Trojaner-Board - Trojaner, kritischer Fehler auf der Festplatte, Windows findet keinen Speicherplatz

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Trojaner, kritischer Fehler auf der Festplatte, Windows findet keinen Speicherplatz (https://www.trojaner-board.de/97710-trojaner-kritischer-fehler-festplatte-windows-findet-keinen-speicherplatz.html)

Trojaner, kritischer Fehler auf der Festplatte, Windows findet keinen Speicherplatz

Hallo,

ich habe ein Problem mit meinem Laptop: Plötzlich und unerwartet (ich habe an dem Tag nichts runtergeladen oder ähnliches) hat mir mein Rechner Fehler angezeigt, von wegen der RAM-speicher wäre beschädigt, Windows fände keinen Speicherplatz, etc. Ich habe die Fehlermeldungen dann bei Google eingegeben und bin dadurch auf dieses Forum hier gestoßen. Ich habe mir schon verschiedene Themen angeguckt und daraufhin den Virenscanner SUPERAntiSpyware durchlaufen lassen, und mach auch gleich mit dem zweiten beschriebenen weiter, Malwarebytes.
Um nochmal auf das Problem zu kommen, es wurden wie schon gesagt, diese Fehlermeldungen angezeigt, die, wenn ich alles richtig verstanden hab, nur Fake sind, oder? Und dann hat sich nach einer Weile auch mein Computer von allein runtergefahren.
Im Moment, nachdem ich den ersten Virenscan durch laufen lassen und die Datein in Quarantäne verschoben habe, scheint erstmal nichts mehr zu passieren. Es kommen keine Fehlermeldungen mehr und gar nichts.

Ich hoffe ihr könnt mir helfen, meinen Laptop wieder vollkommen zu reinigen, ich kenne mich mit solchen Sachen gar nicht aus und habe angst, dass zum Beispiel meine externe Festplatte noch betroffen werden oder ich das ganze durch Email weitergeben könnte.

Vielen Dank schon mal im Vorraus, in den nächsten Post kopiere ich das Protokoll von SUPERAntiSpyware.

Elen

Okay, hier das Protokoll:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/19/2011 at 05:15 PM

Application Version : 4.50.1002

Core Rules Database Version : 6868
Trace Rules Database Version: 4680

Scan type : Complete Scan
Total Scan Time : 03:03:40

Memory items scanned : 637
Memory threats detected : 1
Registry items scanned : 14017
Registry threats detected : 1
File items scanned : 220753
File threats detected : 40

Trojan.Agent/Gen-FakeAlert[BitSprx]
C:\PROGRAMDATA\PFMPBJOHGUT.EXE
C:\PROGRAMDATA\PFMPBJOHGUT.EXE
(x86) [PFmPbJoHGuT] C:\PROGRAMDATA\PFMPBJOHGUT.EXE
C:\USERS\LENE\APPDATA\LOCAL\TEMP\TMP9B9A.TMP
C:\USERS\LENE\APPDATA\LOCAL\TEMP\TMPB65B.TMP
C:\Windows\Prefetch\PFMPBJOHGUT.EXE-F3C9DD13.pf

Adware.Tracking Cookie
C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\lene@adtech[1].txt
C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\lene@serving-sys[2].txt
C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\lene@adserver2.clipkit[1].txt
C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\lene@ads.boonty[1].txt
C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\lene@tradedoubler[2].txt
C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\lene@atwola[1].txt
C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\lene@eaeacom.112.2o7[1].txt
C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\lene@bs.serving-sys[1].txt
C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\lene@ad.adnet[1].txt
C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\lene@mediaplex[2].txt
C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\lene@tracking.mlsat02[1].txt
C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\lene@doubleclick[2].txt
C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\lene@atdmt.combing[2].txt
C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\lene@ad.yieldmanager[2].txt
C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\lene@atdmt[1].txt
C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\lene@ad.zanox[2].txt
C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\lene@content.yieldmanager[1].txt
C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\lene@ar.atwola[2].txt
C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\lene@adfarm1.adition[1].txt
C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\lene@vodafonegrupoes.solution.weborama[2].txt
C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\lene@invitemedia[1].txt
C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\lene@yieldmanager[1].txt
C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\lene@content.yieldmanager[3].txt
C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\lene@webmasterplan[1].txt
C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\lene@apmebf[1].txt
C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Cookies\lene@weborama[1].txt
content.oddcast.com [ C:\Users\Lene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P7SYF9UY ]
counter.cam-content.com [ C:\Users\Lene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P7SYF9UY ]
ia.media-imdb.com [ C:\Users\Lene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P7SYF9UY ]
media.y8.com [ C:\Users\Lene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P7SYF9UY ]
stat.easydate.biz [ C:\Users\Lene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P7SYF9UY ]
track.webgains.com [ C:\Users\Lene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P7SYF9UY ]
www.99counters.com [ C:\Users\Lene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P7SYF9UY ]
www.ardmediathek.de [ C:\Users\Lene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P7SYF9UY ]

Trojan.Agent/Gen-FakeAntiSpy
C:\USERS\LENE\APPDATA\LOCAL\TEMP\ERR.LOG127424487

Trojan.Agent/Gen-FraudLoad
C:\USERS\LENE\APPDATA\LOCAL\TEMP\OREWMNXACS.EXE

und hier das zweite Protokoll:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6399

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

19.04.2011 18:54:17
mbam-log-2011-04-19 (18-54-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Z:\|)
Durchsuchte Objekte: 378937
Laufzeit: 1 Stunde(n), 14 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files (x86)\cryptload\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> No action taken.
c:\program files (x86)\cryptload\router\fritz!box\nc.exe (PUP.KeyLogger) -> No action taken.
c:\Users\Lene\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> No action taken.
c:\Users\Lene\AppData\Local\Temp\ldrb6c8.tmp (Trojan.Agent) -> No action taken.

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

nein, da gibt es überhaupt keine Logdateien. Die, die ich schon gepostet habe musste ich direkt in einem Ordner speichern, und die ist auch in der Liste nicht drin.

Was ich gerade noch gesehen habe: wenn ich den Laptop starte zeigt es mir was an, von wegen:
"Catalyst Control Center: Host application funktioniert nicht mehr."

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

OTL Logfile:

Code:

OTL logfile created on: 21.04.2011 20:15:00 - Run 1

OTL by OldTimer - Version 3.2.22.3     Folder = D:\Downloads

64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free

8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 85,09 Gb Total Space | 28,74 Gb Free Space | 33,78% Space Free | Partition Type: NTFS

Drive D: | 204,61 Gb Total Space | 44,64 Gb Free Space | 21,82% Space Free | Partition Type: NTFS

Drive E: | 4,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Drive Z: | 7,99 Gb Total Space | 1,43 Gb Free Space | 17,91% Space Free | Partition Type: NTFS

 

Computer Name: MARLENE | User Name: Lene | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - D:\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.)

PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)

PRC - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

 

 
 ========== Modules (SafeList) ==========

 

MOD - D:\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)

SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)

SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)

SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)

SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_a35e6b9.dll ()

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (!SASCORE) -- C:\Program Files (x86)\Neuer Ordner\SASCORE64.EXE (SUPERAntiSpyware.com)

SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)

SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software)

SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)

SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)

SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)

SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)

SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)

SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)

DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )

DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)

DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\TosRfSnd.sys (TOSHIBA Corporation)

DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)

DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)

DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation)

DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)

DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\drivers\tosrfnds.sys (TOSHIBA Corporation.)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (BrSerIb) Brother MFC Serial Interface Driver(WDM) -- C:\Windows\SysNative\drivers\BrSerIb.sys (Brother Industries Ltd.)

DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)

DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)

DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)

DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)

DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\drivers\tosrfbnp.sys (TOSHIBA Corporation)

DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation)

DRV:64bit: - (BrUsbSIb) Brother MFC Serial USB Driver(WDM) -- C:\Windows\SysNative\drivers\BrUsbSIb.sys (Brother Industries Ltd.)

DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (vcd10bus) -- C:\Windows\SysNative\drivers\vcd10bus.sys (H+H Software GmbH)

DRV:64bit: - (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM) -- C:\Windows\SysNative\drivers\s117unic.sys (MCCI Corporation)

DRV:64bit: - (s117obex) -- C:\Windows\SysNative\drivers\s117obex.sys (MCCI Corporation)

DRV:64bit: - (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS) -- C:\Windows\SysNative\drivers\s117nd5.sys (MCCI Corporation)

DRV:64bit: - (s117mdm) -- C:\Windows\SysNative\drivers\s117mdm.sys (MCCI Corporation)

DRV:64bit: - (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s117mgmt.sys (MCCI Corporation)

DRV:64bit: - (s117mdfl) -- C:\Windows\SysNative\drivers\s117mdfl.sys (MCCI Corporation)

DRV:64bit: - (s117bus) Sony Ericsson Device 117 driver (WDM) -- C:\Windows\SysNative\drivers\s117bus.sys (MCCI Corporation)

DRV - (SASDIFSV) -- C:\Program Files (x86)\Neuer Ordner\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Program Files (x86)\Neuer Ordner\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software)

DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.google.de"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6

FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.13

FF - prefs.js..extensions.enabledItems: tabscope@xuldev.org:1.1.1

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906

FF - prefs.js..keyword.URL: "hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search="

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.27 11:09:03 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.27 11:09:03 | 000,000,000 | ---D | M]

 

[2009.12.25 19:28:08 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Lene\AppData\Roaming\mozilla\Extensions

[2011.04.20 14:05:03 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Lene\AppData\Roaming\mozilla\Firefox\Profiles\1bp4bkgz.default\extensions

[2011.03.17 17:48:07 | 000,000,000 | -H-D | M] (All-in-One Sidebar) -- C:\Users\Lene\AppData\Roaming\mozilla\Firefox\Profiles\1bp4bkgz.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}

[2011.04.06 23:54:59 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\Lene\AppData\Roaming\mozilla\Firefox\Profiles\1bp4bkgz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010.03.12 22:36:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Lene\AppData\Roaming\mozilla\Firefox\Profiles\1bp4bkgz.default\extensions\glowywine-ff3-30@glowplug.bitasylum.net

[2011.03.13 14:50:43 | 000,000,000 | -H-D | M] (Personas) -- C:\Users\Lene\AppData\Roaming\mozilla\Firefox\Profiles\1bp4bkgz.default\extensions\personas@christopher.beard

