier noch ein Bild das 2 der neuangelegten Systemstartprogramme zeigt.
Eslaufen auch einige rundll32.exe meh als sonst.


http://img27.imageshack.us/img27/7830/neuebitmapn.png





Ich hoffe ich habe alles richtig gemacht und Ihr könnt damit was anfangen und mir helfen...

Vielen dank schon mal im Voraus!

Swisstreasure 02.09.2011 09:46
:hallo:

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1
Code:
:OTL
O4 - HKLM..\Run: [TWebCamera] File not found
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [{221117D1-1E1D-B216-55C2-9C982CB53E98}] File not found
O4 - HKCU..\Run: [NvCplDaemonTool] C:\Users\Michael\kbloadCF.dll (Корпорация Майкрософт;)
O4 - HKCU..\Run: [Uvixalosacevez] File not found
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\g3OnlineTimer.lnk = File not found
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanjdiskb96.dll (Корпорация Майкрософт;)
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = File not found
O33 - MountPoints2\{0dbc603f-ea36-11de-a7af-00235afdef2c}\Shell - "" = AutoRun
O33 - MountPoints2\{0dbc603f-ea36-11de-a7af-00235afdef2c}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{7bcafd88-4da2-11e0-ab4d-0024d2c8c695}\Shell - "" = AutoRun
O33 - MountPoints2\{7bcafd88-4da2-11e0-ab4d-0024d2c8c695}\Shell\AutoRun\command - "" = G:\NokiaPCIA_Autorun.exe
O33 - MountPoints2\{8db3a56c-8205-11df-a935-0024d2c8c695}\Shell - "" = AutoRun
O33 - MountPoints2\{8db3a56c-8205-11df-a935-0024d2c8c695}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{9f7b8fe1-5ed3-11e0-afd1-0024d2c8c695}\Shell - "" = AutoRun
O33 - MountPoints2\{9f7b8fe1-5ed3-11e0-afd1-0024d2c8c695}\Shell\AutoRun\command - "" = D:\Autorun.exe
MsConfig:64bit - StartUpReg: Uvixalosacevez - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: NvCplDaemonTool - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
:Commands
[purity]
[emptytemp]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

RanaXT 02.09.2011 10:52
OTL Logfile:

Code:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TWebCamera deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{221117D1-1E1D-B216-55C2-9C982CB53E98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{221117D1-1E1D-B216-55C2-9C982CB53E98}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\NvCplDaemonTool deleted successfully.
C:\Users\Michael\kbloadCF.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Uvixalosacevez deleted successfully.
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\g3OnlineTimer.lnk moved successfully.
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanjdiskb96.dll moved successfully.
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dbc603f-ea36-11de-a7af-00235afdef2c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0dbc603f-ea36-11de-a7af-00235afdef2c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dbc603f-ea36-11de-a7af-00235afdef2c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0dbc603f-ea36-11de-a7af-00235afdef2c}\ not found.
File I:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7bcafd88-4da2-11e0-ab4d-0024d2c8c695}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bcafd88-4da2-11e0-ab4d-0024d2c8c695}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7bcafd88-4da2-11e0-ab4d-0024d2c8c695}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bcafd88-4da2-11e0-ab4d-0024d2c8c695}\ not found.
File G:\NokiaPCIA_Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8db3a56c-8205-11df-a935-0024d2c8c695}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8db3a56c-8205-11df-a935-0024d2c8c695}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8db3a56c-8205-11df-a935-0024d2c8c695}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8db3a56c-8205-11df-a935-0024d2c8c695}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f7b8fe1-5ed3-11e0-afd1-0024d2c8c695}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f7b8fe1-5ed3-11e0-afd1-0024d2c8c695}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f7b8fe1-5ed3-11e0-afd1-0024d2c8c695}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f7b8fe1-5ed3-11e0-afd1-0024d2c8c695}\ not found.
File D:\Autorun.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Uvixalosacevez\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NvCplDaemonTool\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Michael
->Temp folder emptied: 8068207 bytes
->Temporary Internet Files folder emptied: 4332146797 bytes
->Java cache emptied: 11800 bytes
->FireFox cache emptied: 76769173 bytes
->Flash cache emptied: 656 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 932940363 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 333 bytes
 
Total Files Cleaned = 5.102,00 mb
 
 
OTL by OldTimer - Version 3.2.27.0 log created on 09022011_113136

Files\Folders moved on Reboot...
File\Folder C:\Users\Michael\AppData\Local\Temp\Low\~DF7116.tmp not found!
File\Folder C:\Users\Michael\AppData\Local\Temp\Low\~DF8A56.tmp not found!
C:\Users\Michael\AppData\Local\Temp\Low\~DFBB61.tmp moved successfully.
File\Folder C:\Users\Michael\AppData\Local\Temp\Low\~DFD8DE.tmp not found!
File\Folder C:\Windows\temp\mcafee_3c1cEgUWFB35Boj not found!
File\Folder C:\Windows\temp\mcafee_S7MOwkWWuLUfhZG not found!
File\Folder C:\Windows\temp\mcmsc_bemWE91M9wlQeAd not found!
File\Folder C:\Windows\temp\mcmsc_wSUHtfcsAiPIrhd not found!
File\Folder C:\Windows\temp\mcmsc_YINnpWaMMA8Flni not found!
File\Folder C:\Windows\temp\sqlite_5fhrOdOGfCDLOfz not found!
File\Folder C:\Windows\temp\sqlite_cJwwA1SgdOsMiMZ not found!
File\Folder C:\Windows\temp\sqlite_Sa4c1Hj6BiyLwWt not found!
File\Folder C:\Windows\temp\sqlite_Tq028hkiBF2a34P not found!

Registry entries deleted on Reboot...


Malwarebytes:

Code:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7635

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

02.09.2011 11:52:11
mbam-log-2011-09-02 (11-52-11).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 178774
Laufzeit: 3 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
c:\Users\Michael\kbloadCF.dll (Trojan.Agent.WIMP) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemonTool (Trojan.Agent.WIMP) -> Value: NvCplDaemonTool -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Michael\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Michael\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scanjdiskb96.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Michael\kbloadCF.dll (Trojan.Agent.WIMP) -> Quarantined and deleted successfully.

Swisstreasure 02.09.2011 15:13
Schritt 1

Wie läufts?

Schritt 2

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

RanaXT 02.09.2011 16:33
Naja alles noch immer beim Alten soweit ich das feststellen kann.

habe das Ergebnis als zib angehängt.


wobei OTL die Datei Extras nicht selbst aufgemacht hat. Ich weis ja nicht ob das was bedeutet :)

Kann man schon sagen was das für eine Art von Virus ist, bzw. was es macht?

Swisstreasure 02.09.2011 16:34
Bitte
  • alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
  • keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
  • nichts am Rechner arbeiten,
  • nach jedem Scan der Rechner neu gestarten.
Gmer scannen lassen
  • Lade Dir Gmer von dieser Seite herunter
    (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
    Vista und Win7 User mit Rechtsklick und als Administrator starten.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei:
    • IAT/EAT
    • Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
    • Show all (sollte abgehackt sein)
  • Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

RanaXT 02.09.2011 18:19
Jetzt ist es gerade so das ich einige Programme nur mit rechtsklick -> als Administrator ausführen öffnen kann. (z.B. I-explorer)

Hier mal die Logfile von Gmer:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-09-02 19:08:29
Windows 6.0.6002 Service Pack 2
Running: rkojfyxl.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                   
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                0
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                              0x63 0x6B 0x45 0x86 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                1
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x29 0x4D 0x79 0xC1 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                         
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                    0x5D 0x31 0xB2 0x01 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                     
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xF5 0xD4 0xFA 0xD7 ...
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)               
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                    0
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                  0x63 0x6B 0x45 0x86 ...
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                    1
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x29 0x4D 0x79 0xC1 ...
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)     
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                        0x5D 0x31 0xB2 0x01 ...
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xF5 0xD4 0xFA 0xD7 ...

---- Files - GMER 1.0.15 ----

File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.ci          0 bytes
File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.dir        0 bytes
File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid        0 bytes
File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.ci          0 bytes
File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.dir        0 bytes
File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid        0 bytes
File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.ci          0 bytes
File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.dir        0 bytes
File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid        0 bytes
File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.ci          0 bytes
File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.dir        0 bytes
File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid        0 bytes
File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.ci          0 bytes
File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.dir        0 bytes
File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.wid        0 bytes

---- EOF - GMER 1.0.15 ----

Swisstreasure 02.09.2011 22:47
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop
  • Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
  • Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
  • ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
  • Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.
**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

http://i94.photobucket.com/albums/l8...eWHKonsole.jpg

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

http://i94.photobucket.com/albums/l8...nstalliert.jpg

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.

RanaXT 03.09.2011 16:37
Konnte heute leider nicht früher...


hier das Ergebnis:

Code:
ComboFix 11-09-02.04 - Michael 03.09.2011  17:12:49.1.2 - x64
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.43.1031.18.6108.4182 [GMT 2:00]
ausgeführt von:: c:\users\Michael\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: McAfee VirusScan *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-08-03 bis 2011-09-03  ))))))))))))))))))))))))))))))
.
.
2011-09-03 15:25 . 2011-09-03 15:28        --------        d-----w-        c:\users\Michael\AppData\Local\temp
2011-09-03 15:25 . 2011-09-03 15:25        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-09-02 09:41 . 2011-09-02 09:41        --------        d-----w-        c:\users\Michael\AppData\Roaming\Malwarebytes
2011-09-02 09:40 . 2011-07-06 17:52        41272        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-09-02 09:40 . 2011-09-02 09:40        --------        d-----w-        c:\programdata\Malwarebytes
2011-09-02 09:40 . 2011-07-06 17:52        25912        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-09-02 09:40 . 2011-09-02 09:41        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-02 09:31 . 2011-09-02 09:31        --------        d-----w-        C:\_OTL
2011-09-02 05:25 . 2011-09-02 05:25        --------        d-----w-        C:\ProcAlyzer Dumps
2011-09-01 08:00 . 2011-09-01 07:07        16432        ----a-w-        c:\windows\system32\lsdelete.exe
2011-09-01 07:07 . 2011-09-01 07:07        55384        ----a-w-        c:\windows\system32\drivers\SBREDrv.sys
2011-09-01 07:03 . 2011-09-02 07:37        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2011-09-01 07:00 . 2011-08-18 13:25        69376        ----a-w-        c:\windows\system32\drivers\Lbd.sys
2011-09-01 07:00 . 2011-09-01 07:00        --------        d-----w-        c:\program files (x86)\Lavasoft
2011-09-01 07:00 . 2011-09-01 07:00        --------        d-----w-        c:\programdata\Lavasoft
2011-08-28 17:18 . 2011-09-01 08:00        --------        d-----w-        c:\users\Michael\AppData\Roaming\Lufec
2011-08-28 09:29 . 2011-08-28 09:29        --------        dc-h--w-        c:\programdata\{1D11E9B5-801D-4DE3-8A18-77AC160788F6}
2011-08-28 09:27 . 2011-08-28 09:27        --------        d-----w-        c:\program files (x86)\Common Files\Native Instruments
2011-08-28 09:27 . 2011-08-28 09:27        --------        dc-h--w-        c:\programdata\{DCC412E7-393B-4016-91FB-9307F059AFB6}
2011-08-28 09:27 . 2011-08-28 09:27        --------        d-----w-        c:\program files\Common Files\Native Instruments
2011-08-28 09:27 . 2011-08-28 09:27        --------        dc-h--w-        c:\programdata\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2011-08-28 09:27 . 2011-08-28 09:27        --------        d-----w-        c:\programdata\Native Instruments
2011-08-28 09:27 . 2011-08-28 09:27        --------        d-----w-        c:\program files\Native Instruments
2011-08-24 15:32 . 2011-07-11 13:45        2048        ----a-w-        c:\windows\system32\tzres.dll
2011-08-24 15:32 . 2011-07-11 13:25        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2011-08-23 12:07 . 2011-08-23 12:07        404640        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-14 19:32 . 2011-08-24 18:35        16856        ----a-w-        c:\program files (x86)\Mozilla Firefox\plugin-container.exe
2011-08-14 19:32 . 2011-08-24 18:35        719832        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozcpp19.dll
2011-08-10 20:36 . 2011-06-06 10:59        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2011-08-10 20:36 . 2011-06-06 10:59        2409784        ----a-w-        c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-08-10 20:36 . 2011-06-17 16:16        451072        ----a-w-        c:\windows\system32\winsrv.dll
2011-08-10 20:36 . 2011-07-06 15:49        275456        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 20:36 . 2011-06-17 20:14        1427344        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2011-08-10 20:36 . 2011-06-20 08:45        4699536        ----a-w-        c:\windows\system32\ntoskrnl.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-02 07:57 . 2011-08-02 07:57        0        ---ha-w-        c:\users\Michael\AppData\Local\BIT9937.tmp
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 152064]
"NvCplDaemonTool"="c:\users\Michael\kbloadCF.dll" [2011-04-12 824320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2008-11-21 438272]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-06-05 136600]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-21 61440]
"TRCMan"="c:\program files (x86)\TOSHIBA\TRCMan\TRCMan.exe" [2008-11-26 701752]
"NDSTray.exe"="c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe" [2009-05-12 299008]
"cfFncEnabler.exe"="c:\program files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe" [2009-03-24 16384]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-04-01 1283384]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
scandisk.lnk - c:\windows\system32\rundll32.exe [2006-11-2 46592]
scanjdiskb96.dll [2011-4-12 824320]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-3-19 2532680]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe [2009-2-24 391072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean64.exe\0lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 cpuz130;cpuz130;c:\users\Michael\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-01 2151640]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 BBDemon;Backbone Service;c:\program files (x86)\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe [2007-05-04 36864]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-04-15 803696]
R4 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-03-12 117248]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 camsvc;TOSHIBA Web Camera Service;c:\program files (x86)\Toshiba\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-04-16 20544]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-03-06 36864]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 101048]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 5352960]
S2 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-04-01 62776]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-04-24 242176]
S2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-03-17 84480]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 arcvad_ds2dhw;ArcMIVEVad Service;c:\windows\system32\drivers\ArcVad.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [x]
S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc0f9c7af0cc20.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 21:54]
.
2011-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc0f9c7bb5a2c0.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 21:54]
.
2011-03-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2009-09-14 19:26]
.
2011-03-31 c:\windows\Tasks\McQcTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2009-09-14 19:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-30 7574048]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-30 1833504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1716008]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [2009-04-23 1128448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.at/ig
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\3v3a52fx.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files (x86)\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-HDMICtrlMan - c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Free Audio CD Burner_is1 - c:\program files (x86)\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\progra~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\McAfee\MPF\MPFSrv.exe
c:\program files (x86)\McAfee\MSK\MskSrver.exe
c:\program files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\progra~2\McAfee\MSC\mcmscsvc.exe
c:\progra~2\mcafee.com\agent\mcagent.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
c:\program files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\progra~2\COMMON~1\mcafee\mna\mcnasvc.exe
c:\program files (x86)\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-09-03  17:35:11 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-09-03 15:35
.
Vor Suchlauf: 13 Verzeichnis(se), 15.030.579.200 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 14.764.945.408 Bytes frei
.
- - End Of File - - E01066A4C82EC431D325F80E1155020B

Swisstreasure 04.09.2011 08:06
Melde mich am Abend wieder. Bin bei der Arbeit.

Swisstreasure 04.09.2011 17:45
Schritt 1

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemonTool"=-
File::
c:\users\Michael\kbloadCF.dll
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanjdiskb96.dll
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
http://i266.photobucket.com/albums/i.../CFScriptB.gif
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Schritt 2

Scan mit SystemLook

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror #1 - Download Mirror #2
  • Doppelklick auf die SystemLook.exe, um das Tool zu starten.
    Vista-User mit Rechtsklick und als Administrator starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    :filefind
    *scandisk*
    :regfind
    *sandisk*
    :content
    *scandisk*
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

RanaXT 05.09.2011 11:18
Dauert jetzt leider auch bei mir manchmal länger da ich auch arbeiten muss...