[2011.03.30 07:27:23 | 000,000,000 | -H-D | M] (Tab Scope) -- C:\Users\Lene\AppData\Roaming\mozilla\Firefox\Profiles\1bp4bkgz.default\extensions\tabscope@xuldev.org

[2011.01.02 01:30:59 | 000,001,047 | -H-- | M] () -- C:\Users\Lene\AppData\Roaming\Mozilla\Firefox\Profiles\1bp4bkgz.default\searchplugins\dramawiki-en.xml

[2010.06.01 19:32:09 | 000,002,149 | -H-- | M] () -- C:\Users\Lene\AppData\Roaming\Mozilla\Firefox\Profiles\1bp4bkgz.default\searchplugins\MyStart Search.xml

[2011.03.16 20:33:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011.03.16 20:33:54 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2011.03.22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

[2011.03.06 15:41:03 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2011.03.06 15:41:03 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml

[2011.03.06 15:41:03 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2011.03.06 15:41:03 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2011.03.06 15:41:03 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)

O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - HKCU..\Run: [EA Core]  File not found

O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\Neuer Ordner\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{6fe17448-4897-11df-834f-002622429548}\Shell - "" = AutoRun

O33 - MountPoints2\{6fe17448-4897-11df-834f-002622429548}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.04.19 17:36:52 | 000,000,000 | ---D | C] -- C:\Users\Lene\AppData\Roaming\Malwarebytes

[2011.04.19 17:36:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011.04.19 17:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.04.19 17:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.04.19 17:36:42 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011.04.19 17:36:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011.04.19 14:04:06 | 000,000,000 | -H-D | C] -- C:\Users\Lene\AppData\Roaming\SUPERAntiSpyware.com

[2011.04.19 14:04:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2011.04.19 14:03:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\!SASCORE

[2011.04.19 14:03:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2011.04.19 14:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Neuer Ordner

[2011.04.19 14:03:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware

[2011.04.14 22:58:11 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll

[2011.04.14 22:58:11 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll

[2011.04.14 22:58:09 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2011.04.14 22:58:09 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2011.04.14 22:58:09 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2011.04.14 22:58:05 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll

[2011.04.14 22:58:05 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll

[2011.04.14 22:58:05 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll

[2011.04.14 22:58:05 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll

[2011.04.14 22:58:01 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2011.04.14 22:58:01 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2011.04.14 22:58:01 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2011.04.14 22:58:01 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2011.04.14 22:57:53 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2011.04.14 22:57:53 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll

[2011.04.14 22:57:52 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2011.04.14 22:57:52 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2011.04.14 22:57:52 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2011.04.14 22:57:52 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2011.04.14 22:57:52 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2011.04.14 22:57:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2011.04.14 22:57:52 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2011.04.14 22:57:52 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2011.04.14 22:57:52 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2011.04.14 22:57:52 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2011.04.14 22:57:52 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2011.04.14 22:57:52 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2011.04.14 22:57:24 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll

[2011.04.14 22:57:23 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe

[2011.04.14 22:57:23 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe

[2011.04.14 22:57:21 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe

[2011.04.14 22:57:19 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe

[2011.04.14 22:57:19 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe

[2011.04.14 22:57:18 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi

[2011.04.14 22:57:18 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi

[2011.04.14 22:57:18 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll

[2011.04.14 22:57:18 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll

[2011.04.14 22:57:18 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll

[2011.04.09 15:39:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2011.04.09 15:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

[2011.03.26 12:35:57 | 000,000,000 | -H-D | C] -- C:\Users\Lene\AppData\Roaming\Apple Computer

[2011.03.25 18:20:27 | 000,000,000 | -H-D | C] -- C:\Users\Lene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audition Online

[2011.03.24 17:51:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.04.21 20:17:36 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.04.21 20:17:36 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.04.21 20:10:10 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.04.21 20:09:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.04.21 20:09:37 | 3193,597,952 | -HS- | M] () -- C:\hiberfil.sys

[2011.04.21 09:50:30 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.04.21 09:50:30 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.04.21 09:50:30 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.04.21 09:50:30 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.04.21 09:50:30 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.04.21 09:41:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.04.19 14:03:59 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011.04.15 03:27:34 | 000,422,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011.04.01 18:11:01 | 002,478,383 | -H-- | M] () -- C:\Users\Lene\Desktop\lenza-74(klein2).jpg

[2011.04.01 18:11:01 | 000,002,709 | -H-- | M] () -- C:\Users\Lene\.recently-used.xbel

[2011.03.23 23:16:54 | 002,939,369 | -H-- | M] () -- C:\Users\Lene\Desktop\lenza-74(1).jpg

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.04.19 14:03:59 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011.04.09 15:36:50 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.04.09 15:36:48 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.04.01 18:11:01 | 000,002,709 | -H-- | C] () -- C:\Users\Lene\.recently-used.xbel

[2011.04.01 18:10:59 | 002,478,383 | -H-- | C] () -- C:\Users\Lene\Desktop\lenza-74(klein2).jpg

[2011.03.23 23:16:52 | 002,939,369 | -H-- | C] () -- C:\Users\Lene\Desktop\lenza-74(1).jpg

[2010.12.21 09:24:34 | 000,000,000 | -H-- | C] () -- C:\Users\Lene\AppData\Roaming\wklnhst.dat

[2010.12.01 00:13:50 | 000,000,527 | ---- | C] () -- C:\Windows\eReg.dat

[2010.08.11 13:49:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.06.20 19:43:58 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe

[2010.05.14 10:48:49 | 000,038,198 | ---- | C] () -- C:\Windows\DIIUnin.dat

[2010.05.01 16:20:45 | 000,000,432 | -H-- | C] () -- C:\Windows\BRWMARK.INI

[2010.05.01 16:20:45 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7320.DAT

[2010.04.30 13:06:46 | 000,051,712 | ---- | C] () -- C:\Windows\SysWow64\coodest.dll

[2010.04.19 16:35:10 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll

[2010.04.19 16:35:10 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll

[2010.02.03 14:28:00 | 000,000,169 | -H-- | C] () -- C:\Users\Lene\AppData\Roaming\default.rss

[2010.02.03 14:02:00 | 000,003,584 | -H-- | C] () -- C:\Users\Lene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.02.03 14:01:10 | 000,598,016 | ---- | C] () -- C:\Windows\SysWow64\viscomqtde.dll

[2010.02.03 14:01:10 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

[2010.01.03 00:26:48 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2009.12.26 10:30:47 | 000,013,840 | ---- | C] () -- C:\Windows\SysWow64\wnaspi32.dll

[2009.10.19 17:56:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 22:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin

[2009.07.13 22:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin

[2009.07.13 22:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

[2009.07.13 22:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2009.04.28 03:37:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll

[2005.01.17 06:10:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL

[2004.08.09 06:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGKMVF9V8N4TKBRVDNGCMXLJ4M28WDP36MLTJ5KJ4VPXHAT

@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:F84B8DB5

@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:B8E6A060

@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:6499508E

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:38B3DB6F

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:517B507A

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:7CEDF9F3

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:69FD6BF0

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:88050731

@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:F78CC2A2
 

< End of report >

--- --- ---

--------------------------------------------------------------------------OTL Logfile:

Code:

OTL Extras logfile created on: 21.04.2011 20:15:00 - Run 1

OTL by OldTimer - Version 3.2.22.3     Folder = D:\Downloads

64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free

8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 85,09 Gb Total Space | 28,74 Gb Free Space | 33,78% Space Free | Partition Type: NTFS

Drive D: | 204,61 Gb Total Space | 44,64 Gb Free Space | 21,82% Space Free | Partition Type: NTFS

Drive E: | 4,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Drive Z: | 7,99 Gb Total Space | 1,43 Gb Free Space | 17,91% Space Free | Partition Type: NTFS

 

Computer Name: MARLENE | User Name: Lene | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{0FB2E75A-1024-331F-77EF-D45F71505D58}" = ATI Catalyst Install Manager

"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor

"{9EE58CAC-21D5-1412-F0F2-CB9CD8834B59}" = ccc-utility64

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility

"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"WinRAR archiver" = WinRAR

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0163E195-D5EF-BF70-CBEE-73AA7CBBBEEE}" = CCC Help Thai

"{03323DD0-6EE9-5959-6387-775742E8AA11}" = L-Lingo Japanese Trial

"{03883959-80DA-6151-CEAE-46A058CF774F}" = CCC Help Danish

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{096D1CCF-0F1E-08FB-094F-C40A633D5AEB}" = ccc-core-static

"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver

"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver

"{13D0EB07-FCA0-C005-A6C5-B1A4B7E5BB48}" = Catalyst Control Center Core Implementation

"{15382D89-6EF6-4D21-9484-B500F2B10E46}" = PhotoMail Maker

"{1D4A3E7D-A580-5BB7-DED3-48508A53D2B2}" = CCC Help Chinese Standard

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22354A21-BE84-0D40-191D-6E530B715CCF}" = CCC Help Polish

"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{25C8D9C5-4B62-4E3B-9EC9-C3D5EBE2AF81}" = Magicians Handbook

"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14

"{2F36BA32-7986-9E40-B3F6-908B214EC898}" = CCC Help Japanese

"{2F4A39B2-5A2D-3E9F-E8EA-6F891A097ACF}" = CCC Help English

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{324D81D5-49F3-4F6D-A4E7-DA54EEA4BEBB}" = AvalonHeroesEU

"{339902CB-BDCD-4CDE-88CD-0FA12922C1E7}" = Natalie Brooks

"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works

"{3DBE8669-1F7D-E1C9-2BC8-CC4BAE0A5136}" = CCC Help Turkish

"{3F50AF3B-8997-4916-0095-99D63DDB785A}" = Harry Potter TM

"{3FF5FF03-DB97-2ACE-BAE7-61D6D4A39F9B}" = Catalyst Control Center Graphics Full Existing

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{4AE6F6B4-CF82-4C92-89EC-E547FA893E3E}" = Youda Sushi Chef

"{4CEE0E9F-2116-BE92-CD54-8D1834935B54}" = Catalyst Control Center Localization All

"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password

"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync

"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

"{5DD59391-FED6-576D-B6BD-71111EF96522}" = CCC Help Russian

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5

"{6168260A-6D56-50BB-193C-BF6F471394AA}" = CCC Help Greek

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6A150790-FC79-D323-92D4-E773E3A03789}" = CCC Help Portuguese

"{6CB88B54-4C1C-E6AB-49C6-476DE56327BC}" = CCC Help Spanish

"{6DE880FE-F0C9-BC57-B7C5-2ABEAE1E501E}" = CCC Help German

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7506D1CD-B7FE-40C7-AE1F-FE8666361700}" = Dynasty Warriors 6

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder

"{79660B73-3DD0-9C3D-3F29-0E266F3AE5EA}" = CCC Help Norwegian

"{7C11154F-3539-4CB5-979D-EF7913473E53}" = Prince of Persia

"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)

"{81E5E076-F2C1-AE09-A360-0CAC2967FD5F}" = CCC Help Swedish

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C453F13-6877-4D34-8816-009ABDE306DB}" = Prince of Persia The Sands of Time

"{8EC703D0-985E-44C7-A6C2-B6270CE50832}" = Mystery Cookbook

"{8F4507EF-C5F3-46CE-9718-9D3698821333}" = Motorola Driver Installation

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{986CAA52-3249-B34F-DC64-07347926CF57}" = CCC Help Korean

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9E4FF410-471F-49E3-9358-74FF0D5E9901}" = Toshiba TEMPRO

"{A0DBDF40-559F-11E0-82E2-001D0926B1BF}" = Google Earth Plug-in

"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175

"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker

"{A8DF8593-F619-47DE-AD27-BCABF233433A}" = STOIK Video Converter 2

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station

"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch

"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9

"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9

"{AE395AC2-28CB-463F-87DC-00C8059781BF}" = 7Artifacs

"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger

"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility

"{B5B8BA5D-55CA-9351-984B-048FEF97A544}" = Catalyst Control Center Graphics Previews Vista

"{B6DECBD2-EC09-17C3-35AE-8C72B08062C9}" = CCC Help Czech

"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader

"{BF3AB290-563B-2F6F-9AF0-189B5CCF2C01}" = Catalyst Control Center Graphics Light

"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3

"{C644BA4B-07D6-A67E-9EB4-157F6DEB68BE}" = CCC Help Chinese Traditional

"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials

"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars

"{D0831990-FF97-1F08-668D-4743CC32EFBC}" = CCC Help Finnish

"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call

"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities

"{D9835CE0-E294-83FE-AF9F-BC113A0D2EA9}" = CCC Help Hungarian

"{E25FA4E1-678F-414F-9777-1E3FDBBDA4D1}" = Catalyst Control Center InstallProxy

"{E337B156-DF81-48D8-8977-B1574EE87BCF}" = USB2.0 Capture Device

"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{E8B28EF5-2A73-03A7-4F02-2DFF1D182940}" = Catalyst Control Center Graphics Full New

"{E94F833D-6435-40A2-112C-4BC18100B91D}" = CCC Help Italian

"{EE5BC0BB-9EDA-423C-8276-48857B735D68}" = Prince of Persia Warrior Within

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{EEA02668-D5D9-AEFF-6FFB-1EB5BC765A52}" = CCC Help French

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree

"{FCD674E3-F281-46D6-7717-6EAFDD16D8FC}" = CCC Help Dutch

"A Fairy Tale 1.0.0.0" = A Fairy Tale 1.0.0.0

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Akamai" = Akamai NetSession Interface

"All To MP3 Converter_is1" = All To MP3 Converter 2.8

"Amelie's Restaurant 1.00" = Amelie's Restaurant 1.00

"Antique Shop 1.00" = Antique Shop 1.00

"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced

"Ashtons - Family Resort 1.00" = Ashtons - Family Resort 1.00

"Audition Online1.2.6064" = Audition Online

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Beach Party Craze 1.0.0.0" = Beach Party Craze 1.0.0.0

"BFGC" = Big Fish Games Client

"BFG-Drawn - Der Turm" = Drawn: Der Turm ™

"Bilbo - Die vier Ecken der Welt 1.00" = Bilbo - Die vier Ecken der Welt 1.00

"BitTorrent" = BitTorrent

"Cake Mania - Main Street 1.0.0.0" = Cake Mania - Main Street 1.0.0.0

"Cake Mania 3 1.00" = Cake Mania 3 1.00

"Chocolatier 2 - Secret Ingredients 1.0.0.64" = Chocolatier 2 - Secret Ingredients 1.0.0.64

"Cooking Academy" = Cooking Academy (remove only)

"Cooking Academy 2 - World Cuisine_is1" = Cooking Academy 2 - World Cuisine v1.0

"Der Stein der Weisen" = Der Stein der Weisen

"Diablo II" = Diablo II

"DivX Setup.divx.com" = DivX-Setup

"Dracula 3_is1" = Dracula 3

"Drakensang_TRoT_is1" = Drakensang - Am Fluss der Zeit

"DVD Shrink_is1" = DVD Shrink 3.2

"Fiesta Online(EU_German)" = Fiesta Online(EU_German) 1.03.008

"Germany's Next Topmodel_is1" = Germany's Next Topmodel (PATCHED BY XEONKING©)

"Hardcopy(C__Program Files (x86)_Hardcopy)" = Hardcopy (C:\Program Files (x86)\Hardcopy)

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Hot Dish" = Hot Dish

"ImgBurn" = ImgBurn

"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"InstallShield_{324D81D5-49F3-4F6D-A4E7-DA54EEA4BEBB}" = AvalonHeroesEU

"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort

"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup

"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder

"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility

"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher

"IsoBuster_is1" = IsoBuster 2.7

"Japtra" = Japtra - Japanisch Trainer

"JDownloader" = JDownloader

"jpn-llingo-trl" = L-Lingo Japanese Trial

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)

"MPE" = MyPhoneExplorer

"PhotoMail" = PhotoMail Maker

"RollerCoaster Tycoon Setup" = Roll

"Sony Ericsson Themes Creator" = Sony Ericsson Themes Creator 4.12.2.4

"ST6UNST #1" = BEWERBUNGS-MASTER

"ST6UNST #2" = KanaTutor 2.0.

"TuneUp Utilities" = TuneUp Utilities

"uTorrent" = µTorrent

"VLC media player" = VLC media player 1.1.5

"Wakan" = Wakan 1.67

"Winamp" = Winamp

"WinGimp-2.0_is1" = GIMP 2.6.8

"WinLiveSuite_Wave3" = Windows Live Essentials

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"InstallShield_{7506D1CD-B7FE-40C7-AE1F-FE8666361700}" = DYNASTY WARRIORS 6

"Winamp Detect" = Winamp Anwendungserkennung

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 08.04.2011 20:16:47 | Computer Name = Marlene | Source = SideBySide | ID = 16842787

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files

 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei

 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 

im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente

 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

Definition:

 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie

 das Programm "sxstrace.exe" für eine detaillierte Diagnose.

 

Error - 10.04.2011 12:36:13 | Computer Name = Marlene | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files

 (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBt1st.exe". Fehler in  Manifest- oder Richtliniendatei

 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt

 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.

Komponente

 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

 

Error - 10.04.2011 12:36:38 | Computer Name = Marlene | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files

 (x86)\TOSHIBA\Bluetooth Toshiba Stack\Tools\AVRCPTestTool.exe". Fehler in  Manifest-

 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion

 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt

 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

 

Error - 10.04.2011 12:38:19 | Computer Name = Marlene | Source = SideBySide | ID = 16842787

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files

 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei

 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 

im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente

 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

Definition:

 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie

 das Programm "sxstrace.exe" für eine detaillierte Diagnose.

 

Error - 11.04.2011 03:32:24 | Computer Name = Marlene | Source = SideBySide | ID = 16842787

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files

 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei

 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 

im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente

 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

Definition:

 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie

 das Programm "sxstrace.exe" für eine detaillierte Diagnose.

 

Error - 11.04.2011 14:51:09 | Computer Name = Marlene | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 11.04.2011 14:51:09 | Computer Name = Marlene | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 12.04.2011 11:40:55 | Computer Name = Marlene | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Die Daten sind unzulässig.  .

 

Error - 12.04.2011 11:40:58 | Computer Name = Marlene | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 12.04.2011 11:40:58 | Computer Name = Marlene | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

[ System Events ]

Error - 20.04.2011 14:27:07 | Computer Name = Marlene | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   ASPI32

 

Error - 20.04.2011 16:32:00 | Computer Name = Marlene | Source = Disk | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

 

Error - 20.04.2011 16:32:01 | Computer Name = Marlene | Source = Disk | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

 

Error - 20.04.2011 16:32:01 | Computer Name = Marlene | Source = Disk | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

 

Error - 20.04.2011 16:32:02 | Computer Name = Marlene | Source = Disk | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

 

Error - 20.04.2011 16:32:02 | Computer Name = Marlene | Source = Disk | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

 

Error - 21.04.2011 15:09:45 | Computer Name = Marlene | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

 

Error - 21.04.2011 15:09:45 | Computer Name = Marlene | Source = atikmdag | ID = 43029

Description = Display is not active

 

Error - 21.04.2011 15:10:02 | Computer Name = Marlene | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Acronis OS Selector Reinstall Service" wurde aufgrund 

folgenden Fehlers nicht gestartet:   %%2

 

Error - 21.04.2011 15:10:11 | Computer Name = Marlene | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   ASPI32

 

 

< End of report >

--- --- ---

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGKMVF9V8N4TKBRVDNGCMXLJ4M28WDP36MLTJ5KJ4VPXHAT

@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:F84B8DB5

@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:B8E6A060

@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:6499508E

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:38B3DB6F

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:517B507A

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:7CEDF9F3

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:69FD6BF0

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:88050731

@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:F78CC2A2

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{6fe17448-4897-11df-834f-002622429548}\Shell - "" = AutoRun

O33 - MountPoints2\{6fe17448-4897-11df-834f-002622429548}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

:Commands

[purity]

[resethosts]

[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Error: Unable to interpret <OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 21.04.2011 20:15:00 - Run 1> in the current context!

Error: Unable to interpret <OTL by OldTimer - Version 3.2.22.3     Folder = D:\Downloads> in the current context!

Error: Unable to interpret <64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation> in the current context!

Error: Unable to interpret <Internet Explorer (Version = 8.0.7600.16385)> in the current context!

Error: Unable to interpret <Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free> in the current context!

Error: Unable to interpret <8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free> in the current context!

Error: Unable to interpret <Paging file location(s): ?:\pagefile.sys [binary data]> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)> in the current context!

Error: Unable to interpret <Drive C: | 85,09 Gb Total Space | 28,74 Gb Free Space | 33,78% Space Free | Partition Type: NTFS> in the current context!

Error: Unable to interpret <Drive D: | 204,61 Gb Total Space | 44,64 Gb Free Space | 21,82% Space Free | Partition Type: NTFS> in the current context!