Hier die Files:

Code:
ComboFix 11-09-04.03 - Michael 05.09.2011  11:17:32.2.2 - x64
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.43.1031.18.6108.4334 [GMT 2:00]
ausgeführt von:: c:\users\Michael\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Michael\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee VirusScan *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: McAfee VirusScan *Disabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Im Speicher befindliches AV aktiv.
.
.
FILE ::
"c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk"
"c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanjdiskb96.dll"
"c:\users\Michael\kbloadCF.dll"
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanjdiskb96.dll
c:\users\Michael\kbloadCF.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-08-05 bis 2011-09-05  ))))))))))))))))))))))))))))))
.
.
2011-09-05 09:28 . 2011-09-05 10:03        --------        d-----w-        c:\users\Michael\AppData\Local\temp
2011-09-05 09:28 . 2011-09-05 09:28        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-09-02 09:41 . 2011-09-02 09:41        --------        d-----w-        c:\users\Michael\AppData\Roaming\Malwarebytes
2011-09-02 09:40 . 2011-07-06 17:52        41272        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-09-02 09:40 . 2011-09-02 09:40        --------        d-----w-        c:\programdata\Malwarebytes
2011-09-02 09:40 . 2011-07-06 17:52        25912        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-09-02 09:40 . 2011-09-02 09:41        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-02 09:31 . 2011-09-02 09:31        --------        d-----w-        C:\_OTL
2011-09-02 05:25 . 2011-09-02 05:25        --------        d-----w-        C:\ProcAlyzer Dumps
2011-09-01 08:00 . 2011-09-01 07:07        16432        ----a-w-        c:\windows\system32\lsdelete.exe
2011-09-01 07:07 . 2011-09-01 07:07        55384        ----a-w-        c:\windows\system32\drivers\SBREDrv.sys
2011-09-01 07:03 . 2011-09-02 07:37        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2011-09-01 07:00 . 2011-08-18 13:25        69376        ----a-w-        c:\windows\system32\drivers\Lbd.sys
2011-09-01 07:00 . 2011-09-01 07:00        --------        d-----w-        c:\program files (x86)\Lavasoft
2011-09-01 07:00 . 2011-09-01 07:00        --------        d-----w-        c:\programdata\Lavasoft
2011-08-28 17:18 . 2011-09-01 08:00        --------        d-----w-        c:\users\Michael\AppData\Roaming\Lufec
2011-08-28 09:29 . 2011-08-28 09:29        --------        dc-h--w-        c:\programdata\{1D11E9B5-801D-4DE3-8A18-77AC160788F6}
2011-08-28 09:27 . 2011-08-28 09:27        --------        d-----w-        c:\program files (x86)\Common Files\Native Instruments
2011-08-28 09:27 . 2011-08-28 09:27        --------        dc-h--w-        c:\programdata\{DCC412E7-393B-4016-91FB-9307F059AFB6}
2011-08-28 09:27 . 2011-08-28 09:27        --------        d-----w-        c:\program files\Common Files\Native Instruments
2011-08-28 09:27 . 2011-08-28 09:27        --------        dc-h--w-        c:\programdata\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2011-08-28 09:27 . 2011-08-28 09:27        --------        d-----w-        c:\programdata\Native Instruments
2011-08-28 09:27 . 2011-08-28 09:27        --------        d-----w-        c:\program files\Native Instruments
2011-08-24 15:32 . 2011-07-11 13:45        2048        ----a-w-        c:\windows\system32\tzres.dll
2011-08-24 15:32 . 2011-07-11 13:25        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2011-08-23 12:07 . 2011-08-23 12:07        404640        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-14 19:32 . 2011-08-24 18:35        16856        ----a-w-        c:\program files (x86)\Mozilla Firefox\plugin-container.exe
2011-08-14 19:32 . 2011-08-24 18:35        719832        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozcpp19.dll
2011-08-10 20:36 . 2011-06-06 10:59        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2011-08-10 20:36 . 2011-06-06 10:59        2409784        ----a-w-        c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-08-10 20:36 . 2011-06-17 16:16        451072        ----a-w-        c:\windows\system32\winsrv.dll
2011-08-10 20:36 . 2011-07-06 15:49        275456        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 20:36 . 2011-06-17 20:14        1427344        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2011-08-10 20:36 . 2011-06-20 08:45        4699536        ----a-w-        c:\windows\system32\ntoskrnl.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-02 07:57 . 2011-08-02 07:57        0        ---ha-w-        c:\users\Michael\AppData\Local\BIT9937.tmp
.
.
(((((((((((((((((((((((((((((  SnapShot@2011-09-03_15.27.54  )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2011-09-03 12:36        49152              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2011-09-05 08:47        49152              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2011-09-03 12:36        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2011-09-05 08:47        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2011-09-05 08:47        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2011-09-03 12:36        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2011-09-05 08:44        76714              c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-09-06 09:12 . 2011-09-05 08:44        19482              c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2670276443-3452161126-3766956368-1000_UserData.bin
- 2009-09-05 09:47 . 2011-09-03 15:27        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-05 09:47 . 2011-09-05 10:03        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-05 09:47 . 2011-09-05 10:03        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-05 09:47 . 2011-09-03 15:27        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-05 09:47 . 2011-09-05 10:03        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-05 09:47 . 2011-09-03 15:27        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-03 15:27 . 2011-09-03 15:27        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-05 09:30 . 2011-09-05 09:30        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-05 09:30 . 2011-09-05 09:30        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-09-03 15:27 . 2011-09-03 15:27        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-09-05 10:20 . 2011-09-04 10:21        602906              c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 15:45 . 2011-09-05 08:44        128404              c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 12:46 . 2011-09-03 15:08        595996              c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-09-05 09:36        595996              c:\windows\system32\perfh009.dat
- 2008-01-21 11:09 . 2011-09-03 15:08        628742              c:\windows\system32\perfh007.dat
+ 2008-01-21 11:09 . 2011-09-05 09:36        628742              c:\windows\system32\perfh007.dat
+ 2006-11-02 12:46 . 2011-09-05 09:36        104070              c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2011-09-03 15:08        104070              c:\windows\system32\perfc009.dat
- 2008-01-21 11:09 . 2011-09-03 15:08        126454              c:\windows\system32\perfc007.dat
+ 2008-01-21 11:09 . 2011-09-05 09:36        126454              c:\windows\system32\perfc007.dat
- 2010-06-21 20:16 . 2011-09-03 15:26        314576              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-06-21 20:16 . 2011-09-05 09:29        314576              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-09-05 09:23 . 2011-09-05 09:29        2079256              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-09-05 09:23 . 2011-09-03 15:26        2079256              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-06-21 20:16 . 2011-09-03 15:26        1592444              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2670276443-3452161126-3766956368-1000-8192.dat
+ 2010-06-21 20:16 . 2011-09-05 09:29        1592444              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2670276443-3452161126-3766956368-1000-8192.dat
- 2011-08-23 21:29 . 2011-09-03 15:26        1988832              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2670276443-3452161126-3766956368-1000-12288.dat
+ 2011-08-23 21:29 . 2011-09-05 09:29        1988832              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2670276443-3452161126-3766956368-1000-12288.dat
+ 2011-05-10 21:24 . 2011-09-05 09:29        29671948              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2670276443-3452161126-3766956368-1000-4096.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 152064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2008-11-21 438272]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-06-05 136600]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-21 61440]
"TRCMan"="c:\program files (x86)\TOSHIBA\TRCMan\TRCMan.exe" [2008-11-26 701752]
"NDSTray.exe"="c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe" [2009-05-12 299008]
"cfFncEnabler.exe"="c:\program files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe" [2009-03-24 16384]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-04-01 1283384]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-3-19 2532680]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe [2009-2-24 391072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean64.exe\0lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0004421315213822mcinstcleanup;McAfee Application Installer Cleanup (0004421315213822);c:\windows\TEMP\000442~1.EXE [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 cpuz130;cpuz130;c:\users\Michael\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-01 2151640]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 BBDemon;Backbone Service;c:\program files (x86)\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe [2007-05-04 36864]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-04-15 803696]
R4 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-03-12 117248]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 camsvc;TOSHIBA Web Camera Service;c:\program files (x86)\Toshiba\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-04-16 20544]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-03-06 36864]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 101048]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 5352960]
S2 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-04-01 62776]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-04-24 242176]
S2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-03-17 84480]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 arcvad_ds2dhw;ArcMIVEVad Service;c:\windows\system32\drivers\ArcVad.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [x]
S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc0f9c7af0cc20.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 21:54]
.
2011-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc0f9c7bb5a2c0.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 21:54]
.
2011-03-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2009-09-14 19:26]
.
2011-03-31 c:\windows\Tasks\McQcTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2009-09-14 19:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-30 7574048]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-30 1833504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1716008]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [2009-04-23 1128448]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"HDMICtrlMan"="c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [BU]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.at/ig
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\3v3a52fx.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files (x86)\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\progra~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\program files (x86)\McAfee\MPF\MPFSrv.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\McAfee\MSK\MskSrver.exe
c:\program files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\progra~2\McAfee\MSC\mcmscsvc.exe
c:\progra~2\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~2\mcafee.com\agent\mcagent.exe
c:\program files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-09-05  12:07:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-09-05 10:07
ComboFix2.txt  2011-09-03 15:35
.
Vor Suchlauf: 16 Verzeichnis(se), 14.395.842.560 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 14.227.410.944 Bytes frei
.
- - End Of File - - 16EB90936F9B95E85646BC0C999A585F
Look:

Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 12:15 on 05/09/2011 by Michael
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "*scandisk*"
C:\Qoobox\Quarantine\C\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk.vir        --a---- 901 bytes        [10:11 04/09/2011]        [09:08 05/09/2011] EE98638E7379438B9613E500882A0CF8
C:\Windows\pss\scandisk.lnk.Startup        ------- 901 bytes        [05:28 01/09/2011]        [15:04 02/09/2011] EE98638E7379438B9613E500882A0CF8

========== regfind ==========

Searching for "*sandisk*"
No data found.

Invalid Context: content

No Context: *scandisk*

No Context:         

-= EOF =-

Swisstreasure 05.09.2011 22:23
Schritt 1

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

RanaXT 06.09.2011 14:31
Ich bekomme nur eine logfile keine xtras
achja und ich muss aufteilen weil tb hängt sich sonst immer auf:

Code:
OTL logfile created on: 06.09.2011 14:41:11 - Run 3
OTL by OldTimer - Version 3.2.27.0    Folder = C:\Users\Michael\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
5,96 Gb Total Physical Memory | 4,38 Gb Available Physical Memory | 73,47% Memory free
12,12 Gb Paging File | 10,29 Gb Available in Paging File | 84,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,31 Gb Total Space | 13,22 Gb Free Space | 7,10% Space Free | Partition Type: NTFS
Drive E: | 184,84 Gb Total Space | 171,18 Gb Free Space | 92,61% Space Free | Partition Type: NTFS
 
Computer Name: LT | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.02 09:44:10 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Downloads\OTL.exe
PRC - [2011.08.23 14:07:42 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe
PRC - [2011.07.06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.03.17 10:15:46 | 000,382,272 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2009.07.10 03:26:42 | 000,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
PRC - [2009.07.10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
PRC - [2009.07.10 00:26:20 | 000,645,328 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\mcafee.com\agent\mcagent.exe
PRC - [2009.07.08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
PRC - [2009.07.08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
PRC - [2009.07.07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
PRC - [2009.05.12 22:26:42 | 000,299,008 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
PRC - [2009.04.16 18:42:58 | 000,020,544 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\Toshiba\TOSHIBA Web Camera Application\TWebCameraSrv.exe
PRC - [2009.03.30 16:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2009.03.19 19:57:32 | 002,532,680 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009.03.10 18:50:36 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2009.03.06 17:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009.02.03 15:07:50 | 000,308,552 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
PRC - [2009.01.26 13:58:42 | 000,700,416 | ---- | M] (TOSHIBA Corporation.) -- C:\Programme\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
PRC - [2009.01.13 21:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
PRC - [2009.01.07 11:23:32 | 000,357,704 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2008.11.26 19:26:48 | 000,701,752 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\TRCMan\TRCMan.exe
PRC - [2008.07.24 11:24:24 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.03.30 18:08:06 | 001,034,784 | ---- | M] () -- C:\Windows\SysWOW64\RTCOM\RTCOMDLL.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.04.24 11:40:26 | 000,242,176 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009.04.21 22:07:16 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.04.15 17:08:20 | 000,803,696 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009.03.17 11:48:54 | 000,084,480 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009.03.06 18:30:32 | 000,488,288 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2008.09.15 14:35:20 | 000,564,536 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2007.11.21 17:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2011.09.01 09:07:03 | 002,151,640 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.08.18 20:23:28 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.04.07 17:37:16 | 005,352,960 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2011.02.16 15:49:08 | 000,101,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.07.10 03:26:42 | 000,894,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009.07.10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009.07.08 15:15:04 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009.07.08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009.07.08 13:37:28 | 000,155,456 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Programme\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009.07.08 13:11:52 | 000,606,736 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe -- (McSysmon)
SRV - [2009.07.08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe -- (McProxy)
SRV - [2009.07.07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2009.04.16 18:42:58 | 000,020,544 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Web Camera Application\TWebCameraSrv.exe -- (camsvc)
SRV - [2009.04.01 18:10:58 | 000,062,776 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009.03.30 16:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.17 14:37:10 | 000,189,808 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009.03.12 17:50:12 | 000,117,248 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009.03.06 17:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009.02.11 13:05:16 | 000,242,424 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007.05.31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.05.04 15:24:30 | 000,036,864 | ---- | M] (Dassault Systemes) [Disabled | Stopped] -- C:\Program Files (x86)\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe -- (BBDemon)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.08.18 15:25:12 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2011.07.06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.04.04 19:30:00 | 000,272,448 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2010.07.30 15:18:04 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2010.07.30 15:18:02 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010.07.30 15:18:00 | 000,026,624 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010.07.30 15:17:56 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010.04.19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009.11.09 14:15:34 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.07.16 12:32:26 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2009.07.08 13:44:14 | 000,307,400 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009.07.08 13:44:14 | 000,102,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009.07.08 13:44:14 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009.07.08 13:37:32 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.24 14:29:40 | 000,206,336 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009.04.21 23:30:46 | 005,356,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.04.11 07:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.04.11 07:39:37 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.04.08 16:36:40 | 000,138,592 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2009.03.25 17:23:26 | 000,035,392 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009.03.23 17:28:30 | 000,056,320 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfsnd.sys -- (TosRfSnd)
DRV:64bit: - [2009.03.23 16:48:20 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009.03.20 16:37:40 | 000,266,288 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.03.19 14:07:46 | 000,052,736 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2009.03.18 11:46:44 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\pgeffect.sys -- (PGEffect)
DRV:64bit: - [2009.03.12 11:33:06 | 000,020,992 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009.03.05 11:03:34 | 000,088,576 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2009.03.03 15:34:54 | 000,045,056 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2009.02.19 16:20:18 | 000,076,160 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2009.02.11 17:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.01.27 19:12:14 | 000,504,912 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008.12.30 12:18:40 | 000,068,608 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008.11.17 07:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2008.11.11 18:30:12 | 000,189,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2008.10.28 12:27:52 | 000,027,136 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcVad.sys -- (arcvad_ds2dhw)
DRV:64bit: - [2008.10.06 17:56:58 | 000,173,696 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2008.09.17 14:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.08.13 11:30:06 | 000,669,696 | ---- | M] (DiBcom) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\dvb7700all.sys -- (mod7700)
DRV:64bit: - [2008.04.29 01:56:00 | 000,014,336 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecirhid.sys -- (enecirhid)
DRV:64bit: - [2008.04.25 09:16:00 | 000,006,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecirhidma.sys -- (enecirhidma)
DRV:64bit: - [2008.04.25 07:06:42 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2008.03.25 13:54:26 | 000,049,152 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tosporte.sys -- (tosporte)
DRV:64bit: - [2008.01.21 04:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007.12.11 14:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007.11.09 14:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007.09.04 10:29:04 | 000,014,872 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV:64bit: - [2006.10.23 16:33:08 | 000,018,944 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2006.09.18 23:38:10 | 001,074,688 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV - [2008.05.07 11:30:14 | 000,032,040 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.03.24 20:18:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.09.01 07:26:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.08.24 20:35:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.24 20:35:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.03.24 20:18:33 | 000,000,000 | ---D | M]
 
[2009.09.15 13:48:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Extensions
[2011.09.04 11:59:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\3v3a52fx.default\extensions
[2009.09.15 13:50:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\3v3a52fx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.20 15:48:39 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\3v3a52fx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.09.15 13:48:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.09.01 07:26:25 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2011.08.14 21:32:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.14 21:32:08 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.14 21:32:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.14 21:32:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.14 21:32:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.09.05 12:03:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\MSKAPB~1.DLL ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~2\mcafee\VIRUSS~1\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Programme\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [cfFncEnabler.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe (Toshiba Corporation)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -  File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30CF765A-FD14-477F-B8CC-DCCE3264146C}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75AA1371-8315-4730-955B-7135AE381425}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F02BBD11-BCAB-4C99-A96B-03702D52DEB5}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Michael\Pictures\Autos\2008-Abt-Audi-R8-Section-1920x1440.jpg
O24 - Desktop BackupWallPaper: C:\Users\Michael\Pictures\Autos\2008-Abt-Audi-R8-Section-1920x1440.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

RanaXT 06.09.2011 14:32
Teil 2:

Code:
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\PROGRA~2\MCAFEE~1\20DEB9~1.181\SSSCHE~1.EXE - (McAfee, Inc.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^scandisk.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AlcoholAutomount - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig:64bit - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig:64bit - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: HWSetup - hkey= - key= - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
MsConfig:64bit - StartUpReg: ITSecMng - hkey= - key= - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: mcagent_exe - hkey= - key= - C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
MsConfig:64bit - StartUpReg: NokiaMServer - hkey= - key= - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
MsConfig:64bit - StartUpReg: NokiaPCInternetAccess - hkey= - key= - C:\Program Files (x86)\Nokia\PC Internet Access\NPCIA.exe (Nokia)
MsConfig:64bit - StartUpReg: NvCplDaemonTool - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SmoothView - hkey= - key= - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TOSHIBA Online Product Information - hkey= - key= - C:\Program Files (x86)\Toshiba\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
MsConfig:64bit - StartUpReg: Toshiba Registration - hkey= - key= - C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
MsConfig:64bit - StartUpReg: TPCHWMsg - hkey= - key= - C:\Programme\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: Uvixalosacevez - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Windows Mobile Device Center - hkey= - key= - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: WrtMon.exe - hkey= - key= - C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.05 12:07:41 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\temp
[2011.09.05 12:03:15 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011.09.05 11:06:08 | 004,194,092 | R--- | C] (Swearware) -- C:\Users\Michael\Desktop\ComboFix.exe
[2011.09.03 17:10:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.09.03 17:10:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.09.03 17:10:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.09.03 17:10:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.09.03 17:08:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.09.02 11:41:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Malwarebytes
[2011.09.02 11:40:59 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.09.02 11:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.09.02 11:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.09.02 11:40:54 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.09.02 11:40:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.09.02 11:31:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.09.02 09:31:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011.09.02 07:25:55 | 000,000,000 | ---D | C] -- C:\ProcAlyzer Dumps
[2011.09.01 09:07:32 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011.09.01 09:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.09.01 09:00:58 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2011.09.01 09:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011.09.01 09:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011.09.01 09:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011.08.28 19:18:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Lufec
[2011.08.28 11:30:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Native Instruments
[2011.08.28 11:29:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\{1D11E9B5-801D-4DE3-8A18-77AC160788F6}
[2011.08.28 11:27:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Native Instruments
[2011.08.28 11:27:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\{DCC412E7-393B-4016-91FB-9307F059AFB6}
[2011.08.28 11:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2011.08.28 11:27:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
[2011.08.28 11:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments
[2011.08.28 11:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
[2011.08.28 11:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments
[1 C:\Users\Michael\AppData\Local\*.tmp files -> C:\Users\Michael\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.06 13:46:59 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.09.06 13:46:59 | 000,628,742 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.09.06 13:46:59 | 000,595,996 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.09.06 13:46:59 | 000,126,454 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.09.06 13:46:59 | 000,104,070 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.09.06 13:41:48 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc0f9c7af0cc20.job
[2011.09.06 13:41:44 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.06 13:41:44 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.06 13:41:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.06 13:41:29 | 2110,648,319 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.05 19:22:22 | 000,042,335 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2011.09.05 12:14:42 | 000,139,264 | ---- | M] () -- C:\Users\Michael\Desktop\SystemLook.exe
[2011.09.05 12:03:10 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.09.05 11:06:20 | 004,194,092 | R--- | M] (Swearware) -- C:\Users\Michael\Desktop\ComboFix.exe
[2011.09.02 17:39:26 | 000,302,592 | ---- | M] () -- C:\Users\Michael\Desktop\rkojfyxl.exe
[2011.09.02 11:40:59 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.02 09:57:28 | 000,672,398 | ---- | M] () -- C:\Users\Michael\Neue Bitmap.bmp
[2011.09.02 09:36:33 | 000,000,020 | ---- | M] () -- C:\Users\Michael\defogger_reenable
[2011.09.02 09:36:16 | 000,050,477 | ---- | M] () -- C:\Users\Michael\Desktop\Defogger.exe
[2011.09.02 09:31:42 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011.09.01 09:07:31 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011.09.01 09:07:28 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2011.09.01 09:01:00 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.08.28 11:29:06 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\Traktor 2.lnk
[2011.08.28 11:27:41 | 000,001,006 | ---- | M] () -- C:\Users\Public\Desktop\Controller Editor.lnk
[2011.08.28 11:27:18 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\Service Center.lnk
[2011.08.20 19:05:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cc0f9c7bb5a2c0.job
[2011.08.18 15:25:12 | 000,069,376 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[1 C:\Users\Michael\AppData\Local\*.tmp files -> C:\Users\Michael\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.05 12:14:42 | 000,139,264 | ---- | C] () -- C:\Users\Michael\Desktop\SystemLook.exe
[2011.09.03 17:10:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.09.03 17:10:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.09.03 17:10:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.09.03 17:10:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.09.03 17:10:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.09.02 17:39:24 | 000,302,592 | ---- | C] () -- C:\Users\Michael\Desktop\rkojfyxl.exe
[2011.09.02 11:40:59 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.02 09:54:33 | 000,672,398 | ---- | C] () -- C:\Users\Michael\Neue Bitmap.bmp
[2011.09.02 09:36:33 | 000,000,020 | ---- | C] () -- C:\Users\Michael\defogger_reenable
[2011.09.02 09:36:11 | 000,050,477 | ---- | C] () -- C:\Users\Michael\Desktop\Defogger.exe
[2011.09.02 09:30:36 | 000,001,773 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011.09.01 10:00:11 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2011.09.01 09:01:00 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.08.28 11:29:06 | 000,000,914 | ---- | C] () -- C:\Users\Public\Desktop\Traktor 2.lnk
[2011.08.28 11:27:41 | 000,001,006 | ---- | C] () -- C:\Users\Public\Desktop\Controller Editor.lnk
[2011.08.28 11:27:18 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\Service Center.lnk
[2010.09.20 20:17:14 | 000,000,680 | ---- | C] () -- C:\Users\Michael\AppData\Local\d3d9caps.dat
[2010.06.10 10:58:26 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.04.29 00:10:41 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2010.04.12 18:10:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.07 15:58:09 | 000,088,872 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.09.22 21:12:53 | 000,024,226 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\UserTile.png
[2009.09.17 08:27:20 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2009.09.15 14:06:01 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.09.15 14:05:30 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.09.15 14:04:53 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.09.15 13:48:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.09.15 13:35:41 | 000,113,664 | ---- | C] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.05 11:33:25 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009.09.05 11:09:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.06.05 09:12:14 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008.09.02 02:32:38 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 
========== LOP Check ==========
 
[2010.03.15 17:43:56 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DAEMON Tools Lite
[2011.04.04 19:31:53 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DAEMON Tools Pro
[2009.11.09 14:28:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DassaultSystemes
[2011.07.20 15:49:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoft
[2011.07.20 15:48:38 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.01 10:00:11 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Lufec
[2009.11.17 23:05:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\myphotobook
[2011.03.13 22:30:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Nokia
[2011.03.13 22:30:26 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Nokia Ovi Suite
[2011.03.13 22:28:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PC Suite
[2009.09.22 21:12:52 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PeerNetworking
[2010.05.12 17:34:44 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TOSHIBA
[2010.12.15 15:22:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TrafficMonitor
[2011.06.09 20:13:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TS3Client
[2011.01.03 11:52:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Web Page Maker
[2011.03.15 01:59:59 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011.04.01 01:33:33 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2011.09.05 19:22:22 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.09.05 12:03:15 | 000,000,000 | ---D | M] -- C:\$RECYCLE.BIN
[2009.06.05 11:19:58 | 000,000,000 | ---D | M] -- C:\1033
[2009.09.17 09:21:46 | 000,000,000 | ---D | M] -- C:\Boot
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.09.05 11:47:02 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.02.16 17:59:11 | 000,000,000 | ---D | M] -- C:\Games
[2009.06.05 10:22:13 | 000,000,000 | ---D | M] -- C:\Intel
[2009.06.05 11:20:05 | 000,000,000 | R--D | M] -- C:\MSOCache
[2008.01.21 05:04:13 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.09.02 07:25:55 | 000,000,000 | ---D | M] -- C:\ProcAlyzer Dumps
[2011.08.28 11:27:15 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.09.02 19:10:30 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.09.03 17:25:14 | 000,000,000 | ---D | M] -- C:\ProgramData
[2009.09.05 11:47:02 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.09.05 12:07:42 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.09.06 14:43:32 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.09.05 11:58:35 | 000,000,000 | ---D | M] -- C:\Toshiba
[2009.11.20 10:19:51 | 000,000,000 | R--D | M] -- C:\Users
[2011.09.06 13:43:01 | 000,000,000 | ---D | M] -- C:\Windows
[2009.06.05 11:18:08 | 000,000,000 | ---D | M] -- C:\Works
[2011.09.02 11:31:36 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008.10.29 08:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\ERDNT\cache86\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008.10.28 04:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008.10.30 07:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008.01.21 04:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.01.21 04:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 04:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 04:50:29 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SysWOW64\regedit.exe
[2008.01.21 04:50:29 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_5aa1fb3ac896d9c8\regedit.exe
[2008.01.21 04:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\ERDNT\cache86\regedit.exe
[2008.01.21 04:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_504d50e8943617cd\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache86\userinit.exe
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\ERDNT\cache64\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache86\wininit.exe
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\ERDNT\cache64\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
<          >

< End of report >

Swisstreasure 06.09.2011 18:00
Code:
:OTL
MsConfig:64bit - StartUpFolder: C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^scandisk.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation)
:Commands
[purity]
[emptytemp]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

RanaXT 06.09.2011 18:45
Code:
All processes killed
========== OTL ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
->Temp folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Michael
->Temp folder emptied: 607129 bytes
->Temporary Internet Files folder emptied: 470837889 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 62907232 bytes
->Flash cache emptied: 5246 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 65997 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 319 bytes
 
Total Files Cleaned = 510,00 mb
 
 
OTL by OldTimer - Version 3.2.27.0 log created on 09062011_193055

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\mcafee_ZiuY4kijd6YKRrp not found!
File\Folder C:\Windows\temp\mcmsc_aJHES3271OGPvOr not found!
File\Folder C:\Windows\temp\sqlite_5lIEijGOh5VytXr not found!
File\Folder C:\Windows\temp\sqlite_9z2RADlgOCHtcik not found!
File\Folder C:\Windows\temp\sqlite_lWkdYNbmu7EEOpc not found!

Registry entries deleted on Reboot...

Swisstreasure 06.09.2011 20:25
Bestehen noch Probleme?

RanaXT 07.09.2011 10:08
Liste der Anhänge anzeigen (Anzahl: 1)
Also was ich feststellen kann nicht.

Nur im Startup ist noch ein Prozess der zwar ausgeschalten ist aber mir nichts sagt (uviuxalsavez oder so).

Ist das was?

Swisstreasure 07.09.2011 19:50
Code:
:OTL
MsConfig:64bit - StartUpReg: Uvixalosacevez - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uvixalosacevez]
:Commands
[purity]
[emptytemp]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

RanaXT 09.09.2011 07:51
Code:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Uvixalosacevez\ not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uvixalosacevez\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
->Temp folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Michael
->Temp folder emptied: 1561838 bytes
->Temporary Internet Files folder emptied: 289245732 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 88870303 bytes
->Flash cache emptied: 4640 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66177 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 362,00 mb
 
 
OTL by OldTimer - Version 3.2.27.0 log created on 09092011_083736

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\mcafee_Fk0P3oAf7VJXbzw not found!
File\Folder C:\Windows\temp\mcmsc_okgskLh9LxeJfYr not found!
File\Folder C:\Windows\temp\sqlite_0Ehe0d2cPZ4E7J0 not found!
File\Folder C:\Windows\temp\sqlite_ktwabk5LRAIOWKZ not found!
File\Folder C:\Windows\temp\sqlite_mCM3RpcjhzS3D5J not found!

Registry entries deleted on Reboot...

Swisstreasure 09.09.2011 21:32
Bestehen noch Probleme?

RanaXT 10.09.2011 13:21
Nein passt eig. wieder alles :) wars das?
wenn ja kann ich die Programme wieder löschen?
und kann man sagen was das für ein Virus war?

Swisstreasure 11.09.2011 23:24
Melde mich Morgen, sorry.

Swisstreasure 12.09.2011 17:55

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


RanaXT 13.09.2011 05:14
Das mit dem ausführen hat nicht funktioniert aber das ist der log der gefundenen sachen:


Code:
C:\Program Files (x86)\EA\Bulletstorm\Binaries\Win32\xlive.dll        a variant of Win32/Packed.VMProtect.AAD trojan
C:\ProgramData\VistaCodecs\{CE8A1292-3EE0-42E0-9C78-DB078E7165F2}\Vista Codec Package.msi        Win32/Packed.Autoit.E.Gen application
C:\Qoobox\Quarantine\C\Users\Michael\kbloadCF.dll.vir        a variant of Win32/Kryptik.SQG trojan
C:\Qoobox\Quarantine\C\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanjdiskb96.dll.vir        a variant of Win32/Kryptik.SQG trojan
C:\Users\All Users\VistaCodecs\{CE8A1292-3EE0-42E0-9C78-DB078E7165F2}\Vista Codec Package.msi        Win32/Packed.Autoit.E.Gen application
C:\Users\Michael\Desktop\Neuer Ordner\FH\CAD\HSS-1.30-install-anchorfree-76-conduit.zip        a variant of Win32/HotSpotShield application
C:\Users\Michael\FH\1. Semester\CAD\HSS-1.30-install-anchorfree-76-conduit.zip        a variant of Win32/HotSpotShield application
C:\Users\Michael\Neuer Ordner\Adobe.Photoshop.CS5.Extended.v12.rar        NSIS/TrojanDownloader.Agent.NBW trojan
C:\_OTL\MovedFiles\09022011_113136\C_Users\Michael\kbloadCF.dll        a variant of Win32/Kryptik.SQG trojan
C:\_OTL\MovedFiles\09022011_113136\C_Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanjdiskb96.dll        a variant of Win32/Kryptik.SQG trojan

Swisstreasure 13.09.2011 17:46
Poste das vollständige Log bitte.

RanaXT 13.09.2011 18:44
Sry hab das log erst suchen müssen.

Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=f8009d04992daa4aa00f1d5ffdb9f188
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-13 01:53:13
# local_time=2011-09-13 03:53:13 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5121 16776573 100 82 62841238 68810219 0 0
# compatibility_mode=5892 16776574 100 45 114980350 153385637 0 0
# compatibility_mode=8192 67108863 100 0 216 216 0 0
# scanned=303881
# found=10
# cleaned=0
# scan_time=17061
C:\Program Files (x86)\EA\Bulletstorm\Binaries\Win32\xlive.dll        a variant of Win32/Packed.VMProtect.AAD trojan (unable to clean)        00000000000000000000000000000000        I
C:\ProgramData\VistaCodecs\{CE8A1292-3EE0-42E0-9C78-DB078E7165F2}\Vista Codec Package.msi        Win32/Packed.Autoit.E.Gen application (unable to clean)        00000000000000000000000000000000        I
C:\Qoobox\Quarantine\C\Users\Michael\kbloadCF.dll.vir        a variant of Win32/Kryptik.SQG trojan (unable to clean)        00000000000000000000000000000000        I
C:\Qoobox\Quarantine\C\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanjdiskb96.dll.vir        a variant of Win32/Kryptik.SQG trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\All Users\VistaCodecs\{CE8A1292-3EE0-42E0-9C78-DB078E7165F2}\Vista Codec Package.msi        Win32/Packed.Autoit.E.Gen application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\Desktop\Neuer Ordner\FH\CAD\HSS-1.30-install-anchorfree-76-conduit.zip        a variant of Win32/HotSpotShield application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\FH\1. Semester\CAD\HSS-1.30-install-anchorfree-76-conduit.zip        a variant of Win32/HotSpotShield application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Michael\Neuer Ordner\Adobe.Photoshop.CS5.Extended.v12.rar        NSIS/TrojanDownloader.Agent.NBW trojan (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\09022011_113136\C_Users\Michael\kbloadCF.dll        a variant of Win32/Kryptik.SQG trojan (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\09022011_113136\C_Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanjdiskb96.dll        a variant of Win32/Kryptik.SQG trojan (unable to clean)        00000000000000000000000000000000        I

Swisstreasure 14.09.2011 22:11
Zitat:
Photoshop.CS5
Originalversion?

RanaXT 15.09.2011 15:20
Keine Ahnung, muss eventuell von meinem Bruder sein, der beützt das Programm in der Schule. Weil installiert habe bzw. hatte ich Photoshop nie.

Swisstreasure 15.09.2011 17:54
Noch Probleme?