Error: Unable to interpret <Drive E: | 4,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF> in the current context!

Error: Unable to interpret <Drive Z: | 7,99 Gb Total Space | 1,43 Gb Free Space | 17,91% Space Free | Partition Type: NTFS> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Computer Name: MARLENE | User Name: Lene | Logged in as Administrator.> in the current context!

Error: Unable to interpret <Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans> in the current context!

Error: Unable to interpret <Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <========== Extra Registry (SafeList) ==========> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <========== File Associations ==========> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]> in the current context!

Error: Unable to interpret <.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]> in the current context!

Error: Unable to interpret <.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]> in the current context!

Error: Unable to interpret <.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <========== Shell Spawning ==========> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]> in the current context!

Error: Unable to interpret <batfile [open] -- "%1" %* File not found> in the current context!

Error: Unable to interpret <cmdfile [open] -- "%1" %* File not found> in the current context!

Error: Unable to interpret <comfile [open] -- "%1" %* File not found> in the current context!

Error: Unable to interpret <exefile [open] -- "%1" %* File not found> in the current context!

Error: Unable to interpret <helpfile [open] -- Reg Error: Key error.> in the current context!

Error: Unable to interpret <inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)> in the current context!

Error: Unable to interpret <InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)> in the current context!

Error: Unable to interpret <InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)> in the current context!

Error: Unable to interpret <piffile [open] -- "%1" %* File not found> in the current context!

Error: Unable to interpret <regfile [merge] -- Reg Error: Key error.> in the current context!

Error: Unable to interpret <scrfile [config] -- "%1" File not found> in the current context!

Error: Unable to interpret <scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found> in the current context!

Error: Unable to interpret <scrfile [open] -- "%1" /S File not found> in the current context!

Error: Unable to interpret <txtfile [edit] -- Reg Error: Key error.> in the current context!

Error: Unable to interpret <Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found> in the current context!

Error: Unable to interpret <Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()> in the current context!

Error: Unable to interpret <Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)> in the current context!

Error: Unable to interpret <Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context!

Error: Unable to interpret <Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()> in the current context!

Error: Unable to interpret <Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)> in the current context!

Error: Unable to interpret <Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)> in the current context!

Error: Unable to interpret <Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)> in the current context!

Error: Unable to interpret <Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context!

Error: Unable to interpret <Folder [explore] -- Reg Error: Value error.> in the current context!

Error: Unable to interpret <Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]> in the current context!

Error: Unable to interpret <batfile [open] -- "%1" %*> in the current context!

Error: Unable to interpret <cmdfile [open] -- "%1" %*> in the current context!

Error: Unable to interpret <comfile [open] -- "%1" %*> in the current context!

Error: Unable to interpret <cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)> in the current context!

Error: Unable to interpret <exefile [open] -- "%1" %*> in the current context!

Error: Unable to interpret <helpfile [open] -- Reg Error: Key error.> in the current context!

Error: Unable to interpret <inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)> in the current context!

Error: Unable to interpret <piffile [open] -- "%1" %*> in the current context!

Error: Unable to interpret <regfile [merge] -- Reg Error: Key error.> in the current context!

Error: Unable to interpret <scrfile [config] -- "%1"> in the current context!

Error: Unable to interpret <scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l> in the current context!

Error: Unable to interpret <scrfile [open] -- "%1" /S> in the current context!

Error: Unable to interpret <txtfile [edit] -- Reg Error: Key error.> in the current context!

Error: Unable to interpret <Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1> in the current context!

Error: Unable to interpret <Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()> in the current context!

Error: Unable to interpret <Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)> in the current context!

Error: Unable to interpret <Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context!

Error: Unable to interpret <Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()> in the current context!

Error: Unable to interpret <Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)> in the current context!

Error: Unable to interpret <Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)> in the current context!

Error: Unable to interpret <Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)> in the current context!

Error: Unable to interpret <Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context!

Error: Unable to interpret <Folder [explore] -- Reg Error: Value error.> in the current context!

Error: Unable to interpret <Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <========== Security Center Settings ==========> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]> in the current context!

Error: Unable to interpret <"cval" = 1> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]> in the current context!

Error: Unable to interpret <"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]> in the current context!

Error: Unable to interpret <"AntiVirusOverride" = 0> in the current context!

Error: Unable to interpret <"AntiSpywareOverride" = 0> in the current context!

Error: Unable to interpret <"FirewallOverride" = 0> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <========== Firewall Settings ==========> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]> in the current context!

Error: Unable to interpret <"DisableNotifications" = 0> in the current context!

Error: Unable to interpret <"EnableFirewall" = 1> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]> in the current context!

Error: Unable to interpret <"DisableNotifications" = 0> in the current context!

Error: Unable to interpret <"EnableFirewall" = 1> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]> in the current context!

Error: Unable to interpret <"DisableNotifications" = 0> in the current context!

Error: Unable to interpret <"EnableFirewall" = 1> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <========== Authorized Applications List ==========> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <========== HKEY_LOCAL_MACHINE Uninstall List ==========> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]> in the current context!

Error: Unable to interpret <"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package> in the current context!

Error: Unable to interpret <"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)> in the current context!

Error: Unable to interpret <"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack> in the current context!

Error: Unable to interpret <"{0FB2E75A-1024-331F-77EF-D45F71505D58}" = ATI Catalyst Install Manager> in the current context!

Error: Unable to interpret <"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center> in the current context!

Error: Unable to interpret <"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17> in the current context!

Error: Unable to interpret <"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570> in the current context!

Error: Unable to interpret <"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007> in the current context!

Error: Unable to interpret <"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007> in the current context!

Error: Unable to interpret <"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting> in the current context!

Error: Unable to interpret <"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor> in the current context!

Error: Unable to interpret <"{9EE58CAC-21D5-1412-F0F2-CB9CD8834B59}" = ccc-utility64> in the current context!

Error: Unable to interpret <"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175> in the current context!

Error: Unable to interpret <"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility> in the current context!

Error: Unable to interpret <"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator> in the current context!

Error: Unable to interpret <"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053> in the current context!

Error: Unable to interpret <"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64> in the current context!

Error: Unable to interpret <"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware> in the current context!

Error: Unable to interpret <"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba> in the current context!

Error: Unable to interpret <"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher> in the current context!

Error: Unable to interpret <"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148> in the current context!

Error: Unable to interpret <"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile> in the current context!

Error: Unable to interpret <"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile> in the current context!

Error: Unable to interpret <"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack> in the current context!

Error: Unable to interpret <"SynTPDeinstKey" = Synaptics Pointing Device Driver> in the current context!

Error: Unable to interpret <"WinRAR archiver" = WinRAR> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]> in the current context!

Error: Unable to interpret <"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator> in the current context!

Error: Unable to interpret <"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148> in the current context!

Error: Unable to interpret <"{0163E195-D5EF-BF70-CBEE-73AA7CBBBEEE}" = CCC Help Thai> in the current context!

Error: Unable to interpret <"{03323DD0-6EE9-5959-6387-775742E8AA11}" = L-Lingo Japanese Trial> in the current context!

Error: Unable to interpret <"{03883959-80DA-6151-CEAE-46A058CF774F}" = CCC Help Danish> in the current context!

Error: Unable to interpret <"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package> in the current context!

Error: Unable to interpret <"{096D1CCF-0F1E-08FB-094F-C40A633D5AEB}" = ccc-core-static> in the current context!

Error: Unable to interpret <"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver> in the current context!

Error: Unable to interpret <"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver> in the current context!

Error: Unable to interpret <"{13D0EB07-FCA0-C005-A6C5-B1A4B7E5BB48}" = Catalyst Control Center Core Implementation> in the current context!

Error: Unable to interpret <"{15382D89-6EF6-4D21-9484-B500F2B10E46}" = PhotoMail Maker> in the current context!

Error: Unable to interpret <"{1D4A3E7D-A580-5BB7-DED3-48508A53D2B2}" = CCC Help Chinese Standard> in the current context!

Error: Unable to interpret <"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148> in the current context!

Error: Unable to interpret <"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool> in the current context!

Error: Unable to interpret <"{22354A21-BE84-0D40-191D-6E530B715CCF}" = CCC Help Polish> in the current context!

Error: Unable to interpret <"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information> in the current context!

Error: Unable to interpret <"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT> in the current context!

Error: Unable to interpret <"{25C8D9C5-4B62-4E3B-9EC9-C3D5EBE2AF81}" = Magicians Handbook> in the current context!

Error: Unable to interpret <"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14> in the current context!

Error: Unable to interpret <"{2F36BA32-7986-9E40-B3F6-908B214EC898}" = CCC Help Japanese> in the current context!

Error: Unable to interpret <"{2F4A39B2-5A2D-3E9F-E8EA-6F891A097ACF}" = CCC Help English> in the current context!

Error: Unable to interpret <"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform> in the current context!

Error: Unable to interpret <"{324D81D5-49F3-4F6D-A4E7-DA54EEA4BEBB}" = AvalonHeroesEU> in the current context!

Error: Unable to interpret <"{339902CB-BDCD-4CDE-88CD-0FA12922C1E7}" = Natalie Brooks> in the current context!

Error: Unable to interpret <"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works> in the current context!

Error: Unable to interpret <"{3DBE8669-1F7D-E1C9-2BC8-CC4BAE0A5136}" = CCC Help Turkish> in the current context!

Error: Unable to interpret <"{3F50AF3B-8997-4916-0095-99D63DDB785A}" = Harry Potter TM> in the current context!

Error: Unable to interpret <"{3FF5FF03-DB97-2ACE-BAE7-61D6D4A39F9B}" = Catalyst Control Center Graphics Full Existing> in the current context!

Error: Unable to interpret <"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR> in the current context!

Error: Unable to interpret <"{4AE6F6B4-CF82-4C92-89EC-E547FA893E3E}" = Youda Sushi Chef> in the current context!

Error: Unable to interpret <"{4CEE0E9F-2116-BE92-CD54-8D1834935B54}" = Catalyst Control Center Localization All> in the current context!

Error: Unable to interpret <"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password> in the current context!

Error: Unable to interpret <"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup> in the current context!

Error: Unable to interpret <"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent> in the current context!

Error: Unable to interpret <"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml> in the current context!

Error: Unable to interpret <"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime> in the current context!

Error: Unable to interpret <"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync> in the current context!

Error: Unable to interpret <"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411> in the current context!

Error: Unable to interpret <"{5DD59391-FED6-576D-B6BD-71111EF96522}" = CCC Help Russian> in the current context!

Error: Unable to interpret <"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053> in the current context!

Error: Unable to interpret <"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5> in the current context!

Error: Unable to interpret <"{6168260A-6D56-50BB-193C-BF6F471394AA}" = CCC Help Greek> in the current context!

Error: Unable to interpret <"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update> in the current context!

Error: Unable to interpret <"{6A150790-FC79-D323-92D4-E773E3A03789}" = CCC Help Portuguese> in the current context!

Error: Unable to interpret <"{6CB88B54-4C1C-E6AB-49C6-476DE56327BC}" = CCC Help Spanish> in the current context!

Error: Unable to interpret <"{6DE880FE-F0C9-BC57-B7C5-2ABEAE1E501E}" = CCC Help German> in the current context!

Error: Unable to interpret <"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable> in the current context!

Error: Unable to interpret <"{7506D1CD-B7FE-40C7-AE1F-FE8666361700}" = Dynasty Warriors 6> in the current context!

Error: Unable to interpret <"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053> in the current context!

Error: Unable to interpret <"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder> in the current context!

Error: Unable to interpret <"{79660B73-3DD0-9C3D-3F29-0E266F3AE5EA}" = CCC Help Norwegian> in the current context!

Error: Unable to interpret <"{7C11154F-3539-4CB5-979D-EF7913473E53}" = Prince of Persia> in the current context!

Error: Unable to interpret <"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)> in the current context!

Error: Unable to interpret <"{81E5E076-F2C1-AE09-A360-0CAC2967FD5F}" = CCC Help Swedish> in the current context!

Error: Unable to interpret <"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable> in the current context!

Error: Unable to interpret <"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie> in the current context!

Error: Unable to interpret <"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570> in the current context!

Error: Unable to interpret <"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver> in the current context!

Error: Unable to interpret <"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight> in the current context!

Error: Unable to interpret <"{8C453F13-6877-4D34-8816-009ABDE306DB}" = Prince of Persia The Sands of Time> in the current context!

Error: Unable to interpret <"{8EC703D0-985E-44C7-A6C2-B6270CE50832}" = Mystery Cookbook> in the current context!

Error: Unable to interpret <"{8F4507EF-C5F3-46CE-9718-9D3698821333}" = Motorola Driver Installation> in the current context!

Error: Unable to interpret <"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007> in the current context!

Error: Unable to interpret <"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)> in the current context!

Error: Unable to interpret <"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007> in the current context!

Error: Unable to interpret <"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)> in the current context!

Error: Unable to interpret <"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007> in the current context!

Error: Unable to interpret <"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)> in the current context!

Error: Unable to interpret <"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007> in the current context!

Error: Unable to interpret <"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)> in the current context!

Error: Unable to interpret <"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007> in the current context!

Error: Unable to interpret <"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)> in the current context!

Error: Unable to interpret <"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007> in the current context!

Error: Unable to interpret <"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)> in the current context!

Error: Unable to interpret <"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007> in the current context!

Error: Unable to interpret <"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)> in the current context!

Error: Unable to interpret <"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System> in the current context!

Error: Unable to interpret <"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)> in the current context!

Error: Unable to interpret <"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)> in the current context!

Error: Unable to interpret <"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007> in the current context!

Error: Unable to interpret <"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007> in the current context!

Error: Unable to interpret <"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)> in the current context!

Error: Unable to interpret <"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007> in the current context!

Error: Unable to interpret <"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)> in the current context!

Error: Unable to interpret <"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007> in the current context!

Error: Unable to interpret <"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)> in the current context!

Error: Unable to interpret <"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)> in the current context!

Error: Unable to interpret <"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)> in the current context!

Error: Unable to interpret <"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader> in the current context!

Error: Unable to interpret <"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster> in the current context!

Error: Unable to interpret <"{986CAA52-3249-B34F-DC64-07347926CF57}" = CCC Help Korean> in the current context!

Error: Unable to interpret <"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17> in the current context!

Error: Unable to interpret <"{9E4FF410-471F-49E3-9358-74FF0D5E9901}" = Toshiba TEMPRO> in the current context!

Error: Unable to interpret <"{A0DBDF40-559F-11E0-82E2-001D0926B1BF}" = Google Earth Plug-in> in the current context!

Error: Unable to interpret <"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175> in the current context!

Error: Unable to interpret <"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker> in the current context!

Error: Unable to interpret <"{A8DF8593-F619-47DE-AD27-BCABF233433A}" = STOIK Video Converter 2> in the current context!

Error: Unable to interpret <"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress> in the current context!

Error: Unable to interpret <"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper> in the current context!

Error: Unable to interpret <"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station> in the current context!

Error: Unable to interpret <"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch> in the current context!

Error: Unable to interpret <"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9> in the current context!

Error: Unable to interpret <"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9> in the current context!

Error: Unable to interpret <"{AE395AC2-28CB-463F-87DC-00C8059781BF}" = 7Artifacs> in the current context!

Error: Unable to interpret <"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger> in the current context!

Error: Unable to interpret <"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility> in the current context!

Error: Unable to interpret <"{B5B8BA5D-55CA-9351-984B-048FEF97A544}" = Catalyst Control Center Graphics Previews Vista> in the current context!

Error: Unable to interpret <"{B6DECBD2-EC09-17C3-35AE-8C72B08062C9}" = CCC Help Czech> in the current context!

Error: Unable to interpret <"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader> in the current context!

Error: Unable to interpret <"{BF3AB290-563B-2F6F-9AF0-189B5CCF2C01}" = Catalyst Control Center Graphics Light> in the current context!

Error: Unable to interpret <"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3> in the current context!

Error: Unable to interpret <"{C644BA4B-07D6-A67E-9EB4-157F6DEB68BE}" = CCC Help Chinese Traditional> in the current context!

Error: Unable to interpret <"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials> in the current context!

Error: Unable to interpret <"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars> in the current context!

Error: Unable to interpret <"{D0831990-FF97-1F08-668D-4743CC32EFBC}" = CCC Help Finnish> in the current context!

Error: Unable to interpret <"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call> in the current context!

Error: Unable to interpret <"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities> in the current context!

Error: Unable to interpret <"{D9835CE0-E294-83FE-AF9F-BC113A0D2EA9}" = CCC Help Hungarian> in the current context!

Error: Unable to interpret <"{E25FA4E1-678F-414F-9777-1E3FDBBDA4D1}" = Catalyst Control Center InstallProxy> in the current context!

Error: Unable to interpret <"{E337B156-DF81-48D8-8977-B1574EE87BCF}" = USB2.0 Capture Device> in the current context!

Error: Unable to interpret <"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding> in the current context!

Error: Unable to interpret <"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime> in the current context!

Error: Unable to interpret <"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant> in the current context!

Error: Unable to interpret <"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1> in the current context!

Error: Unable to interpret <"{E8B28EF5-2A73-03A7-4F02-2DFF1D182940}" = Catalyst Control Center Graphics Full New> in the current context!

Error: Unable to interpret <"{E94F833D-6435-40A2-112C-4BC18100B91D}" = CCC Help Italian> in the current context!

Error: Unable to interpret <"{EE5BC0BB-9EDA-423C-8276-48857B735D68}" = Prince of Persia Warrior Within> in the current context!

Error: Unable to interpret <"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support> in the current context!

Error: Unable to interpret <"{EEA02668-D5D9-AEFF-6FFB-1EB5BC765A52}" = CCC Help French> in the current context!

Error: Unable to interpret <"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]> in the current context!

Error: Unable to interpret <"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard> in the current context!

Error: Unable to interpret <"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver> in the current context!

Error: Unable to interpret <"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree> in the current context!

Error: Unable to interpret <"{FCD674E3-F281-46D6-7717-6EAFDD16D8FC}" = CCC Help Dutch> in the current context!

Error: Unable to interpret <"A Fairy Tale 1.0.0.0" = A Fairy Tale 1.0.0.0> in the current context!

Error: Unable to interpret <"Adobe AIR" = Adobe AIR> in the current context!

Error: Unable to interpret <"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX> in the current context!

Error: Unable to interpret <"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin> in the current context!

Error: Unable to interpret <"Adobe Shockwave Player" = Adobe Shockwave Player 11.5> in the current context!

Error: Unable to interpret <"Akamai" = Akamai NetSession Interface> in the current context!

Error: Unable to interpret <"All To MP3 Converter_is1" = All To MP3 Converter 2.8> in the current context!

Error: Unable to interpret <"Amelie's Restaurant 1.00" = Amelie's Restaurant 1.00> in the current context!

Error: Unable to interpret <"Antique Shop 1.00" = Antique Shop 1.00> in the current context!

Error: Unable to interpret <"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced> in the current context!

Error: Unable to interpret <"Ashtons - Family Resort 1.00" = Ashtons - Family Resort 1.00> in the current context!

Error: Unable to interpret <"Audition Online1.2.6064" = Audition Online> in the current context!

Error: Unable to interpret <"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus> in the current context!

Error: Unable to interpret <"Beach Party Craze 1.0.0.0" = Beach Party Craze 1.0.0.0> in the current context!

Error: Unable to interpret <"BFGC" = Big Fish Games Client> in the current context!

Error: Unable to interpret <"BFG-Drawn - Der Turm" = Drawn: Der Turm ™> in the current context!

Error: Unable to interpret <"Bilbo - Die vier Ecken der Welt 1.00" = Bilbo - Die vier Ecken der Welt 1.00> in the current context!

Error: Unable to interpret <"BitTorrent" = BitTorrent> in the current context!

Error: Unable to interpret <"Cake Mania - Main Street 1.0.0.0" = Cake Mania - Main Street 1.0.0.0> in the current context!

Error: Unable to interpret <"Cake Mania 3 1.00" = Cake Mania 3 1.00> in the current context!

Error: Unable to interpret <"Chocolatier 2 - Secret Ingredients 1.0.0.64" = Chocolatier 2 - Secret Ingredients 1.0.0.64> in the current context!

Error: Unable to interpret <"Cooking Academy" = Cooking Academy (remove only)> in the current context!

Error: Unable to interpret <"Cooking Academy 2 - World Cuisine_is1" = Cooking Academy 2 - World Cuisine v1.0> in the current context!

Error: Unable to interpret <"Der Stein der Weisen" = Der Stein der Weisen> in the current context!

Error: Unable to interpret <"Diablo II" = Diablo II> in the current context!

Error: Unable to interpret <"DivX Setup.divx.com" = DivX-Setup> in the current context!