RanaXT 15.09.2011 18:41
Also ich kann nichts feststellen, aber das heist warsch. nicht viel^^

was heist eig. bei der logfile unable to clean?

zwischendrin mal danke für die zeit die du dir nimmst für mich :daumenhoc

Swisstreasure 16.09.2011 12:47
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die OTL.exe
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

RanaXT 17.09.2011 20:26
OTL:OTL Logfile:
Code:
OTL logfile created on: 17.09.2011 21:13:17 - Run 4
OTL by OldTimer - Version 3.2.27.0    Folder = C:\Users\Michael\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
5,96 Gb Total Physical Memory | 4,32 Gb Available Physical Memory | 72,41% Memory free
12,12 Gb Paging File | 10,14 Gb Available in Paging File | 83,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,31 Gb Total Space | 12,41 Gb Free Space | 6,66% Space Free | Partition Type: NTFS
Drive E: | 184,84 Gb Total Space | 171,18 Gb Free Space | 92,61% Space Free | Partition Type: NTFS
 
Computer Name: LT | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Michael\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\PROGRA~2\mcafee.com\agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
PRC - c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.)
PRC - c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Toshiba\TOSHIBA Web Camera Application\TWebCameraSrv.exe (TOSHIBA)
PRC - C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe (TOSHIBA Corporation.)
PRC - C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\Toshiba\TRCMan\TRCMan.exe (TOSHIBA Corporation)
PRC - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\RTCOM\RTCOMDLL.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
SRV - (camsvc) -- C:\Program Files (x86)\Toshiba\TOSHIBA Web Camera Application\TWebCameraSrv.exe (TOSHIBA)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (TNaviSrv) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (BBDemon) -- C:\Program Files (x86)\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe (Dassault Systemes)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys (Lavasoft AB)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (MPFP) -- C:\Windows\SysNative\Drivers\Mpfp.sys (McAfee, Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek                                            )
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\DRIVERS\thpdrv.sys (TOSHIBA Corporation)
DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\DRIVERS\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\DRIVERS\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\DRIVERS\pgeffect.sys (TOSHIBA Corporation)
DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\DRIVERS\tosrfnds.sys (TOSHIBA Corporation.)
DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\DRIVERS\Tosrfhid.sys (TOSHIBA Corporation.)
DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\Drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\Drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (NETw5v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (arcvad_ds2dhw) -- C:\Windows\SysNative\drivers\ArcVad.sys (ArcSoft, Inc.)
DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\DRIVERS\tosrfbd.sys (TOSHIBA CORPORATION)
DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys (EnTech Taiwan)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (mod7700) -- C:\Windows\SysNative\Drivers\dvb7700all.sys (DiBcom)
DRV:64bit: - (enecirhid) -- C:\Windows\SysNative\DRIVERS\enecirhid.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (enecirhidma) -- C:\Windows\SysNative\DRIVERS\enecirhidma.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\DRIVERS\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (tosporte) -- C:\Windows\SysNative\DRIVERS\tosporte.sys (TOSHIBA Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\DRIVERS\Thpevm.SYS (TOSHIBA Corporation)
DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\DRIVERS\tosrfec.sys (TOSHIBA Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.03.24 20:18:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.09.12 08:26:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.12 23:25:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.12 23:25:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.03.24 20:18:33 | 000,000,000 | ---D | M]
 
[2009.09.15 13:48:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Extensions
[2011.09.16 08:48:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\3v3a52fx.default\extensions
[2009.09.15 13:50:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\3v3a52fx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.20 15:48:39 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\3v3a52fx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.09.15 13:48:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.08.14 21:32:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.14 21:32:08 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.14 21:32:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.14 21:32:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.14 21:32:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.09.05 12:03:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\MSKAPB~1.DLL ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~2\mcafee\VIRUSS~1\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Programme\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [cfFncEnabler.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe (Toshiba Corporation)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -  File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30CF765A-FD14-477F-B8CC-DCCE3264146C}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75AA1371-8315-4730-955B-7135AE381425}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F02BBD11-BCAB-4C99-A96B-03702D52DEB5}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Michael\Pictures\Autos\2008-Abt-Audi-R8-Section-1920x1440.jpg
O24 - Desktop BackupWallPaper: C:\Users\Michael\Pictures\Autos\2008-Abt-Audi-R8-Section-1920x1440.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.12 23:05:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.09.05 12:07:41 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\temp
[2011.09.05 12:03:15 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011.09.05 11:06:08 | 004,194,092 | R--- | C] (Swearware) -- C:\Users\Michael\Desktop\ComboFix.exe
[2011.09.03 17:10:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.09.03 17:10:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.09.03 17:10:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.09.03 17:10:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.09.03 17:08:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.09.02 11:41:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Malwarebytes
[2011.09.02 11:40:59 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.09.02 11:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.09.02 11:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.09.02 11:40:54 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.09.02 11:40:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.09.02 11:31:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.09.02 09:43:50 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2011.09.02 09:31:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011.09.02 07:25:55 | 000,000,000 | ---D | C] -- C:\ProcAlyzer Dumps
[2011.09.01 09:07:32 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011.09.01 09:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.09.01 09:00:58 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2011.09.01 09:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011.09.01 09:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011.09.01 09:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011.08.28 19:18:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Lufec
[2011.08.28 11:30:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Native Instruments
[2011.08.28 11:29:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\{1D11E9B5-801D-4DE3-8A18-77AC160788F6}
[2011.08.28 11:27:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Native Instruments
[2011.08.28 11:27:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\{DCC412E7-393B-4016-91FB-9307F059AFB6}
[2011.08.28 11:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2011.08.28 11:27:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
[2011.08.28 11:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments
[2011.08.28 11:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
[2011.08.28 11:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments
[2011.08.23 14:07:42 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Users\Michael\AppData\Local\*.tmp files -> C:\Users\Michael\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.17 21:13:44 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.17 21:13:44 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.17 17:28:53 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc0f9c7af0cc20.job
[2011.09.17 17:19:50 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.09.17 17:19:50 | 000,628,742 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.09.17 17:19:50 | 000,595,996 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.09.17 17:19:50 | 000,126,454 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.09.17 17:19:50 | 000,104,070 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.09.17 17:13:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.17 17:13:33 | 2110,648,319 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.17 09:57:21 | 000,042,335 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2011.09.15 15:08:36 | 000,208,571 | ---- | M] () -- C:\Users\Michael\Documents\ts3_clientui-win32-12815-2011-09-15 15_08_35.159355.dmp
[2011.09.05 12:14:42 | 000,139,264 | ---- | M] () -- C:\Users\Michael\Desktop\SystemLook.exe
[2011.09.05 12:03:10 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.09.05 11:06:20 | 004,194,092 | R--- | M] (Swearware) -- C:\Users\Michael\Desktop\ComboFix.exe
[2011.09.02 17:39:26 | 000,302,592 | ---- | M] () -- C:\Users\Michael\Desktop\rkojfyxl.exe
[2011.09.02 11:40:59 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.02 09:57:28 | 000,672,398 | ---- | M] () -- C:\Users\Michael\Neue Bitmap.bmp
[2011.09.02 09:44:10 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2011.09.02 09:36:33 | 000,000,020 | ---- | M] () -- C:\Users\Michael\defogger_reenable
[2011.09.02 09:36:16 | 000,050,477 | ---- | M] () -- C:\Users\Michael\Desktop\Defogger.exe
[2011.09.02 09:31:42 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011.09.01 09:07:31 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011.09.01 09:07:28 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2011.09.01 09:01:00 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.08.28 11:29:06 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\Traktor 2.lnk
[2011.08.28 11:27:41 | 000,001,006 | ---- | M] () -- C:\Users\Public\Desktop\Controller Editor.lnk
[2011.08.28 11:27:18 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\Service Center.lnk
[2011.08.23 14:07:42 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.08.20 19:05:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cc0f9c7bb5a2c0.job
[1 C:\Users\Michael\AppData\Local\*.tmp files -> C:\Users\Michael\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.15 15:08:35 | 000,208,571 | ---- | C] () -- C:\Users\Michael\Documents\ts3_clientui-win32-12815-2011-09-15 15_08_35.159355.dmp
[2011.09.05 12:14:42 | 000,139,264 | ---- | C] () -- C:\Users\Michael\Desktop\SystemLook.exe
[2011.09.03 17:10:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.09.03 17:10:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.09.03 17:10:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.09.03 17:10:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.09.03 17:10:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.09.02 17:39:24 | 000,302,592 | ---- | C] () -- C:\Users\Michael\Desktop\rkojfyxl.exe
[2011.09.02 11:40:59 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.02 09:54:33 | 000,672,398 | ---- | C] () -- C:\Users\Michael\Neue Bitmap.bmp
[2011.09.02 09:36:33 | 000,000,020 | ---- | C] () -- C:\Users\Michael\defogger_reenable
[2011.09.02 09:36:11 | 000,050,477 | ---- | C] () -- C:\Users\Michael\Desktop\Defogger.exe
[2011.09.02 09:30:36 | 000,001,773 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011.09.01 10:00:11 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2011.09.01 09:01:00 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.08.28 11:29:06 | 000,000,914 | ---- | C] () -- C:\Users\Public\Desktop\Traktor 2.lnk
[2011.08.28 11:27:41 | 000,001,006 | ---- | C] () -- C:\Users\Public\Desktop\Controller Editor.lnk
[2011.08.28 11:27:18 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\Service Center.lnk
[2010.09.20 20:17:14 | 000,000,680 | ---- | C] () -- C:\Users\Michael\AppData\Local\d3d9caps.dat
[2010.06.10 10:58:26 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.04.29 00:10:41 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2010.04.12 18:10:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.07 15:58:09 | 000,088,872 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.09.22 21:12:53 | 000,024,226 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\UserTile.png
[2009.09.17 08:27:20 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2009.09.15 14:06:01 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.09.15 14:05:30 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.09.15 14:04:53 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.09.15 13:48:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.09.15 13:35:41 | 000,113,664 | ---- | C] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.05 11:33:25 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009.09.05 11:09:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.06.05 09:12:14 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008.09.02 02:32:38 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

< End of report >
--- --- ---



Xtras im nächsten

RanaXT 17.09.2011 20:29
Code:
OTL Extras logfile created on: 17.09.2011 21:13:17 - Run 4
OTL by OldTimer - Version 3.2.27.0    Folder = C:\Users\Michael\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
5,96 Gb Total Physical Memory | 4,32 Gb Available Physical Memory | 72,41% Memory free
12,12 Gb Paging File | 10,14 Gb Available in Paging File | 83,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,31 Gb Total Space | 12,41 Gb Free Space | 6,66% Space Free | Partition Type: NTFS
Drive E: | 184,84 Gb Total Space | 171,18 Gb Free Space | 92,61% Space Free | Partition Type: NTFS
 