Error: Unable to interpret <"Dracula 3_is1" = Dracula 3> in the current context!

Error: Unable to interpret <"Drakensang_TRoT_is1" = Drakensang - Am Fluss der Zeit> in the current context!

Error: Unable to interpret <"DVD Shrink_is1" = DVD Shrink 3.2> in the current context!

Error: Unable to interpret <"Fiesta Online(EU_German)" = Fiesta Online(EU_German) 1.03.008> in the current context!

Error: Unable to interpret <"Germany's Next Topmodel_is1" = Germany's Next Topmodel (PATCHED BY XEONKING©)> in the current context!

Error: Unable to interpret <"Hardcopy(C__Program Files (x86)_Hardcopy)" = Hardcopy (C:\Program Files (x86)\Hardcopy)> in the current context!

Error: Unable to interpret <"HOMESTUDENTR" = Microsoft Office Home and Student 2007> in the current context!

Error: Unable to interpret <"Hot Dish" = Hot Dish> in the current context!

Error: Unable to interpret <"ImgBurn" = ImgBurn> in the current context!

Error: Unable to interpret <"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package> in the current context!

Error: Unable to interpret <"InstallShield_{324D81D5-49F3-4F6D-A4E7-DA54EEA4BEBB}" = AvalonHeroesEU> in the current context!

Error: Unable to interpret <"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort> in the current context!

Error: Unable to interpret <"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup> in the current context!

Error: Unable to interpret <"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center> in the current context!

Error: Unable to interpret <"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder> in the current context!

Error: Unable to interpret <"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility> in the current context!

Error: Unable to interpret <"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher> in the current context!

Error: Unable to interpret <"IsoBuster_is1" = IsoBuster 2.7> in the current context!

Error: Unable to interpret <"Japtra" = Japtra - Japanisch Trainer> in the current context!

Error: Unable to interpret <"JDownloader" = JDownloader> in the current context!

Error: Unable to interpret <"jpn-llingo-trl" = L-Lingo Japanese Trial> in the current context!

Error: Unable to interpret <"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware> in the current context!

Error: Unable to interpret <"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)> in the current context!

Error: Unable to interpret <"MPE" = MyPhoneExplorer> in the current context!

Error: Unable to interpret <"PhotoMail" = PhotoMail Maker> in the current context!

Error: Unable to interpret <"RollerCoaster Tycoon Setup" = Roll> in the current context!

Error: Unable to interpret <"Sony Ericsson Themes Creator" = Sony Ericsson Themes Creator 4.12.2.4> in the current context!

Error: Unable to interpret <"ST6UNST #1" = BEWERBUNGS-MASTER> in the current context!

Error: Unable to interpret <"ST6UNST #2" = KanaTutor 2.0.> in the current context!

Error: Unable to interpret <"TuneUp Utilities" = TuneUp Utilities> in the current context!

Error: Unable to interpret <"uTorrent" = µTorrent> in the current context!

Error: Unable to interpret <"VLC media player" = VLC media player 1.1.5> in the current context!

Error: Unable to interpret <"Wakan" = Wakan 1.67> in the current context!

Error: Unable to interpret <"Winamp" = Winamp> in the current context!

Error: Unable to interpret <"WinGimp-2.0_is1" = GIMP 2.6.8> in the current context!

Error: Unable to interpret <"WinLiveSuite_Wave3" = Windows Live Essentials> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <========== HKEY_CURRENT_USER Uninstall List ==========> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]> in the current context!

Error: Unable to interpret <"InstallShield_{7506D1CD-B7FE-40C7-AE1F-FE8666361700}" = DYNASTY WARRIORS 6> in the current context!

Error: Unable to interpret <"Winamp Detect" = Winamp Anwendungserkennung> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <========== Last 10 Event Log Errors ==========> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[ Application Events ]> in the current context!

Error: Unable to interpret <Error - 08.04.2011 20:16:47 | Computer Name = Marlene | Source = SideBySide | ID = 16842787> in the current context!

Error: Unable to interpret <Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files> in the current context!

Error: Unable to interpret < (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei> in the current context!

Error: Unable to interpret < "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die > in the current context!

Error: Unable to interpret <im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente> in the current context!

Error: Unable to interpret < überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".> in the current context!

Error: Unable to interpret <Definition:> in the current context!

Error: Unable to interpret < WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie> in the current context!

Error: Unable to interpret < das Programm "sxstrace.exe" für eine detaillierte Diagnose.> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 10.04.2011 12:36:13 | Computer Name = Marlene | Source = SideBySide | ID = 16842832> in the current context!

Error: Unable to interpret <Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files> in the current context!

Error: Unable to interpret < (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBt1st.exe". Fehler in  Manifest- oder Richtliniendatei> in the current context!

Error: Unable to interpret < "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt> in the current context!

Error: Unable to interpret < mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.> in the current context!

Error: Unable to interpret <Komponente> in the current context!

Error: Unable to interpret < 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.> in the current context!

Error: Unable to interpret <Komponente> in the current context!

Error: Unable to interpret < 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 10.04.2011 12:36:38 | Computer Name = Marlene | Source = SideBySide | ID = 16842832> in the current context!

Error: Unable to interpret <Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files> in the current context!

Error: Unable to interpret < (x86)\TOSHIBA\Bluetooth Toshiba Stack\Tools\AVRCPTestTool.exe". Fehler in  Manifest-> in the current context!

Error: Unable to interpret < oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion> in the current context!

Error: Unable to interpret < steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt> in the current context!

Error: Unable to interpret < stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.> in the current context!

Error: Unable to interpret <Komponente> in the current context!

Error: Unable to interpret < 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 10.04.2011 12:38:19 | Computer Name = Marlene | Source = SideBySide | ID = 16842787> in the current context!

Error: Unable to interpret <Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files> in the current context!

Error: Unable to interpret < (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei> in the current context!

Error: Unable to interpret < "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die > in the current context!

Error: Unable to interpret <im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente> in the current context!

Error: Unable to interpret < überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".> in the current context!

Error: Unable to interpret <Definition:> in the current context!

Error: Unable to interpret < WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie> in the current context!

Error: Unable to interpret < das Programm "sxstrace.exe" für eine detaillierte Diagnose.> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 11.04.2011 03:32:24 | Computer Name = Marlene | Source = SideBySide | ID = 16842787> in the current context!

Error: Unable to interpret <Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files> in the current context!

Error: Unable to interpret < (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei> in the current context!

Error: Unable to interpret < "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die > in the current context!

Error: Unable to interpret <im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente> in the current context!

Error: Unable to interpret < überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".> in the current context!

Error: Unable to interpret <Definition:> in the current context!

Error: Unable to interpret < WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie> in the current context!

Error: Unable to interpret < das Programm "sxstrace.exe" für eine detaillierte Diagnose.> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 11.04.2011 14:51:09 | Computer Name = Marlene | Source = Microsoft-Windows-CAPI2 | ID = 4107> in the current context!

Error: Unable to interpret <Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen> in the current context!

Error: Unable to interpret < Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.> in the current context!

Error: Unable to interpret < Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum> in the current context!

Error: Unable to interpret < gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.> in the current context!

Error: Unable to interpret <.> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 11.04.2011 14:51:09 | Computer Name = Marlene | Source = Microsoft-Windows-CAPI2 | ID = 4107> in the current context!

Error: Unable to interpret <Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen> in the current context!

Error: Unable to interpret < Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.> in the current context!

Error: Unable to interpret < Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum> in the current context!

Error: Unable to interpret < gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.> in the current context!

Error: Unable to interpret <.> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 12.04.2011 11:40:55 | Computer Name = Marlene | Source = Microsoft-Windows-CAPI2 | ID = 4107> in the current context!

Error: Unable to interpret <Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen> in the current context!

Error: Unable to interpret < Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.> in the current context!

Error: Unable to interpret < Fehler: Die Daten sind unzulässig.  .> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 12.04.2011 11:40:58 | Computer Name = Marlene | Source = Microsoft-Windows-CAPI2 | ID = 4107> in the current context!

Error: Unable to interpret <Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen> in the current context!

Error: Unable to interpret < Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.> in the current context!

Error: Unable to interpret < Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum> in the current context!

Error: Unable to interpret < gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.> in the current context!

Error: Unable to interpret <.> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 12.04.2011 11:40:58 | Computer Name = Marlene | Source = Microsoft-Windows-CAPI2 | ID = 4107> in the current context!

Error: Unable to interpret <Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen> in the current context!

Error: Unable to interpret < Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.> in the current context!

Error: Unable to interpret < Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum> in the current context!

Error: Unable to interpret < gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.> in the current context!

Error: Unable to interpret <.> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <[ System Events ]> in the current context!

Error: Unable to interpret <Error - 20.04.2011 14:27:07 | Computer Name = Marlene | Source = Service Control Manager | ID = 7026> in the current context!

Error: Unable to interpret <Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:> in the current context!

Error: Unable to interpret <   ASPI32> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 20.04.2011 16:32:00 | Computer Name = Marlene | Source = Disk | ID = 262155> in the current context!

Error: Unable to interpret <Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 20.04.2011 16:32:01 | Computer Name = Marlene | Source = Disk | ID = 262155> in the current context!

Error: Unable to interpret <Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 20.04.2011 16:32:01 | Computer Name = Marlene | Source = Disk | ID = 262155> in the current context!

Error: Unable to interpret <Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 20.04.2011 16:32:02 | Computer Name = Marlene | Source = Disk | ID = 262155> in the current context!

Error: Unable to interpret <Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 20.04.2011 16:32:02 | Computer Name = Marlene | Source = Disk | ID = 262155> in the current context!

Error: Unable to interpret <Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 21.04.2011 15:09:45 | Computer Name = Marlene | Source = atikmdag | ID = 52236> in the current context!

Error: Unable to interpret <Description = CPLIB :: General - Invalid Parameter> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 21.04.2011 15:09:45 | Computer Name = Marlene | Source = atikmdag | ID = 43029> in the current context!

Error: Unable to interpret <Description = Display is not active> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 21.04.2011 15:10:02 | Computer Name = Marlene | Source = Service Control Manager | ID = 7000> in the current context!

Error: Unable to interpret <Description = Der Dienst "Acronis OS Selector Reinstall Service" wurde aufgrund > in the current context!

Error: Unable to interpret <folgenden Fehlers nicht gestartet:   %%2> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret <Error - 21.04.2011 15:10:11 | Computer Name = Marlene | Source = Service Control Manager | ID = 7026> in the current context!

Error: Unable to interpret <Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:> in the current context!