Computer Name: LT | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = EF 26 75 6F 67 37 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{30AB2E34-91D0-41DF-8D1E-8CF5E87EE8DB}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{33A76FF0-14E4-4322-BA14-370E441D3D96}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3AAAE572-7FE0-420E-8B3E-58659E775226}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3C49EAD0-4C6E-407F-B069-6A58E26F7A4E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4458F6DF-0FF1-44E4-8713-0F38EAE0ACEB}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{6057A745-F9CA-49D2-8625-2CD580F6A29E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{62668B26-4373-40B5-A79E-A48EC5ED539C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{62AD9F53-FDF4-40A4-9159-F3CD1AD036D7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{651B1658-6C53-4CBE-A376-DF1133BE7717}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6566AC7D-6143-441B-913A-2E7EA646292D}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{7FCD7646-8E09-4FC1-8FFF-D895194C394E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{82BB9AC6-CE18-4571-BF9C-5A4251334139}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{864D05E7-F827-4621-99C8-FA09676157E4}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{93100A1F-7064-4F01-B368-42B423EB2BF8}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{97723914-3108-4E8A-8CA7-50DAC84A322D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{98576A26-CE6D-4E38-B43B-25568EAECCCF}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A05CC2C1-B5E1-409D-8721-36E7793F4BD8}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A69DBB22-8F7D-4210-8AEC-957429844F27}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A76ABA2C-BD05-485F-8583-33CF30984C07}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{AB9287E3-18D9-4BB3-B609-915FBE9637CB}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{ABF403C1-7EA5-4736-A9A7-24A844854F04}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AE995937-20BA-4FA6-8232-700927921ABC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BDE3E1C1-2BAB-4FDB-9B5B-55F9B4789399}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D33EEB3C-7477-4608-9003-152D951835D7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E2583D51-45ED-48F9-BC37-3D7AD68929CC}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{E430FFA2-B511-4CAE-875A-5D16D51287D5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EA91585D-28B9-4257-B320-200594C2DED1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EF1D5A6F-F2E8-4BDE-B702-AD3AD92AA8ED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EF2FEE36-7756-4D7B-B8D2-C59AAF02622A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0451EA40-7B4F-4DB5-A530-24DB6EF0B8CE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{04B96519-78DC-438E-B08D-4AE8297C4651}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{08930114-AF35-4F4C-8C28-75E8140AA840}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0AF90451-54AF-45C2-AB2C-C96F5D5935C3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0C86433F-84AF-423B-8146-F04110321BE5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0EFAF15D-AFCB-4599-8AF2-80BFE1F8793A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{11B49E0E-D522-4041-9792-01C0ED187693}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{157404BE-4ED6-4DB3-9FCA-2544CE7D4A8E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{17E5D8A6-1760-4779-9C9F-70C65CD30310}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1AA4408F-B31E-4203-80BE-60A15FFB7052}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{21CBF99B-3071-4B94-98D6-017FF63FE93C}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{2215B97D-E1F6-4791-A112-9F33E9C1E3BF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2DEF13EA-959D-486A-80EE-5085B25044CA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2DF73C05-8CC1-4BCD-8B93-DA8C69144C03}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2FBFBEE0-3383-49D7-A73C-F3B1E7D66D26}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\mathematica.exe |
"{36B23B28-46B4-4228-8ABD-F2F9336BC5C2}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steam.exe |
"{4017ED81-B8C5-4678-9228-52D9EDED6B54}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\the_schnupfer\counter-strike source\hl2.exe |
"{42FA24EC-F4CC-45E5-AA81-8B1136525696}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{435BEB7F-8A45-4B73-8F53-A671338BD966}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{455046CF-7C11-4AAE-8547-45C4F6108E00}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\math.exe |
"{48FCB578-CB89-40C3-92F0-8FE40CD1AC57}" = protocol=6 | dir=out | app=system |
"{4B311864-13C5-477B-804A-8D5D5DA1F07E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4C349FD0-6DEB-419D-9B9C-858C2456D775}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{50661327-74C8-4E3A-AFF4-C56CC3E6AA1D}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\mathkernel.exe |
"{508E5D4B-E813-4C3B-B1FF-E451BB7497F1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5355C14A-5EA6-4D8A-85DB-6E050F8185EB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{559CB2A7-39D7-492B-9E5F-0E11345559CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5C0C649D-9D55-4229-8255-7914AB75E540}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5F5C2138-4759-48A0-A877-2917C4A47097}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\the_schnupfer\counter-strike source\hl2.exe |
"{61DC6730-E595-422F-AE86-F4AB587BEF05}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6A99FB8E-63B0-47C9-B483-E642934EADCD}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6C665F3E-C5DA-430B-BFE5-1F314FBA177B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6FBD32BC-9555-44AB-81F9-7449F3EB2DCA}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{74F9C140-F18F-43FF-9F03-7F0F017D382F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7D631655-93BF-4A83-82DE-279B606BDA94}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7FC2ECF8-2EC4-4EE6-89B4-71903B16FBDA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{874F73F7-C41C-4C4C-ACDB-1CFDF5A25701}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\math.exe |
"{9338697A-5D42-4957-B6F0-E274FF679DCC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9AF8BB94-381A-4703-A831-FCC4573F7010}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9C79126E-FFBA-4F25-BA87-93A799B78AF2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9DC762DA-7550-4867-AB99-5220CF0BA2BA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9E96BAD9-A0C5-4C66-A28F-4D527C61553C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A74F8D9C-0F97-446F-87CF-12ECD281E8E5}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\mathematica.exe |
"{AF06F909-7C7C-47DC-9EB4-35C6799D84BB}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\the_schnupfer\counter-strike source\hl2.exe |
"{B4E17444-3CE5-49C3-A506-7E74EFD7B386}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B4F9AF19-9BDF-4637-8072-D3BAC7D47C40}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C40696AD-B2A1-4C27-A1A9-EEE290D83BF9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C8E76A81-623C-4F48-905C-A1CEE83D5E62}" = protocol=17 | dir=in | app=c:\program files (x86)\ea\bulletstorm\binaries\win32\shippingpc-stormgame.exe |
"{CA317A38-1E89-4C74-A30B-7B20D13DF85C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CB42EAA0-ECD0-4B8A-B621-AB72939323D8}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{CDDE8B17-B5AD-4797-9FA9-B45CA4AF3A01}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D2D1C873-5E12-41B6-9A23-9025766791E4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D5D55C6B-FBD3-415A-B475-6DBEE0300CD3}" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\frozen throne.exe |
"{D6182BCD-96C2-48FF-9E4D-EF33648F744E}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\the_schnupfer\counter-strike source\hl2.exe |
"{DB021ABE-5DB7-49FE-B3AF-0220E60697F4}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{DD29AAE3-98F6-4B65-A720-D8BF1F40186D}" = protocol=6 | dir=in | app=c:\program files (x86)\ea\bulletstorm\binaries\win32\shippingpc-stormgame.exe |
"{DFB83343-386C-4C9B-AAC8-D7882F1FD4DF}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\mathkernel.exe |
"{E1D1942C-B868-43DA-AAEE-98F8A45C8EAA}" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\frozen throne.exe |
"{E23D9257-73FB-4A05-A926-8E8BBEFD23C4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E41E3A72-5F2C-48FF-86EE-E1312CC1F644}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E5C1D788-B5F7-4499-B030-F9E586963A2B}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steam.exe |
"{E61CC3FF-7584-4B12-ABC3-711B2F9145F6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E67B5E6C-1A41-437D-AA5F-7C2B318C8886}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F4AE1C9E-F5AE-48D7-8AC3-A3EBCA2F87B1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F65FFE92-7198-44A6-9282-1ADDAA6B8C76}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB3B3BA4-7035-442F-A325-44D7288947F3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FD420FB2-EF9A-41EA-A1DE-6F7B0BBC8271}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{FFD0A82D-C0E0-4FB8-8F39-54FC89318367}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"TCP Query User{0ACE4EEB-3F06-4224-B17B-BDB216570CD7}C:\program files (x86)\dassault systemes\b18\intel_a\code\bin\orbixd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dassault systemes\b18\intel_a\code\bin\orbixd.exe |
"TCP Query User{378A8F27-29DB-4F4E-92E3-F833093A436A}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{588AFC31-D340-435E-9B45-9A748B5D9D49}C:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{73A89CAC-B94D-446C-8E68-D14F124BB814}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{73BA56A8-C969-452F-88E5-E54D11441384}C:\program files (x86)\activision\modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mp.exe |
"TCP Query User{7C9A2285-D3D4-47B3-B9E1-940C5128C7BA}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{B5679D85-D148-4D4E-9586-6E342D5A82AD}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{CDB094BB-3956-44D8-BAED-52E5CC9A2816}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"TCP Query User{D05B6420-8F76-4988-AD56-5B807211B071}C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe" = protocol=6 | dir=in | app=c:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe |
"TCP Query User{D1105088-B2AA-412E-BDDE-C04B9105B6C7}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"TCP Query User{EA936FB9-CB44-46A9-B5F4-933AE58DBBDC}C:\program files (x86)\dassault systemes\b18\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dassault systemes\b18\intel_a\code\bin\cnext.exe |
"TCP Query User{FA0C1EE8-6E22-4E1A-B714-4625AD24F16C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{075931E8-8856-4DCE-86A5-CBCE0BBF51F3}C:\program files (x86)\activision\modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mp.exe |
"UDP Query User{10BC8D8B-7572-4426-958D-953FD4B593E1}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"UDP Query User{2DA0CCD8-8EDB-4688-B8A2-5DBD4A558FFF}C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe" = protocol=17 | dir=in | app=c:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe |
"UDP Query User{5C341CB3-B6D6-4F14-BBD8-D79B7001B046}C:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{6AE41B36-0A9A-4837-9CCB-3D76780402ED}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{84EF3A31-E653-400F-8D05-291A3F11FE17}C:\program files (x86)\dassault systemes\b18\intel_a\code\bin\orbixd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dassault systemes\b18\intel_a\code\bin\orbixd.exe |
"UDP Query User{9EF21E5A-C644-4658-A18C-44A2A542C9A6}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"UDP Query User{A4F22C69-7F97-4CB3-9E46-D9F9921C1AD8}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{A6074FD2-4F7C-4D7F-AF83-1BE8943FC6B4}C:\program files (x86)\dassault systemes\b18\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dassault systemes\b18\intel_a\code\bin\cnext.exe |
"UDP Query User{A879F445-1E00-4072-A7BC-D9C79DFE38D8}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{A9325182-3299-4467-BF60-A98749735DC6}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{B38CF8A4-011E-4CDC-85ED-182D40153CDC}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series" = Canon MX310 series
"{190A60F1-2FEE-0A11-7D37-D8607809CC39}" = ATI Catalyst Install Manager
"{23B45E10-0CA5-43E9-BD6D-C2BD6CBE11AC}" = iTunes
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5B7A62FB-E8EA-974A-DB49-4000AA3AE422}" = ccc-utility64
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}" = PlayReady PC runtime
"{82B2394D-F5CC-42F0-8DC1-48B3CAA382CC}" = Dassault Systemes Software Prerequisites x86-x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{EB31619C-00FF-4840-82A1-83332C27072E}" = TOSHIBA TV Tuner
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"0E3DD979C5E85A66B9E84D16EFD334748B3B5DA4" = Windows-Treiberpaket - TOSHIBA (mod7700) Media  (08/12/2008 2.3.3.24)
"703AB19C282B6ED3F1D3CE92F8DAA864B68A7C91" = ENE CIR Receiver Driver
"CanonMyPrinter" = Canon My Printer
"Dassault Systemes B18_0" = Dassault Systemes Software B18
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"M-WIN-G 7.0.1 1213989_is1" = Wolfram Mathematica 7 for Students (M-WIN-G 7.0.1 1213989)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{06223EA1-8977-4A44-B2AB-30FD78B7DCC1}" = CCC Help Thai
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{0CF37D58-38A8-E03F-8DD8-B01B55C09615}" = CCC Help English
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{27349465-3521-8214-5311-286D806C86C3}" = CCC Help Dutch
"{28191B83-1D60-44B6-9B08-E854EF6632D5}" = Ovi Desktop Sync Engine
"{32762866-8C6E-437E-1E79-4506FEB7323A}" = Catalyst Control Center Graphics Full Existing
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3CAF2B2D-0DA3-7BD6-6701-E3D71992DB78}" = Catalyst Control Center Localization All
"{3D0DC563-4C99-4AB1-8C22-514940666938}" = Catalyst Control Center - Branding
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3FC42713-B6E7-49AA-A553-A224FE9828A8}" = Nokia Ovi Suite
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{45633D5F-76CE-B1D7-325B-A3F329AA99DB}" = Catalyst Control Center InstallProxy
"{4786E500-4FA0-C30F-D4E8-0E3D70D86227}" = CCC Help Swedish
"{4F147AEF-790D-DBE2-5830-94D90C02AC24}" = Catalyst Control Center Graphics Full New
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5985DD7D-67F4-DD15-8589-B3F43C4A111D}" = CCC Help Chinese Traditional
"{5D264375-3E92-7D10-F219-3536F5BAE7BA}" = CCC Help Japanese
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F98C4EE-879F-232C-3F44-0BBFAB6A29D4}" = CCC Help Polish
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{61F8A9EC-5CB4-0001-FF88-C469156BA14C}" = CCC Help German
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67830C2E-0345-7CE7-3829-8AB3D34E3AEB}" = CCC Help Turkish
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A9B4C2D-E651-6DD7-EC1D-AF331F250AB8}" = ccc-core-static
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DEEDB89-D449-B985-4E0E-91D45AF66DFF}" = CCC Help Spanish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7513A376-16F0-7E53-5CA1-7DA10A6216BC}" = CCC Help Danish
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Disk Creator Reminder
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{811EF3A7-0861-0B8F-5432-3052E8230DC0}" = Catalyst Control Center Graphics Light
"{8259E348-50E8-A3C8-52B8-699DFDD31BA8}" = CCC Help Finnish
"{85E4952C-8C85-A58D-B9D9-783D1FADB775}" = Skins
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8866BCB3-3818-4C66-83BC-92006B5EFE50}" = ArcSoft Magic-i Visual Effects 2
"{8921F4ED-A696-D629-45E6-45A43A0F4FF0}" = CCC Help Czech
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98C70B57-4930-7088-22F4-93FC196938D0}" = CCC Help Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6137721-B2D0-1DAF-0B19-12AB0D065C45}" = Catalyst Control Center Core Implementation
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC1A4255-0EC8-585B-2D1A-8306C07F2B91}" = CCC Help Hungarian
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AEE65D6C-EDF4-B3E1-00CD-B17A6FC6BC6A}" = CCC Help Italian
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B9F119C0-6886-A250-BF18-3ABEAA26F6A5}" = CCC Help Korean
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{DB64C016-1705-36E9-1AEA-C2D4738BDE9A}" = CCC Help Norwegian
"{DB7AE42C-695D-4D36-A8FA-31A1C6454436}" = Nokia PC-Internetzugang
"{DE2E45A2-31B1-7D26-2701-B1244763DE10}" = CCC Help Portuguese
"{E16087F4-3CE3-B644-A5F5-503F55F34CC0}" = CCC Help Russian
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E4FD13E2-1638-A5B8-E28A-54D39F13D747}" = Catalyst Control Center Graphics Previews Vista
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}" = TOSHIBA ConfigFree
"{F0E4A500-34B5-E8B7-FC2C-3726A0577AAD}" = CCC Help French
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F34009E9-6EA5-F0D2-4D7D-A9CE421908B6}" = CCC Help Greek
"{F6C0D92C-7EBC-4CEE-A0DD-BCE6ADB50E22}" = PARTcommunity 3D Web Viewer
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FB32F52B-0D1C-4214-91A6-5B2DA15A5238}" = Ad-Aware
"{FB9607C0-17B8-42B8-BB99-A1C9F7038363}" = Wolfram Notebook Indexer 2.0
"{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}" = TOSHIBA Remote Control Manager
"AC3Filter_is1" = AC3Filter 1.63b
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"Canon MX310 series Benutzerregistrierung" = Canon MX310 series Benutzerregistrierung
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DAEMON Tools Pro" = DAEMON Tools Pro
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"FLV Player" = FLV Player 2.0 (build 25)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Studio_is1" = Free Studio version 5.1.2
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"hon" = Heroes of Newerth
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Disk Creator Reminder
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.6.22)" = Mozilla Firefox (3.6.22)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSC" = McAfee SecurityCenter
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor 2" = Native Instruments Traktor 2
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Internet Access" = Nokia PC-Internetzugang
"OpenAL" = OpenAL
"PDF Editor 3" = PDF Editor 3
"Picasa2" = Picasa 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"Warcraft III" = Warcraft III
"WildTangent toshiba Master Uninstall" = WildTangent-Spiele
"Windows Mobile Device Handbook" = Windows Mobile®-Gerätehandbuch
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.05.2011 05:20:06 | Computer Name = LT | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 14e8  Anfangszeit: 01cc107ceb624f59  Zeitpunkt
 der Beendigung: 47
 
Error - 12.05.2011 13:38:37 | Computer Name = LT | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: fd0  Anfangszeit: 01cc10cb1b375b80  Zeitpunkt
 der Beendigung: 14
 
Error - 12.05.2011 13:39:59 | Computer Name = LT | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 19f0  Anfangszeit: 01cc10cb5abaf870  Zeitpunkt
 der Beendigung: 27
 
Error - 12.05.2011 13:42:34 | Computer Name = LT | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: a84  Anfangszeit: 01cc10c4d2c23880  Zeitpunkt
 der Beendigung: 0
 
Error - 13.05.2011 05:32:53 | Computer Name = LT | Source = WinMgmt | ID = 10
Description =
 
Error - 13.05.2011 06:47:45 | Computer Name = LT | Source = WinMgmt | ID = 10
Description =
 
Error - 15.05.2011 13:40:58 | Computer Name = LT | Source = WinMgmt | ID = 10
Description =
 
Error - 15.05.2011 15:38:55 | Computer Name = LT | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Michael\Downloads\SoftonicDownloader_for_web-page-maker.exe".
 Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die
 widersprüchlichen Komponenten sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
 
Error - 15.05.2011 16:32:26 | Computer Name = LT | Source = RasClient | ID = 20227
Description =
 
Error - 15.05.2011 16:56:45 | Computer Name = LT | Source = RasClient | ID = 20227
Description =
 
[ Media Center Events ]
Error - 22.02.2011 15:14:47 | Computer Name = LT | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (6124.1128)
 
Error - 22.02.2011 15:14:47 | Computer Name = LT | Source = MCUpdate | ID = 0
Description =    Serververbindung konnte nicht hergestellt werden.. (6124.1129)
 
Error - 10.03.2011 07:10:05 | Computer Name = LT | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (4744.1128)
 
Error - 10.03.2011 07:10:05 | Computer Name = LT | Source = MCUpdate | ID = 0
Description =    Serververbindung konnte nicht hergestellt werden.. (4744.1129)
 
Error - 04.04.2011 07:57:17 | Computer Name = LT | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (5616.1128)
 
Error - 04.04.2011 07:57:17 | Computer Name = LT | Source = MCUpdate | ID = 0
Description =    Serververbindung konnte nicht hergestellt werden.. (5616.1129)
 
Error - 04.04.2011 09:21:26 | Computer Name = LT | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (5776.1128)
 
Error - 04.04.2011 09:21:26 | Computer Name = LT | Source = MCUpdate | ID = 0
Description =    Serververbindung konnte nicht hergestellt werden.. (5776.1129)
 
Error - 04.04.2011 10:52:46 | Computer Name = LT | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (2204.1128)
 
Error - 04.04.2011 10:52:46 | Computer Name = LT | Source = MCUpdate | ID = 0
Description =    Serververbindung konnte nicht hergestellt werden.. (2204.1129)
 
[ OSession Events ]
Error - 20.09.2010 08:14:41 | Computer Name = LT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 16422
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 08.07.2011 04:40:19 | Computer Name = LT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 24
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 17.09.2011 03:25:36 | Computer Name = LT | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD/MMC Host Controller" (PCI\VEN_197B&DEV_2382&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&00E5)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 17.09.2011 03:25:36 | Computer Name = LT | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD Host Controller" (PCI\VEN_197B&DEV_2381&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&02E5)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 17.09.2011 03:25:36 | Computer Name = LT | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X MS Host Controller" (PCI\VEN_197B&DEV_2383&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&03E5)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 17.09.2011 03:25:37 | Computer Name = LT | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X xD Host Controller" (PCI\VEN_197B&DEV_2384&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&04E5)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 17.09.2011 11:13:44 | Computer Name = LT | Source = Microsoft-Windows-TaskScheduler | ID = 412
Description =
 
Error - 17.09.2011 11:15:19 | Computer Name = LT | Source = Service Control Manager | ID = 7026
Description =
 
Error - 17.09.2011 11:18:31 | Computer Name = LT | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD/MMC Host Controller" (PCI\VEN_197B&DEV_2382&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&00E5)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 17.09.2011 11:18:31 | Computer Name = LT | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD Host Controller" (PCI\VEN_197B&DEV_2381&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&02E5)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 17.09.2011 11:18:32 | Computer Name = LT | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X MS Host Controller" (PCI\VEN_197B&DEV_2383&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&03E5)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 17.09.2011 11:18:32 | Computer Name = LT | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X xD Host Controller" (PCI\VEN_197B&DEV_2384&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&04E5)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
 
< End of report >

RanaXT 15.10.2011 12:28
ich wollte mal fragen ob jetzt noch etwas ist, da jetzt mal ne zeit lang nichts gekommen ist.

Swisstreasure 18.10.2011 20:24
Sorry, Dein Thread ist unter gegangen :(
Hattest Du wieder Probleme?

RanaXT 06.11.2011 22:10
Ok also nach langem Warten muss ich feststellen, dass immer noch etwas nicht stimmt. Bekomme jetzt öfter von Windows Aufforderungen zum zulassen einer gestarteten Anwendung bzw. Installation. Also muss leider noch etwas da sein, im übrigen sind im systemstart schon wieder 2 komische Prozesse :(

Swisstreasure 07.11.2011 13:34
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop
  • Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
  • Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
  • ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
  • Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.
**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

http://i94.photobucket.com/albums/l8...eWHKonsole.jpg

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

http://i94.photobucket.com/albums/l8...nstalliert.jpg

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.

RanaXT 07.11.2011 17:44
Angehängt als zip.

RanaXT 08.11.2011 11:11
Hab heute eine Mail von gmx bekommen: Ihr Account: "geändert"
Unsere Referenz: [Ticket AB34039078]
Hinweis: Ihr Name in der Anrede zeigt Ihnen, dass diese Nachricht tatsächlich
von GMX verschickt wurde.

Sehr geehrte/r Herr Michael Heider,

Sie erhalten heute eine dringende Nachricht zu Ihrem GMX Account
michael-heider@gmx.at und der Sicherheit Ihrer persönlichen Daten.

Unser Team von Sicherheitsexperten hat zwei wichtige Informationen für Sie:

- Ein Virus hat das Passwort zu Ihrem GMX Account ausgespäht.

- Dieser Virus heißt "Zeus" und befindet sich wahrscheinlich auf Ihrem
Computer.

In dieser E-Mail finden Sie alle notwendigen Informationen, um die Sicherheit
Ihres Postfaches und Ihres Computers wiederherzustellen.

***************************************************************************
WICHTIG: Von dem Virus "Zeus" geht eine erhebliche Gefahr aus. Er spioniert
Passwörter und Bank-Daten aus und leitet sie an seine Urheber weiter. Nach und
nach plündern die Angreifer anschließend mithilfe der Bank-Daten die Konten
ihrer Opfer aus. Sie möchten mehr über diesen Virus erfahren? Einen Bericht zu
diesem Virus finden Sie im 1&1 Blog unter:
hxxp://blog.1und1.de/2010/02/11/11-schuetzt-internetnutzer-vor-trojaner-zeus/
***************************************************************************

Und so gewinnen Sie den Kampf gegen Zeus:

***************************************************************************
1. Ändern Sie das Passwort zu Ihrem GMX Account:
***************************************************************************
Loggen Sie sich von einem sicheren Computer in Ihren GMX Account ein und ändern
Sie Ihr Passwort.

Weitere Hinweise finden Sie hier: GMX - FAQ - Wie ndere ich mein Passwort?

***************************************************************************
2. Erkennen Sie, welcher Computer mit dem Virus Zeus infiziert ist:
***************************************************************************
Haben Sie in den letzten Tagen über unterschiedliche Computer auf Ihr
Postfach zugegriffen? Dann hilft Ihnen die folgende Angabe dabei den betroffenen
Computer zu finden:

Sie haben den Computer zum folgenden Zeitpunkt benutzt: 05.11.2011 11:59:04 Uhr

***************************************************************************
3. Löschen Sie den Virus:
***************************************************************************
Der Virus Zeus nimmt tiefgreifende Veränderungen im Betriebssystem des Computers
vor. Da eine Anti-Viren-Software auf dem Betriebssystem läuft, ist es sehr
schwierig diesen Virus mit einer Software zu entfernen.

Wir empfehlen Ihnen daher, den betroffenen Computer neu zu installieren.

TIPP: Allgemeine Unterstützung bei Virus-Infektionen erhalten vom
Anti-Botnet-Beratungszentrum der deutschen Initiative botfrei.de.

Sie erreichen die Experten des Anti-Botnet-Beratungszentrums unter der folgenden
Rufnummer: 0209 - 605 060

Wichtig: Geben Sie bei Ihrem Anruf bitte die folgende Voucher-Nummer an:
01-34039078

***************************************************************************
4. Ändern Sie anschließend alle Ihre Passwörter:
***************************************************************************
Nachdem Sie den Virus erfolgreich entfernt haben, ändern Sie zur Sicherheit das
Passwort zu Ihrem GMX Account erneut.

Ändern Sie auch alle Ihre anderen Passwörter. Denken Sie an Ihre Passwörter zu:
- Ihrem Online-Banking-Zugang
- Ihren Konten bei eBay und Paypal
- Ihren anderen E-Mail-Konten

***************************************************************************
5. Sichern Sie Ihren Computer für die Zukunft:
***************************************************************************
Um Ihren Computer zukünftig optimal zu schützen, empfehlen wir Ihnen die
Installation einer professionellen Anti-Viren-Software, wie dem GMX
SicherheitsPaket. Weitere Informationen finden Sie unter:

GMX - SicherheitsPaket

***************************************************************************

Haben Sie noch Fragen an uns? Dann antworten Sie einfach auf diese E-Mail und
belassen bitte unsere Referenz [Ticket AB34039078] in Ihrer Nachricht.

Wir freuen uns, mit Ihnen gemeinsam für die Sicherheit Ihres Accounts zu
sorgen - vielen Dank für Ihre Mitarbeit!

Mit freundlichen Grüßen

Ihr Abuse-Team

--
Abuse-Abteilung
GMX


Ist das was ernstes? oder stimmt es gar nicht?

Swisstreasure 08.11.2011 22:28
Schritt 1

Dowloade Dir bitte TDSSKiller.exe und speichere die Datei am Desktop.
  • Schließe alle laufenden Programme.
  • Trenne dich von Internet.
  • Deaktiviere deine AntiViren Software.
  • Starte TDSSkiller.exe mit Doppelklick.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Drücke auf Start scan.
    Mache während dem Scan nichts am Rechner
    1. Sollte das Tool keine Funde aufweisen, klicke Close um es zu schließen.
    2. Wurde etwas gefunden werden die Funde in Scan results - Select action for found objects angezeigt und geben 3 Auswahlmöglichkeiten.
      Gehe sicher das Cure ( default ) angehackt ist ! Drücke Continue --> Reboot.
  • Die Logfile ist nach dem Neustart auf deinem Systemlaufwerk ( meist C: ) unter TDSSKiller_version_date_time_log.txt zu finden.
  • Bitte poste mir den Inhalt hier in deinen Thread.
Bebilderte Anleitung zur Benutzung von TDSSKiller.


Schritt 2

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

RanaXT 09.11.2011 18:02
TDSSKiller hat nichts gefunden aber hier die log:

17:33:46.0905 3596 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
17:33:46.0928 3596 ============================================================
17:33:46.0928 3596 Current date / time: 2011/11/09 17:33:46.0928
17:33:46.0928 3596 SystemInfo:
17:33:46.0928 3596
17:33:46.0928 3596 OS Version: 6.0.6002 ServicePack: 2.0
17:33:46.0928 3596 Product type: Workstation
17:33:46.0929 3596 ComputerName: LT
17:33:46.0929 3596 UserName: Michael
17:33:46.0929 3596 Windows directory: C:\Windows
17:33:46.0929 3596 System windows directory: C:\Windows
17:33:46.0929 3596 Running under WOW64
17:33:46.0929 3596 Processor architecture: Intel x64
17:33:46.0929 3596 Number of processors: 2
17:33:46.0929 3596 Page size: 0x1000
17:33:46.0929 3596 Boot type: Normal boot
17:33:46.0929 3596 ============================================================
17:33:47.0274 3596 Initialize success
17:34:05.0818 5716 ============================================================
17:34:05.0818 5716 Scan started
17:34:05.0818 5716 Mode: Manual;
17:34:05.0818 5716 ============================================================
17:34:06.0507 5716 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
17:34:06.0510 5716 ACPI - ok
17:34:06.0659 5716 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
17:34:06.0669 5716 adp94xx - ok
17:34:06.0805 5716 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
17:34:06.0813 5716 adpahci - ok
17:34:06.0940 5716 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
17:34:06.0944 5716 adpu160m - ok
17:34:07.0068 5716 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
17:34:07.0074 5716 adpu320 - ok
17:34:07.0251 5716 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
17:34:07.0262 5716 AFD - ok
17:34:07.0452 5716 AgereSoftModem (e59bc94c0fc336f2f6a07a7e16441c48) C:\Windows\system32\DRIVERS\agrsm64.sys
17:34:07.0477 5716 AgereSoftModem - ok
17:34:07.0609 5716 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
17:34:07.0611 5716 agp440 - ok
17:34:07.0734 5716 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
17:34:07.0738 5716 aic78xx - ok
17:34:07.0872 5716 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
17:34:07.0874 5716 aliide - ok
17:34:08.0008 5716 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
17:34:08.0010 5716 amdide - ok
17:34:08.0157 5716 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
17:34:08.0159 5716 AmdK8 - ok
17:34:08.0353 5716 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
17:34:08.0357 5716 arc - ok
17:34:08.0492 5716 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
17:34:08.0495 5716 arcsas - ok
17:34:08.0531 5716 ArcSoftKsUFilter (1ce3822b05a5e229286a15ea39369870) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
17:34:08.0532 5716 ArcSoftKsUFilter - ok
17:34:08.0631 5716 arcvad_ds2dhw (a1ce3ed832ef7c903ada43a64356b76d) C:\Windows\system32\drivers\ArcVad.sys
17:34:08.0634 5716 arcvad_ds2dhw - ok
17:34:08.0763 5716 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
17:34:08.0765 5716 AsyncMac - ok
17:34:08.0885 5716 atapi (b388797caab36d523840347cc6a39b96) C:\Windows\system32\drivers\atapi.sys
17:34:08.0886 5716 atapi - ok
17:34:09.0171 5716 atikmdag (c28928becd9d35248c2a6cb18032cacc) C:\Windows\system32\DRIVERS\atikmdag.sys
17:34:09.0201 5716 atikmdag - ok
17:34:09.0303 5716 Beep - ok
17:34:09.0415 5716 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
17:34:09.0416 5716 blbdrive - ok
17:34:09.0520 5716 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
17:34:09.0521 5716 bowser - ok
17:34:09.0629 5716 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
17:34:09.0630 5716 BrFiltLo - ok
17:34:09.0736 5716 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
17:34:09.0737 5716 BrFiltUp - ok
17:34:09.0882 5716 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
17:34:09.0884 5716 Brserid - ok
17:34:10.0000 5716 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
17:34:10.0003 5716 BrSerWdm - ok
17:34:10.0104 5716 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
17:34:10.0106 5716 BrUsbMdm - ok
17:34:10.0201 5716 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
17:34:10.0203 5716 BrUsbSer - ok
17:34:10.0355 5716 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
17:34:10.0357 5716 BTHMODEM - ok
17:34:10.0398 5716 catchme - ok
17:34:10.0501 5716 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
17:34:10.0504 5716 cdfs - ok
17:34:10.0610 5716 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
17:34:10.0612 5716 cdrom - ok
17:34:10.0734 5716 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
17:34:10.0737 5716 circlass - ok
17:34:10.0859 5716 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
17:34:10.0867 5716 CLFS - ok
17:34:11.0027 5716 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
17:34:11.0028 5716 CmBatt - ok
17:34:11.0130 5716 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
17:34:11.0134 5716 cmdide - ok
17:34:11.0275 5716 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
17:34:11.0276 5716 Compbatt - ok
17:34:11.0356 5716 cpuz130 - ok
17:34:11.0445 5716 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
17:34:11.0446 5716 crcdisk - ok
17:34:11.0577 5716 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
17:34:11.0578 5716 DfsC - ok
17:34:11.0714 5716 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
17:34:11.0716 5716 disk - ok
17:34:11.0834 5716 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
17:34:11.0835 5716 drmkaud - ok
17:34:11.0975 5716 dtsoftbus01 (1cecd1252261153c7873b5d9eb259d65) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:34:11.0977 5716 dtsoftbus01 - ok
17:34:12.0105 5716 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
17:34:12.0118 5716 DXGKrnl - ok
17:34:12.0262 5716 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
17:34:12.0266 5716 E1G60 - ok
17:34:12.0368 5716 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
17:34:12.0371 5716 Ecache - ok
17:34:12.0504 5716 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
17:34:12.0514 5716 elxstor - ok
17:34:12.0638 5716 enecir (cd0c80e5e9a9bf8dd145f43713d77993) C:\Windows\system32\DRIVERS\enecir.sys
17:34:12.0640 5716 enecir - ok
17:34:12.0729 5716 enecirhid (b0b0c493609e40bd9e1b8f2aa9ccbedc) C:\Windows\system32\DRIVERS\enecirhid.sys
17:34:12.0730 5716 enecirhid - ok
17:34:12.0798 5716 enecirhidma (8492d808c79bd6fe439f77be84956cdf) C:\Windows\system32\DRIVERS\enecirhidma.sys
17:34:12.0799 5716 enecirhidma - ok
17:34:12.0942 5716 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
17:34:12.0944 5716 ENTECH64 - ok
17:34:13.0052 5716 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
17:34:13.0053 5716 ErrDev - ok
17:34:13.0180 5716 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
17:34:13.0185 5716 exfat - ok
17:34:13.0326 5716 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
17:34:13.0331 5716 fastfat - ok
17:34:13.0455 5716 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
17:34:13.0457 5716 fdc - ok
17:34:13.0565 5716 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
17:34:13.0567 5716 FileInfo - ok
17:34:13.0671 5716 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
17:34:13.0672 5716 Filetrace - ok
17:34:13.0781 5716 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
17:34:13.0782 5716 flpydisk - ok
17:34:13.0847 5716 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
17:34:13.0851 5716 FltMgr - ok
17:34:13.0992 5716 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
17:34:13.0993 5716 Fs_Rec - ok
17:34:14.0068 5716 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
17:34:14.0070 5716 gagp30kx - ok
17:34:14.0172 5716 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:34:14.0173 5716 GEARAspiWDM - ok
17:34:14.0351 5716 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
17:34:14.0356 5716 HdAudAddService - ok
17:34:14.0423 5716 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:34:14.0429 5716 HDAudBus - ok
17:34:14.0556 5716 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
17:34:14.0558 5716 HidBth - ok
17:34:14.0656 5716 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
17:34:14.0657 5716 HidIr - ok
17:34:14.0801 5716 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
17:34:14.0802 5716 HidUsb - ok
17:34:14.0900 5716 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
17:34:14.0901 5716 HpCISSs - ok
17:34:15.0019 5716 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
17:34:15.0026 5716 HTTP - ok
17:34:15.0118 5716 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
17:34:15.0119 5716 i2omp - ok
17:34:15.0217 5716 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
17:34:15.0219 5716 i8042prt - ok
17:34:15.0286 5716 iaStor (1adaa4f16073fd0c7270f451fd024e97) C:\Windows\system32\DRIVERS\iaStor.sys
17:34:15.0289 5716 iaStor - ok
17:34:15.0391 5716 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
17:34:15.0396 5716 iaStorV - ok
17:34:15.0504 5716 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
17:34:15.0505 5716 iirsp - ok
17:34:15.0645 5716 IntcAzAudAddService (627c6b352718e59df08f02c536e2e0ed) C:\Windows\system32\drivers\RTKVHD64.sys
17:34:15.0658 5716 IntcAzAudAddService - ok
17:34:15.0754 5716 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
17:34:15.0756 5716 intelide - ok
17:34:15.0837 5716 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
17:34:15.0837 5716 intelppm - ok
17:34:15.0916 5716 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:34:15.0919 5716 IpFilterDriver - ok
17:34:16.0005 5716 IpInIp - ok
17:34:16.0054 5716 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
17:34:16.0057 5716 IPMIDRV - ok
17:34:16.0148 5716 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
17:34:16.0151 5716 IPNAT - ok
17:34:16.0191 5716 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
17:34:16.0193 5716 IRENUM - ok
17:34:16.0297 5716 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
17:34:16.0299 5716 isapnp - ok
17:34:16.0405 5716 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
17:34:16.0408 5716 iScsiPrt - ok
17:34:16.0503 5716 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
17:34:16.0505 5716 iteatapi - ok
17:34:16.0617 5716 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
17:34:16.0619 5716 iteraid - ok
17:34:16.0712 5716 JMCR (c241b97aa60ac47fa8c628b3ad489b34) C:\Windows\system32\DRIVERS\jmcr.sys
17:34:16.0714 5716 JMCR - ok
17:34:16.0734 5716 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
17:34:16.0735 5716 kbdclass - ok
17:34:16.0839 5716 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
17:34:16.0841 5716 kbdhid - ok
17:34:16.0967 5716 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
17:34:16.0979 5716 KSecDD - ok
17:34:17.0071 5716 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
17:34:17.0073 5716 ksthunk - ok
17:34:17.0212 5716 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
17:34:17.0214 5716 Lbd - ok
17:34:17.0327 5716 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
17:34:17.0329 5716 lltdio - ok
17:34:17.0451 5716 LPCFilter (9c551a9121639a9779862cb8a6cabf03) C:\Windows\system32\DRIVERS\LPCFilter.sys
17:34:17.0453 5716 LPCFilter - ok
17:34:17.0562 5716 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
17:34:17.0566 5716 LSI_FC - ok
17:34:17.0645 5716 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
17:34:17.0649 5716 LSI_SAS - ok
17:34:17.0719 5716 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
17:34:17.0723 5716 LSI_SCSI - ok
17:34:17.0800 5716 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
17:34:17.0802 5716 luafv - ok
17:34:17.0865 5716 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
17:34:17.0866 5716 MBAMProtector - ok
17:34:18.0012 5716 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
17:34:18.0014 5716 megasas - ok
17:34:18.0118 5716 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
17:34:18.0125 5716 MegaSR - ok
17:34:18.0254 5716 mfeavfk (088620da20b98578bfc4b97043f24042) C:\Windows\system32\drivers\mfeavfk.sys
17:34:18.0255 5716 mfeavfk - ok
17:34:18.0366 5716 mfehidk (239e677e3e9047550c18b30c26c3ba3e) C:\Windows\system32\drivers\mfehidk.sys
17:34:18.0371 5716 mfehidk - ok
17:34:18.0472 5716 mferkdk (bb6bdc9029ca71d652eadc40ff78f7cb) C:\Windows\system32\drivers\mferkdk.sys
17:34:18.0474 5716 mferkdk - ok
17:34:18.0575 5716 mfesmfk (1f56e31db436287581cbe9a5c4c70e0e) C:\Windows\system32\drivers\mfesmfk.sys
17:34:18.0577 5716 mfesmfk - ok
17:34:18.0701 5716 mod7700 (942394d485e9a1e1c3201af16e1be9d7) C:\Windows\system32\Drivers\dvb7700all.sys
17:34:18.0711 5716 mod7700 - ok
17:34:18.0832 5716 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
17:34:18.0835 5716 Modem - ok
17:34:18.0928 5716 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
17:34:18.0930 5716 monitor - ok
17:34:19.0010 5716 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
17:34:19.0012 5716 mouclass - ok
17:34:19.0111 5716 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
17:34:19.0113 5716 mouhid - ok
17:34:19.0201 5716 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
17:34:19.0203 5716 MountMgr - ok
17:34:19.0264 5716 MPFP (ae2e68527013eb4f761eccc630f7f1a3) C:\Windows\system32\Drivers\Mpfp.sys
17:34:19.0267 5716 MPFP - ok
17:34:19.0373 5716 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
17:34:19.0377 5716 mpio - ok
17:34:19.0470 5716 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
17:34:19.0473 5716 mpsdrv - ok
17:34:19.0578 5716 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
17:34:19.0580 5716 Mraid35x - ok
17:34:19.0681 5716 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
17:34:19.0685 5716 MRxDAV - ok
17:34:19.0814 5716 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:34:19.0818 5716 mrxsmb - ok
17:34:19.0931 5716 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:34:19.0937 5716 mrxsmb10 - ok
17:34:20.0041 5716 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:34:20.0044 5716 mrxsmb20 - ok
17:34:20.0136 5716 msahci (e7e3e515d1d33a2a372d7fce2bbef5d9) C:\Windows\system32\drivers\msahci.sys
17:34:20.0138 5716 msahci - ok
17:34:20.0219 5716 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
17:34:20.0222 5716 msdsm - ok
17:34:20.0341 5716 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
17:34:20.0343 5716 Msfs - ok
17:34:20.0444 5716 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
17:34:20.0445 5716 msisadrv - ok
17:34:20.0553 5716 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
17:34:20.0555 5716 MSKSSRV - ok
17:34:20.0582 5716 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
17:34:20.0584 5716 MSPCLOCK - ok
17:34:20.0677 5716 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
17:34:20.0678 5716 MSPQM - ok
17:34:20.0751 5716 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
17:34:20.0759 5716 MsRPC - ok
17:34:20.0853 5716 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
17:34:20.0854 5716 mssmbios - ok
17:34:20.0957 5716 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
17:34:20.0959 5716 MSTEE - ok
17:34:21.0070 5716 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
17:34:21.0072 5716 Mup - ok
17:34:21.0196 5716 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
17:34:21.0201 5716 NativeWifiP - ok
17:34:21.0345 5716 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
17:34:21.0356 5716 NDIS - ok
17:34:21.0445 5716 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
17:34:21.0447 5716 NdisTapi - ok
17:34:21.0533 5716 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
17:34:21.0534 5716 Ndisuio - ok
17:34:21.0639 5716 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
17:34:21.0643 5716 NdisWan - ok
17:34:21.0736 5716 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
17:34:21.0738 5716 NDProxy - ok
17:34:21.0857 5716 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
17:34:21.0859 5716 NetBIOS - ok
17:34:21.0962 5716 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
17:34:21.0968 5716 netbt - ok
17:34:22.0222 5716 NETw5v64 (2bdcb7b7917380794c9d87ac2153ce33) C:\Windows\system32\DRIVERS\NETw5v64.sys
17:34:22.0367 5716 NETw5v64 - ok
17:34:22.0457 5716 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
17:34:22.0459 5716 nfrd960 - ok
17:34:22.0578 5716 nmwcd (985a3f046dfcd58e26d3a95283bb8f1d) C:\Windows\system32\drivers\ccdcmbx64.sys
17:34:22.0580 5716 nmwcd - ok
17:34:22.0711 5716 nmwcdc (5eb41a9656388dc21119ccc33f0ee22a) C:\Windows\system32\drivers\ccdcmbox64.sys
17:34:22.0713 5716 nmwcdc - ok
17:34:22.0805 5716 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
17:34:22.0807 5716 Npfs - ok
17:34:22.0876 5716 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
17:34:22.0878 5716 nsiproxy - ok
17:34:23.0019 5716 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
17:34:23.0052 5716 Ntfs - ok
17:34:23.0144 5716 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
17:34:23.0145 5716 Null - ok
17:34:23.0232 5716 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
17:34:23.0234 5716 nvraid - ok
17:34:23.0292 5716 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
17:34:23.0294 5716 nvstor - ok
17:34:23.0385 5716 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
17:34:23.0387 5716 nv_agp - ok
17:34:23.0412 5716 NwlnkFlt - ok
17:34:23.0421 5716 NwlnkFwd - ok
17:34:23.0511 5716 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
17:34:23.0513 5716 ohci1394 - ok
17:34:23.0629 5716 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
17:34:23.0632 5716 Parport - ok
17:34:23.0729 5716 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
17:34:23.0731 5716 partmgr - ok
17:34:23.0870 5716 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
17:34:23.0872 5716 pccsmcfd - ok
17:34:23.0932 5716 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
17:34:23.0935 5716 pci - ok
17:34:24.0054 5716 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\DRIVERS\pciide.sys
17:34:24.0055 5716 pciide - ok
17:34:24.0150 5716 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
17:34:24.0153 5716 pcmcia - ok
17:34:24.0291 5716 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
17:34:24.0302 5716 PEAUTH - ok
17:34:24.0414 5716 PGEffect (2c3ba65f8ca712730050c29104e093f9) C:\Windows\system32\DRIVERS\pgeffect.sys
17:34:24.0416 5716 PGEffect - ok
17:34:24.0570 5716 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
17:34:24.0573 5716 PptpMiniport - ok
17:34:24.0667 5716 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
17:34:24.0669 5716 Processor - ok
17:34:24.0829 5716 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
17:34:24.0831 5716 PSched - ok
17:34:24.0974 5716 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
17:34:25.0001 5716 ql2300 - ok
17:34:25.0103 5716 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
17:34:25.0107 5716 ql40xx - ok
17:34:25.0245 5716 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
17:34:25.0247 5716 QWAVEdrv - ok
17:34:25.0360 5716 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
17:34:25.0362 5716 RasAcd - ok
17:34:25.0492 5716 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:34:25.0495 5716 Rasl2tp - ok
17:34:25.0613 5716 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
17:34:25.0615 5716 RasPppoe - ok
17:34:25.0747 5716 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
17:34:25.0750 5716 RasSstp - ok
17:34:25.0886 5716 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
17:34:25.0893 5716 rdbss - ok
17:34:25.0937 5716 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:34:25.0938 5716 RDPCDD - ok
17:34:26.0052 5716 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
17:34:26.0060 5716 rdpdr - ok
17:34:26.0157 5716 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
17:34:26.0159 5716 RDPENCDD - ok
17:34:26.0212 5716 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
17:34:26.0218 5716 RDPWD - ok
17:34:26.0353 5716 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
17:34:26.0356 5716 rspndr - ok
17:34:26.0474 5716 RTHDMIAzAudService (ee328f24ffc3ac211f48266864c65fa6) C:\Windows\system32\drivers\RtHDMIVX.sys
17:34:26.0477 5716 RTHDMIAzAudService - ok
17:34:26.0585 5716 RTL8169 (3e800d0dd24c5cfe61a1d71a3f6feab9) C:\Windows\system32\DRIVERS\Rtlh64.sys
17:34:26.0591 5716 RTL8169 - ok
17:34:26.0713 5716 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
17:34:26.0717 5716 sbp2port - ok
17:34:26.0774 5716 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
17:34:26.0778 5716 sdbus - ok
17:34:26.0890 5716 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:34:26.0892 5716 secdrv - ok
17:34:26.0942 5716 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
17:34:26.0944 5716 Serenum - ok
17:34:27.0045 5716 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
17:34:27.0048 5716 Serial - ok
17:34:27.0147 5716 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
17:34:27.0149 5716 sermouse - ok
17:34:27.0271 5716 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
17:34:27.0273 5716 sffdisk - ok
17:34:27.0303 5716 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
17:34:27.0305 5716 sffp_mmc - ok
17:34:27.0411 5716 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
17:34:27.0413 5716 sffp_sd - ok
17:34:27.0513 5716 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
17:34:27.0515 5716 sfloppy - ok
17:34:27.0625 5716 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
17:34:27.0628 5716 SiSRaid2 - ok
17:34:27.0780 5716 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
17:34:27.0784 5716 SiSRaid4 - ok
17:34:27.0903 5716 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
17:34:27.0906 5716 Smb - ok
17:34:28.0014 5716 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
17:34:28.0016 5716 spldr - ok
17:34:28.0164 5716 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
17:34:28.0183 5716 sptd - ok
17:34:28.0295 5716 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
17:34:28.0306 5716 srv - ok
17:34:28.0405 5716 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
17:34:28.0410 5716 srv2 - ok
17:34:28.0517 5716 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
17:34:28.0522 5716 srvnet - ok
17:34:28.0655 5716 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
17:34:28.0657 5716 swenum - ok
17:34:28.0711 5716 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
17:34:28.0713 5716 Symc8xx - ok
17:34:28.0842 5716 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
17:34:28.0845 5716 Sym_hi - ok
17:34:28.0883 5716 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
17:34:28.0886 5716 Sym_u3 - ok
17:34:28.0978 5716 SynTP (ea7043973d9305235e7b68ac0c6ec889) C:\Windows\system32\DRIVERS\SynTP.sys
17:34:28.0982 5716 SynTP - ok
17:34:29.0138 5716 Tcpip (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\drivers\tcpip.sys
17:34:29.0159 5716 Tcpip - ok
17:34:29.0297 5716 Tcpip6 (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\DRIVERS\tcpip.sys
17:34:29.0308 5716 Tcpip6 - ok
17:34:29.0410 5716 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
17:34:29.0411 5716 tcpipreg - ok
17:34:29.0509 5716 tdcmdpst (d45586a9facb2c9708b10e491ef748a6) C:\Windows\system32\DRIVERS\tdcmdpst.sys
17:34:29.0510 5716 tdcmdpst - ok
17:34:29.0615 5716 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
17:34:29.0617 5716 TDPIPE - ok
17:34:29.0766 5716 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
17:34:29.0768 5716 TDTCP - ok
17:34:29.0808 5716 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
17:34:29.0811 5716 tdx - ok
17:34:29.0911 5716 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
17:34:29.0913 5716 TermDD - ok
17:34:30.0032 5716 Thpdrv (e29a0c5c97615bffab138abe308733b4) C:\Windows\system32\DRIVERS\thpdrv.sys
17:34:30.0034 5716 Thpdrv - ok
17:34:30.0079 5716 Thpevm (d6704940a79831b4fa271d7a73d291d8) C:\Windows\system32\DRIVERS\Thpevm.SYS
17:34:30.0080 5716 Thpevm - ok
17:34:30.0288 5716 tosporte (0e8a784713a08b39e39565c91ece48ba) C:\Windows\system32\DRIVERS\tosporte.sys
17:34:30.0289 5716 tosporte - ok
17:34:30.0410 5716 tosrfbd (f75a48d6d236898caa9e3805b33b0162) C:\Windows\system32\DRIVERS\tosrfbd.sys
17:34:30.0413 5716 tosrfbd - ok
17:34:30.0523 5716 tosrfbnp (77f25d185aa83cf6057606a145c6e732) C:\Windows\system32\Drivers\tosrfbnp.sys
17:34:30.0525 5716 tosrfbnp - ok
17:34:30.0628 5716 Tosrfcom (d554c3411b6c99e970e84e218579a60e) C:\Windows\system32\Drivers\tosrfcom.sys
17:34:30.0635 5716 Tosrfcom - ok
17:34:30.0692 5716 tosrfec (9fb4aa68d4e833c795994513bc9e3aca) C:\Windows\system32\DRIVERS\tosrfec.sys
17:34:30.0694 5716 tosrfec - ok
17:34:30.0819 5716 Tosrfhid (20c3200bc4f4d0df9a2207544e36eef3) C:\Windows\system32\DRIVERS\Tosrfhid.sys
17:34:30.0823 5716 Tosrfhid - ok
17:34:30.0924 5716 tosrfnds (bfa9abdd9cc0b7f2c7bac5ba2f6f4243) C:\Windows\system32\DRIVERS\tosrfnds.sys
17:34:30.0926 5716 tosrfnds - ok
17:34:30.0986 5716 TosRfSnd (eaed2835c62591cf0bebd201e8203a69) C:\Windows\system32\drivers\tosrfsnd.sys
17:34:30.0989 5716 TosRfSnd - ok
17:34:31.0089 5716 Tosrfusb (f88e56d49fe83002bb994872b30c5c3c) C:\Windows\system32\DRIVERS\tosrfusb.sys
17:34:31.0091 5716 Tosrfusb - ok
17:34:31.0244 5716 tos_sps64 (dd50a5df5f7b29fdb6b5fea728c43dc3) C:\Windows\system32\DRIVERS\tos_sps64.sys
17:34:31.0258 5716 tos_sps64 - ok
17:34:31.0389 5716 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:34:31.0391 5716 tssecsrv - ok
17:34:31.0489 5716 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
17:34:31.0491 5716 tunmp - ok
17:34:31.0541 5716 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
17:34:31.0543 5716 tunnel - ok
17:34:31.0670 5716 TVALZ (9a744cc3d804ec38a6c2c65bc3c6fcd8) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
17:34:31.0672 5716 TVALZ - ok
17:34:31.0717 5716 TVALZFL (be32a8658a0b56474ad4d0bb8afa8e55) C:\Windows\system32\DRIVERS\TVALZFL.sys
17:34:31.0718 5716 TVALZFL - ok
17:34:31.0841 5716 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
17:34:31.0844 5716 uagp35 - ok
17:34:31.0971 5716 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
17:34:31.0979 5716 udfs - ok
17:34:32.0098 5716 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
17:34:32.0101 5716 uliagpkx - ok
17:34:32.0218 5716 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
17:34:32.0226 5716 uliahci - ok
17:34:32.0330 5716 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
17:34:32.0335 5716 UlSata - ok
17:34:32.0433 5716 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
17:34:32.0438 5716 ulsata2 - ok
17:34:32.0543 5716 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
17:34:32.0545 5716 umbus - ok
17:34:32.0664 5716 upperdev (afa3a0937b7044a8322d8bc91722c53b) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
17:34:32.0666 5716 upperdev - ok
17:34:32.0814 5716 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
17:34:32.0817 5716 USBAAPL64 - ok
17:34:32.0964 5716 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
17:34:32.0967 5716 usbccgp - ok
17:34:33.0066 5716 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
17:34:33.0069 5716 usbcir - ok
17:34:33.0203 5716 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
17:34:33.0206 5716 usbehci - ok
17:34:33.0312 5716 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
17:34:33.0319 5716 usbhub - ok
17:34:33.0425 5716 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
17:34:33.0428 5716 usbohci - ok
17:34:33.0535 5716 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
17:34:33.0537 5716 usbprint - ok
17:34:33.0650 5716 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
17:34:33.0653 5716 usbscan - ok
17:34:33.0797 5716 usbser (f7386007fb19e7685fc7b298560aa81f) C:\Windows\system32\drivers\usbser.sys
17:34:33.0800 5716 usbser - ok
17:34:33.0944 5716 UsbserFilt (b826f3ff5a1975cc9096b4caadde77b6) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
17:34:33.0947 5716 UsbserFilt - ok
17:34:34.0049 5716 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:34:34.0052 5716 USBSTOR - ok
17:34:34.0133 5716 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
17:34:34.0135 5716 usbuhci - ok
17:34:34.0275 5716 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
17:34:34.0280 5716 usbvideo - ok
17:34:34.0382 5716 usb_rndisx (1e36bb1a3c5aaf2aa9fa9a126df8c16c) C:\Windows\system32\DRIVERS\usb8023x.sys
17:34:34.0384 5716 usb_rndisx - ok
17:34:34.0499 5716 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
17:34:34.0502 5716 vga - ok
17:34:34.0535 5716 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
17:34:34.0537 5716 VgaSave - ok
17:34:34.0636 5716 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
17:34:34.0638 5716 viaide - ok
17:34:34.0747 5716 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
17:34:34.0749 5716 volmgr - ok
17:34:34.0872 5716 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
17:34:34.0882 5716 volmgrx - ok
17:34:34.0984 5716 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
17:34:34.0991 5716 volsnap - ok
17:34:35.0097 5716 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
17:34:35.0102 5716 vsmraid - ok
17:34:35.0251 5716 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
17:34:35.0253 5716 WacomPen - ok
17:34:35.0375 5716 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
17:34:35.0379 5716 Wanarp - ok
17:34:35.0387 5716 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
17:34:35.0390 5716 Wanarpv6 - ok
17:34:35.0515 5716 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
17:34:35.0517 5716 Wd - ok
17:34:35.0649 5716 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:34:35.0659 5716 Wdf01000 - ok
17:34:35.0839 5716 WINUSB (7f2f9e48566b2087f2aaad258cb2a8d4) C:\Windows\system32\DRIVERS\WinUSB.SYS
17:34:35.0841 5716 WINUSB - ok
17:34:35.0943 5716 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
17:34:35.0945 5716 WmiAcpi - ok
17:34:36.0085 5716 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
17:34:36.0086 5716 WpdUsb - ok
17:34:36.0203 5716 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
17:34:36.0204 5716 ws2ifsl - ok
17:34:36.0251 5716 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:34:36.0253 5716 WUDFRd - ok
17:34:36.0292 5716 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:34:36.0311 5716 \Device\Harddisk0\DR0 - ok
17:34:36.0315 5716 Boot (0x1200) (e8f839df69be399c11be055b4ac83e9c) \Device\Harddisk0\DR0\Partition0
17:34:36.0316 5716 \Device\Harddisk0\DR0\Partition0 - ok
17:34:36.0340 5716 Boot (0x1200) (e93722ad2fe4ce0a1593a8ef9cee3656) \Device\Harddisk0\DR0\Partition1
17:34:36.0341 5716 \Device\Harddisk0\DR0\Partition1 - ok
17:34:36.0342 5716 ============================================================
17:34:36.0342 5716 Scan finished
17:34:36.0342 5716 ============================================================
17:34:36.0353 5704 Detected object count: 0
17:34:36.0353 5704 Actual detected object count: 0
17:35:05.0979 3524 Deinitialize success






Und hier die von asw:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-09 17:36:12
-----------------------------
17:36:12.554 OS Version: Windows x64 6.0.6002 Service Pack 2
17:36:12.554 Number of processors: 2 586 0x1706
17:36:12.554 ComputerName: LT UserName:
17:36:13.784 Initialize success
17:42:17.023 AVAST engine defs: 11110900
17:43:48.995 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:43:49.000 Disk 0 Vendor: TOSHIBA_ FG01 Size: 381554MB BusType: 3
17:43:49.041 Disk 0 MBR read successfully
17:43:49.046 Disk 0 MBR scan
17:43:49.054 Disk 0 Windows VISTA default MBR code
17:43:49.060 Service scanning
17:43:50.549 Modules scanning
17:43:50.553 Disk 0 trace - called modules:
17:43:50.573 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll
17:43:50.577 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80082b9060]
17:43:50.581 3 CLASSPNP.SYS[fffffa6000dd0c33] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8007efc1c0]
17:43:50.584 5 thpdrv.sys[fffffa60011d1c8d] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006480050]
17:43:51.439 AVAST engine scan C:\Windows
17:43:54.772 AVAST engine scan C:\Windows\system32
17:45:59.101 AVAST engine scan C:\Windows\system32\drivers
17:46:13.068 AVAST engine scan C:\Users\Michael
17:54:32.028 AVAST engine scan C:\ProgramData
17:58:31.162 Scan finished successfully
18:01:04.956 Disk 0 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat"
18:01:04.961 The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt"

Swisstreasure 09.11.2011 19:32
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

RanaXT 10.11.2011 08:32
nm habe keine extra bekommen aber hier die OTL:OTL Logfile:
Code:
OTL logfile created on: 10.11.2011 01:10:59 - Run 5
OTL by OldTimer - Version 3.2.27.0    Folder = C:\Users\Michael\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
5,96 Gb Total Physical Memory | 3,82 Gb Available Physical Memory | 64,04% Memory free
12,12 Gb Paging File | 9,68 Gb Available in Paging File | 79,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,31 Gb Total Space | 11,47 Gb Free Space | 6,16% Space Free | Partition Type: NTFS
Drive E: | 184,84 Gb Total Space | 171,18 Gb Free Space | 92,61% Space Free | Partition Type: NTFS
 
Computer Name: LT | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Michael\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\PROGRA~2\mcafee.com\agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
PRC - c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.)
PRC - c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Toshiba\TOSHIBA Web Camera Application\TWebCameraSrv.exe (TOSHIBA)
PRC - C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe (TOSHIBA Corporation.)
PRC - C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Toshiba\TRCMan\TRCMan.exe (TOSHIBA Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\PROGRA~2\mcafee\msk\mskapbho.dll ()
MOD - C:\Windows\SysWOW64\RTCOM\RTCOMDLL.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
SRV - (camsvc) -- C:\Program Files (x86)\Toshiba\TOSHIBA Web Camera Application\TWebCameraSrv.exe (TOSHIBA)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (TNaviSrv) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (BBDemon) -- C:\Program Files (x86)\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe (Dassault Systemes)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys (Lavasoft AB)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (MPFP) -- C:\Windows\SysNative\Drivers\Mpfp.sys (McAfee, Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek                                            )
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\DRIVERS\thpdrv.sys (TOSHIBA Corporation)
DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\DRIVERS\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\DRIVERS\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\DRIVERS\pgeffect.sys (TOSHIBA Corporation)
DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\DRIVERS\tosrfnds.sys (TOSHIBA Corporation.)
DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\DRIVERS\Tosrfhid.sys (TOSHIBA Corporation.)
DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\Drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\Drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (NETw5v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (arcvad_ds2dhw) -- C:\Windows\SysNative\drivers\ArcVad.sys (ArcSoft, Inc.)
DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\DRIVERS\tosrfbd.sys (TOSHIBA CORPORATION)
DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys (EnTech Taiwan)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (mod7700) -- C:\Windows\SysNative\Drivers\dvb7700all.sys (DiBcom)
DRV:64bit: - (enecirhid) -- C:\Windows\SysNative\DRIVERS\enecirhid.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (enecirhidma) -- C:\Windows\SysNative\DRIVERS\enecirhidma.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\DRIVERS\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (tosporte) -- C:\Windows\SysNative\DRIVERS\tosporte.sys (TOSHIBA Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\DRIVERS\Thpevm.SYS (TOSHIBA Corporation)
DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\DRIVERS\tosrfec.sys (TOSHIBA Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.03.24 19:18:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.11.09 16:44:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.29 00:22:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.28 23:52:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.03.24 19:18:33 | 000,000,000 | ---D | M]
 
[2009.09.15 12:48:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Extensions
[2011.10.28 20:24:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\3v3a52fx.default\extensions
[2009.09.15 12:50:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\3v3a52fx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.20 14:48:39 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\3v3a52fx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.09.15 12:48:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.11.09 16:44:48 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2011.10.29 00:22:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.29 00:22:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.29 00:22:34 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.29 00:22:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.29 00:22:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.29 00:22:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.29 00:22:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.11.07 17:28:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\MSKAPB~1.DLL ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~2\mcafee\VIRUSS~1\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Programme\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [cfFncEnabler.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe (Toshiba Corporation)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [WMPNSCFG]  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -  File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30CF765A-FD14-477F-B8CC-DCCE3264146C}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75AA1371-8315-4730-955B-7135AE381425}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F02BBD11-BCAB-4C99-A96B-03702D52DEB5}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Michael\Pictures\Autos\2008-Abt-Audi-R8-Section-1920x1440.jpg
O24 - Desktop BackupWallPaper: C:\Users\Michael\Pictures\Autos\2008-Abt-Audi-R8-Section-1920x1440.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk - C:\PROGRA~2\Toshiba\BLUETO~1\TosBtMng.exe - (TOSHIBA CORPORATION.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\PROGRA~2\MCAFEE~1\20DEB9~1.181\SSSCHE~1.EXE - (McAfee, Inc.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^scandisk.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AlcoholAutomount - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig:64bit - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig:64bit - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: HWSetup - hkey= - key= - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
MsConfig:64bit - StartUpReg: ITSecMng - hkey= - key= - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: mcagent_exe - hkey= - key= - C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
MsConfig:64bit - StartUpReg: NokiaMServer - hkey= - key= - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
MsConfig:64bit - StartUpReg: NokiaPCInternetAccess - hkey= - key= - C:\Program Files (x86)\Nokia\PC Internet Access\NPCIA.exe (Nokia)
MsConfig:64bit - StartUpReg: NvCplDaemonTool - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SmoothView - hkey= - key= - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: TOSHIBA Online Product Information - hkey= - key= - C:\Program Files (x86)\Toshiba\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
MsConfig:64bit - StartUpReg: Toshiba Registration - hkey= - key= - C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
MsConfig:64bit - StartUpReg: TPCHWMsg - hkey= - key= - C:\Programme\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: Uvixalosacevez - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Windows Mobile Device Center - hkey= - key= - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: WrtMon.exe - hkey= - key= - C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.09 17:35:58 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Michael\Desktop\aswMBR.exe
[2011.11.09 17:32:18 | 001,563,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Michael\Desktop\tdsskiller.exe
[2011.11.07 17:36:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\temp
[2011.11.07 17:28:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.11.02 00:14:50 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Uwovg
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.10 00:05:14 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.10 00:05:14 | 000,628,742 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.10 00:05:14 | 000,595,996 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.10 00:05:14 | 000,126,454 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.10 00:05:14 | 000,104,070 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.09 23:40:17 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.09 23:40:16 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.09 19:40:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.09 18:01:04 | 000,000,512 | ---- | M] () -- C:\Users\Michael\Desktop\MBR.dat
[2011.11.09 17:35:59 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Michael\Desktop\aswMBR.exe
[2011.11.09 17:32:20 | 001,563,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michael\Desktop\tdsskiller.exe
[2011.11.09 16:39:50 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc0f9c7af0cc20.job
[2011.11.09 16:39:29 | 2110,648,319 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.09 07:26:53 | 000,042,335 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2011.11.07 17:43:04 | 000,035,191 | ---- | M] () -- C:\Users\Michael\Desktop\ComboFix.zip
[2011.11.07 17:28:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.11.07 17:08:50 | 004,285,527 | R--- | M] (Swearware) -- C:\Users\Michael\Desktop\ComboFix.exe
[2011.10.31 17:59:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cc0f9c7bb5a2c0.job
[2011.10.16 16:37:17 | 000,013,606 | ---- | M] () -- C:\Users\Michael\Documents\Unbenannt.jpg
[2011.10.13 08:37:48 | 000,344,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2011.11.09 18:01:04 | 000,000,512 | ---- | C] () -- C:\Users\Michael\Desktop\MBR.dat
[2011.11.07 17:43:04 | 000,035,191 | ---- | C] () -- C:\Users\Michael\Desktop\ComboFix.zip
[2011.10.28 23:52:32 | 000,000,905 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.10.16 16:37:17 | 000,013,606 | ---- | C] () -- C:\Users\Michael\Documents\Unbenannt.jpg
[2011.09.29 08:15:36 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.09.29 08:15:36 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.09.03 16:10:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.09.03 16:10:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.09.03 16:10:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.09.03 16:10:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.09.03 16:10:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.09.20 19:17:14 | 000,000,680 | ---- | C] () -- C:\Users\Michael\AppData\Local\d3d9caps.dat
[2010.06.10 09:58:26 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.04.28 23:10:41 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2010.04.12 17:10:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.07 14:58:09 | 000,088,872 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.09.22 20:12:53 | 000,024,226 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\UserTile.png
[2009.09.17 07:27:20 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2009.09.15 13:06:01 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.09.15 13:05:30 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.09.15 13:04:53 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.09.15 12:48:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.09.15 12:35:41 | 000,113,664 | ---- | C] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.05 10:33:25 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009.09.05 10:09:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.06.05 08:12:14 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008.09.02 01:32:38 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll
[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 
========== LOP Check ==========
 
[2010.03.15 16:43:56 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DAEMON Tools Lite
[2011.04.04 18:31:53 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DAEMON Tools Pro
[2009.11.09 13:28:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DassaultSystemes
[2011.10.02 07:59:22 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoft
[2011.07.20 14:48:38 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.01 09:00:11 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Lufec
[2009.11.17 22:05:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\myphotobook
[2011.03.13 21:30:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Nokia
[2011.03.13 21:30:26 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Nokia Ovi Suite
[2011.03.13 21:28:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PC Suite
[2009.09.22 20:12:52 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PeerNetworking
[2010.05.12 16:34:44 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TOSHIBA
[2010.12.15 14:22:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TrafficMonitor
[2011.06.09 19:13:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TS3Client
[2011.11.06 22:06:55 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Uwovg
[2011.01.03 10:52:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Web Page Maker
[2011.03.15 00:59:59 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011.04.01 00:33:33 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2011.11.09 07:26:54 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.11.07 17:28:26 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.06.05 10:19:58 | 000,000,000 | ---D | M] -- C:\1033
[2009.09.17 08:21:46 | 000,000,000 | ---D | M] -- C:\Boot
[2006.11.02 16:42:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.09.05 10:47:02 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.02.16 16:59:11 | 000,000,000 | ---D | M] -- C:\Games
[2009.06.05 09:22:13 | 000,000,000 | ---D | M] -- C:\Intel
[2009.06.05 10:20:05 | 000,000,000 | R--D | M] -- C:\MSOCache
[2008.01.21 04:04:13 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.09.02 06:25:55 | 000,000,000 | ---D | M] -- C:\ProcAlyzer Dumps
[2011.08.28 10:27:15 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.10.16 08:27:05 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.09.03 16:25:14 | 000,000,000 | ---D | M] -- C:\ProgramData
[2009.09.05 10:47:02 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.11.07 17:36:13 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.11.10 01:14:28 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.09.05 10:58:35 | 000,000,000 | ---D | M] -- C:\Toshiba
[2009.11.20 09:19:51 | 000,000,000 | R--D | M] -- C:\Users
[2011.11.09 16:40:23 | 000,000,000 | ---D | M] -- C:\Windows
[2009.06.05 10:18:08 | 000,000,000 | ---D | M] -- C:\Works
[2011.09.02 10:31:36 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008.10.29 07:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\ERDNT\cache86\explorer.exe
[2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008.10.28 03:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008.10.29 07:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008.10.30 06:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008.01.21 03:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.01.21 03:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 03:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 03:50:29 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SysWOW64\regedit.exe
[2008.01.21 03:50:29 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_5aa1fb3ac896d9c8\regedit.exe
[2008.01.21 03:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\ERDNT\cache86\regedit.exe
[2008.01.21 03:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_504d50e8943617cd\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache86\userinit.exe
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\ERDNT\cache64\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache86\wininit.exe
[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\ERDNT\cache64\wininit.exe
[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
<          >

< End of report >
--- --- ---

Swisstreasure 10.11.2011 22:44
Schritt 1
Code:
:OTL
[2011.11.02 00:14:50 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Uwovg
:Commands
[purity]
[emptytemp]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Scanne erneut mit Malwarebytes Anti-Malware. Update es vorher.

RanaXT 11.11.2011 14:55
OTL hatte einen Fehler und ich habs nochmal starten müssen und die gefundenen Dateien werden im ersten log nicht angezeigt, auf jeden fall hier einmal die logs:

All processes killed
========== OTL ==========
Folder C:\Users\Michael\AppData\Roaming\Uwovg\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Michael
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 442435 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 118872132 bytes
->Flash cache emptied: 47776 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 73161 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 141832 bytes

Total Files Cleaned = 114,00 mb


OTL by OldTimer - Version 3.2.27.0 log created on 11112011_111005

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\mcafee_1UybE4muKT8ZS4s not found!
File\Folder C:\Windows\temp\mcmsc_2GaN4yPycHfHqgP not found!
File\Folder C:\Windows\temp\sqlite_6nrZ22xpGk7qTVy not found!
File\Folder C:\Windows\temp\sqlite_7Rfp7HgWX3OSFvk not found!
File\Folder C:\Windows\temp\sqlite_E8KLEceaVd26yyv not found!

Registry entries deleted on Reboot...




Bei Malwarebytes hab ich es bereinigt:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8137

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

11.11.2011 14:35:30
mbam-log-2011-11-11 (14-35-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 458765
Laufzeit: 2 Stunde(n), 12 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Qoobox\quarantine\C\Users\Michael\kbloadcf.dll.vir (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Users\Michael\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scanjdiskb96.dll.vir (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\09022011_113136\C_Users\Michael\kbloadCF.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\09022011_113136\C_Users\Michael\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scanjdiskb96.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.

Swisstreasure 11.11.2011 21:35
Hast Du noch Probleme?


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Alle Zeitangaben in WEZ +1. Es ist jetzt 09:23 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131