Error: Unable to interpret <   ASPI32> in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret < > in the current context!

Error: Unable to interpret << End of report >

--- --- ---
> in the current context!

OTL by OldTimer - Version 3.2.22.3 log created on 04212011_224327

Du musst auch das richtige in den OTL-Fix reinkopieren! Mach es bitte richtig!

okay, sorry. Hab ich wahrscheinlich das falsche erwischt. habs jetzt nochmal durchlaufen lassen, da kam die Logfile:

All processes killed
========== OTL ==========
ADS C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGKMVF9V8N4TKBRVDNGCMXLJ4M28WDP36MLTJ5KJ4VPXHAT deleted successfully.
ADS C:\ProgramData\TEMP:F84B8DB5 deleted successfully.
ADS C:\ProgramData\TEMP:B8E6A060 deleted successfully.
ADS C:\ProgramData\TEMP:6499508E deleted successfully.
ADS C:\ProgramData\TEMP:38B3DB6F deleted successfully.
ADS C:\ProgramData\TEMP:517B507A deleted successfully.
ADS C:\ProgramData\TEMP:7CEDF9F3 deleted successfully.
ADS C:\ProgramData\TEMP:69FD6BF0 deleted successfully.
ADS C:\ProgramData\TEMP:88050731 deleted successfully.
ADS C:\ProgramData\TEMP:F78CC2A2 deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fe17448-4897-11df-834f-002622429548}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6fe17448-4897-11df-834f-002622429548}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fe17448-4897-11df-834f-002622429548}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6fe17448-4897-11df-834f-002622429548}\ not found.
File G:\LaunchU3.exe -a not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lene
->Temp folder emptied: 2379189504 bytes
->Temporary Internet Files folder emptied: 155296465 bytes
->Java cache emptied: 10035 bytes
->FireFox cache emptied: 96042692 bytes
->Flash cache emptied: 224005 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 99524902 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2.604,00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04222011_145647

Files\Folders moved on Reboot...
C:\Users\Lene\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

ich habe gerade noch eine andere Fehlermeldung bekommen, weiß nicht, ob die mit dem Trojaner zusammen hängt, deswegen schick ich die einfach mal.

Microsoft.NET Framework

Unbehandelte Ausnahme in der Anwendung. Klicken Sie auf "Weiter", um den Fehler zu ignorieren und die Anwendung fortzusetzen. Wenn Sie auf "Beenden" klicken, wird die Anwendung sofort beendet.

Der Zugriff auf den Pfad
"C:\ProgramData\ToshibaEurope\Registration\settings.xml" wurde verweigert.

Details:
Informationen über das Aufrufen von JIT-Debuggen
anstelle dieses Dialogfelds finden Sie am Ende dieser Meldung.

************** Ausnahmetext **************
System.UnauthorizedAccessException: Der Zugriff auf den Pfad "C:\ProgramData\ToshibaEurope\Registration\settings.xml" wurde verweigert.
bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding, Int32 bufferSize)
bei System.IO.StreamWriter..ctor(String path)
bei Toshiba.OOBE.Common.RegistrationSettings.Save()
bei Toshiba.OOBE.Reminder.ReminderForm.reminderTimer_Tick(Object sender, EventArgs e)
bei System.Windows.Forms.Timer.OnTick(EventArgs e)
bei System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message& m)
bei System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)

************** Geladene Assemblys **************
mscorlib
Assembly-Version: 2.0.0.0.
Win32-Version: 2.0.50727.4959 (win7RTMGDR.050727-4900).
CodeBase: file:///C:/Windows/Microsoft.NET/Framework64/v2.0.50727/mscorlib.dll.
----------------------------------------
ToshibaReminder
Assembly-Version: 8.0.4.0.
Win32-Version: 8.0.4.0.
CodeBase: file:///C:/Program%20Files/TOSHIBA/Registration/ToshibaReminder.exe.
----------------------------------------
ToshibaCommon
Assembly-Version: 8.0.4.0.
Win32-Version: 8.0.4.0.
CodeBase: file:///C:/Program%20Files/TOSHIBA/Registration/ToshibaCommon.DLL.
----------------------------------------
System.Windows.Forms
Assembly-Version: 2.0.0.0.
Win32-Version: 2.0.50727.4927 (NetFXspW7.050727-4900).
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll.
----------------------------------------
System
Assembly-Version: 2.0.0.0.
Win32-Version: 2.0.50727.4927 (NetFXspW7.050727-4900).
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll.
----------------------------------------
System.Drawing
Assembly-Version: 2.0.0.0.
Win32-Version: 2.0.50727.4927 (NetFXspW7.050727-4900).
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll.
----------------------------------------
System.Configuration
Assembly-Version: 2.0.0.0.
Win32-Version: 2.0.50727.4927 (NetFXspW7.050727-4900).
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Configuration/2.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll.
----------------------------------------
System.Xml
Assembly-Version: 2.0.0.0.
Win32-Version: 2.0.50727.4927 (NetFXspW7.050727-4900).
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Xml/2.0.0.0__b77a5c561934e089/System.Xml.dll.
----------------------------------------
System.Management
Assembly-Version: 2.0.0.0.
Win32-Version: 2.0.50727.4927 (NetFXspW7.050727-4900).
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Management/2.0.0.0__b03f5f7f11d50a3a/System.Management.dll.
----------------------------------------
ToshibaReminder.resources
Assembly-Version: 8.0.4.0.
Win32-Version: 8.0.4.0.
CodeBase: file:///C:/Program%20Files/TOSHIBA/Registration/de/ToshibaReminder.resources.DLL.
----------------------------------------
2_ytoneh
Assembly-Version: 8.0.4.0.
Win32-Version: 2.0.50727.4927 (NetFXspW7.050727-4900).
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll.
----------------------------------------
mscorlib.resources
Assembly-Version: 2.0.0.0.
Win32-Version: 2.0.50727.4959 (win7RTMGDR.050727-4900).
CodeBase: file:///C:/Windows/Microsoft.NET/Framework64/v2.0.50727/mscorlib.dll.
----------------------------------------
System.Windows.Forms.resources
Assembly-Version: 2.0.0.0.
Win32-Version: 2.0.50727.4927 (NetFXspW7.050727-4900).
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Windows.Forms.resources/2.0.0.0_de_b77a5c561934e089/System.Windows.Forms.resources.dll.
----------------------------------------

************** JIT-Debuggen **************
Um das JIT-Debuggen (Just-In-Time) zu aktivieren, muss in der
Konfigurationsdatei der Anwendung oder des Computers
(machine.config) der jitDebugging-Wert im Abschnitt system.windows.forms festgelegt werden.
Die Anwendung muss mit aktiviertem Debuggen kompiliert werden.

Zum Beispiel:

<configuration>
<system.windows.forms jitDebugging="true" />
</configuration>

Wenn das JIT-Debuggen aktiviert ist, werden alle nicht behandelten
Ausnahmen an den JIT-Debugger gesendet, der auf dem
Computer registriert ist, und nicht in diesem Dialogfeld behandelt.

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6399

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23.04.2011 19:40:50
mbam-log-2011-04-23 (19-40-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Z:\|)
Durchsuchte Objekte: 372723
Laufzeit: 1 Stunde(n), 14 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

meine Datein und Ordner sind auch wieder sichtbar. aber die fehler mit dem Catalyst Control Centre und dem Microsoft.NET Framework werden immer noch angezeigt

Hast du irgendwie was falsch verstanden? Ich wollte das Log vom Kaspersky TDSS-Killer sehen und nicht noch eins von Malwarebytes...

oh sorry, ich hab nur gemacht, was auf der Seite stand... Ich hab den TDSS-Killer grad noch mal durchlaufen lassen und da hats mir gesagt, no infection found. Beim ersten Mal hat es glaub ich 2-3 Sachen gelöscht.

Zitat:

Beim ersten Mal hat es glaub ich 2-3 Sachen gelöscht.

Siehst und deswegen wollte ich das Log sehen. Es ist schon wichtig was gefunden wurde...

tut mir leid... kann man das noch irgendwie nachträglich aufrufen?

Schau mal direkt auf C: nach, da müsste sowas sein wie

TDSSKiller.2.4.21.0_[DATUM]_[UHRZEIT]_log.txt

okay, habs:

2011/04/23 18:20:25.0180 3776 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/23 18:20:25.0539 3776 ================================================================================
2011/04/23 18:20:25.0539 3776 SystemInfo:
2011/04/23 18:20:25.0539 3776
2011/04/23 18:20:25.0539 3776 OS Version: 6.1.7600 ServicePack: 0.0
2011/04/23 18:20:25.0539 3776 Product type: Workstation
2011/04/23 18:20:25.0539 3776 ComputerName: MARLENE
2011/04/23 18:20:25.0539 3776 UserName: Lene
2011/04/23 18:20:25.0539 3776 Windows directory: C:\Windows
2011/04/23 18:20:25.0539 3776 System windows directory: C:\Windows
2011/04/23 18:20:25.0539 3776 Running under WOW64
2011/04/23 18:20:25.0539 3776 Processor architecture: Intel x64
2011/04/23 18:20:25.0539 3776 Number of processors: 2
2011/04/23 18:20:25.0539 3776 Page size: 0x1000
2011/04/23 18:20:25.0539 3776 Boot type: Normal boot
2011/04/23 18:20:25.0539 3776 ================================================================================
2011/04/23 18:20:33.0542 3776 Initialize success
2011/04/23 18:20:52.0480 2752 ================================================================================
2011/04/23 18:20:52.0480 2752 Scan started
2011/04/23 18:20:52.0480 2752 Mode: Manual;
2011/04/23 18:20:52.0480 2752 ================================================================================
2011/04/23 18:20:53.0728 2752 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/23 18:20:54.0056 2752 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/23 18:20:54.0321 2752 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/23 18:20:54.0711 2752 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/23 18:20:54.0852 2752 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/23 18:20:54.0961 2752 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/23 18:20:55.0086 2752 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/04/23 18:20:55.0195 2752 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/23 18:20:55.0366 2752 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/23 18:20:55.0491 2752 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/23 18:20:55.0632 2752 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/23 18:20:55.0756 2752 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/23 18:20:55.0897 2752 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/23 18:20:56.0053 2752 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/23 18:20:56.0178 2752 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/23 18:20:56.0349 2752 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/04/23 18:20:56.0521 2752 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/04/23 18:20:56.0677 2752 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/23 18:20:56.0973 2752 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/23 18:20:57.0098 2752 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/23 18:20:57.0270 2752 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
2011/04/23 18:20:57.0597 2752 atikmdag (173f4c05f87085e9bda3f7037bc9f40e) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/23 18:20:57.0878 2752 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/23 18:20:58.0034 2752 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/23 18:20:58.0190 2752 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/04/23 18:20:58.0346 2752 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/04/23 18:20:58.0471 2752 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/04/23 18:20:58.0611 2752 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/23 18:20:58.0752 2752 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/23 18:20:58.0892 2752 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/23 18:20:59.0001 2752 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/23 18:20:59.0142 2752 BrSerIb (e5e9b1625a767ceb6f319c12d33eab78) C:\Windows\system32\DRIVERS\BrSerIb.sys
2011/04/23 18:20:59.0282 2752 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/04/23 18:20:59.0422 2752 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/23 18:20:59.0532 2752 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/23 18:20:59.0656 2752 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/23 18:20:59.0797 2752 BrUsbSIb (d9f6b30ad93cbd165ec71fadf51df25e) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
2011/04/23 18:20:59.0922 2752 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/23 18:21:00.0046 2752 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/23 18:21:00.0187 2752 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/23 18:21:00.0312 2752 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/23 18:21:00.0436 2752 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/04/23 18:21:00.0608 2752 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/23 18:21:00.0717 2752 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/23 18:21:00.0873 2752 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/04/23 18:21:00.0998 2752 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/23 18:21:01.0123 2752 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/23 18:21:01.0263 2752 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/23 18:21:01.0404 2752 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/04/23 18:21:01.0528 2752 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/04/23 18:21:01.0669 2752 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/04/23 18:21:01.0825 2752 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/04/23 18:21:02.0090 2752 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/23 18:21:02.0480 2752 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/04/23 18:21:02.0652 2752 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/23 18:21:02.0776 2752 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/23 18:21:02.0948 2752 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/04/23 18:21:03.0073 2752 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/04/23 18:21:03.0198 2752 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/23 18:21:03.0338 2752 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/04/23 18:21:03.0463 2752 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/04/23 18:21:03.0588 2752 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/23 18:21:03.0712 2752 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/04/23 18:21:03.0868 2752 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/04/23 18:21:03.0993 2752 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/23 18:21:04.0149 2752 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/23 18:21:04.0305 2752 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/23 18:21:04.0477 2752 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/23 18:21:04.0633 2752 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/04/23 18:21:04.0758 2752 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/23 18:21:04.0867 2752 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/23 18:21:04.0976 2752 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/23 18:21:05.0116 2752 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/23 18:21:05.0257 2752 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/23 18:21:05.0397 2752 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/23 18:21:05.0569 2752 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/04/23 18:21:05.0694 2752 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/23 18:21:05.0834 2752 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/23 18:21:06.0021 2752 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
2011/04/23 18:21:06.0162 2752 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/23 18:21:06.0489 2752 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/04/23 18:21:06.0832 2752 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/23 18:21:07.0035 2752 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\Windows\system32\drivers\RTKVHD64.sys
2011/04/23 18:21:07.0176 2752 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/23 18:21:07.0300 2752 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/23 18:21:07.0441 2752 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/23 18:21:07.0581 2752 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/23 18:21:07.0722 2752 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/04/23 18:21:07.0862 2752 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/04/23 18:21:07.0987 2752 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/23 18:21:08.0096 2752 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/23 18:21:08.0236 2752 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/23 18:21:08.0377 2752 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/23 18:21:08.0548 2752 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/23 18:21:08.0689 2752 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/23 18:21:08.0829 2752 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/04/23 18:21:09.0001 2752 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/23 18:21:09.0172 2752 LPCFilter (41e122f6d1448c94cc05196bc41d6bfb) C:\Windows\system32\DRIVERS\LPCFilter.sys
2011/04/23 18:21:09.0313 2752 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/23 18:21:09.0453 2752 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/23 18:21:09.0594 2752 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/23 18:21:09.0718 2752 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/23 18:21:09.0843 2752 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/04/23 18:21:09.0968 2752 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/23 18:21:10.0124 2752 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/23 18:21:10.0264 2752 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/04/23 18:21:10.0389 2752 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/23 18:21:10.0530 2752 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/23 18:21:10.0623 2752 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/23 18:21:10.0748 2752 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/04/23 18:21:10.0904 2752 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/23 18:21:11.0013 2752 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/23 18:21:11.0169 2752 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/23 18:21:11.0294 2752 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/23 18:21:11.0419 2752 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/23 18:21:11.0590 2752 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/23 18:21:11.0668 2752 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/23 18:21:11.0793 2752 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/23 18:21:11.0902 2752 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/04/23 18:21:12.0027 2752 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/23 18:21:12.0136 2752 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/23 18:21:12.0308 2752 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/23 18:21:12.0417 2752 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/23 18:21:12.0526 2752 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/04/23 18:21:12.0636 2752 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/04/23 18:21:12.0760 2752 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/23 18:21:12.0870 2752 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/04/23 18:21:12.0979 2752 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/23 18:21:13.0088 2752 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/04/23 18:21:13.0228 2752 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/23 18:21:13.0384 2752 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/04/23 18:21:13.0525 2752 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/23 18:21:13.0634 2752 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/23 18:21:13.0774 2752 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/23 18:21:13.0868 2752 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/23 18:21:13.0977 2752 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/04/23 18:21:14.0118 2752 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/23 18:21:14.0242 2752 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/23 18:21:14.0398 2752 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/23 18:21:14.0523 2752 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/04/23 18:21:14.0695 2752 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/23 18:21:14.0835 2752 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/04/23 18:21:14.0944 2752 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/04/23 18:21:15.0054 2752 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/23 18:21:15.0163 2752 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/23 18:21:15.0319 2752 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/23 18:21:15.0428 2752 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/23 18:21:15.0568 2752 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/04/23 18:21:15.0678 2752 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/04/23 18:21:15.0818 2752 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/04/23 18:21:15.0912 2752 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/23 18:21:16.0052 2752 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/23 18:21:16.0161 2752 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/04/23 18:21:16.0333 2752 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/04/23 18:21:16.0520 2752 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/23 18:21:16.0645 2752 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/04/23 18:21:16.0754 2752 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/23 18:21:16.0910 2752 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/23 18:21:17.0019 2752 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/23 18:21:17.0128 2752 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/23 18:21:17.0238 2752 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/23 18:21:17.0378 2752 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/23 18:21:17.0503 2752 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/23 18:21:17.0659 2752 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/23 18:21:17.0768 2752 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/23 18:21:17.0877 2752 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/23 18:21:18.0033 2752 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/23 18:21:18.0158 2752 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/23 18:21:18.0298 2752 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/23 18:21:18.0376 2752 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/23 18:21:18.0423 2752 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/04/23 18:21:18.0501 2752 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/04/23 18:21:18.0642 2752 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
2011/04/23 18:21:18.0798 2752 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/23 18:21:18.0954 2752 RSUSBSTOR (8c22f21c924413d4e109995f748e18bb) C:\Windows\system32\Drivers\RtsUStor.sys
2011/04/23 18:21:19.0094 2752 RTHDMIAzAudService (483c537e69fa97c77f7fe0e2e1c1f102) C:\Windows\system32\drivers\RtHDMIVX.sys
2011/04/23 18:21:19.0250 2752 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/04/23 18:21:19.0422 2752 rtl8192se (a9ede191b5478d18f0a1bff3b822f7a5) C:\Windows\system32\DRIVERS\rtl8192se.sys
2011/04/23 18:21:19.0640 2752 s117bus (6c90231046fb9fc4123c42179832817f) C:\Windows\system32\DRIVERS\s117bus.sys
2011/04/23 18:21:19.0780 2752 s117mdfl (3279341c90ef8f226af77623039f4495) C:\Windows\system32\DRIVERS\s117mdfl.sys
2011/04/23 18:21:19.0905 2752 s117mdm (73e331f555279e753b312675ddaf4516) C:\Windows\system32\DRIVERS\s117mdm.sys
2011/04/23 18:21:20.0046 2752 s117mgmt (d420731fd2880f0f40f20771efaad671) C:\Windows\system32\DRIVERS\s117mgmt.sys
2011/04/23 18:21:20.0186 2752 s117nd5 (98236ca5a9a77d0983ac3f6d6527c796) C:\Windows\system32\DRIVERS\s117nd5.sys
2011/04/23 18:21:20.0342 2752 s117obex (1dd613909477ae298c98e86617ec356b) C:\Windows\system32\DRIVERS\s117obex.sys
2011/04/23 18:21:20.0467 2752 s117unic (9a22df5fe9b6be279d820776a6adb56f) C:\Windows\system32\DRIVERS\s117unic.sys
2011/04/23 18:21:20.0607 2752 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files (x86)\Neuer Ordner\SASDIFSV64.SYS
2011/04/23 18:21:20.0638 2752 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files (x86)\Neuer Ordner\SASKUTIL64.SYS
2011/04/23 18:21:20.0748 2752 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/23 18:21:20.0857 2752 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/23 18:21:20.0997 2752 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/04/23 18:21:21.0138 2752 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/23 18:21:21.0262 2752 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/04/23 18:21:21.0387 2752 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/23 18:21:21.0512 2752 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/23 18:21:21.0637 2752 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/23 18:21:21.0746 2752 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/23 18:21:21.0855 2752 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/23 18:21:22.0011 2752 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/23 18:21:22.0152 2752 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/23 18:21:22.0308 2752 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/04/23 18:21:22.0448 2752 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/04/23 18:21:22.0651 2752 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/04/23 18:21:22.0651 2752 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/04/23 18:21:22.0666 2752 sptd - detected Locked file (1)
2011/04/23 18:21:22.0807 2752 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
2011/04/23 18:21:22.0947 2752 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/23 18:21:23.0103 2752 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/23 18:21:23.0228 2752 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/23 18:21:23.0353 2752 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/23 18:21:23.0524 2752 SynTP (be7311da9d6833fa69ed04b744a1c8f8) C:\Windows\system32\DRIVERS\SynTP.sys
2011/04/23 18:21:23.0758 2752 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/04/23 18:21:23.0961 2752 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/23 18:21:24.0070 2752 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/23 18:21:24.0211 2752 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/04/23 18:21:24.0289 2752 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/04/23 18:21:24.0398 2752 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/04/23 18:21:24.0507 2752 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/23 18:21:24.0616 2752 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/23 18:21:24.0788 2752 tosporte (8021f63311797085949fa387f7c83583) C:\Windows\system32\DRIVERS\tosporte.sys
2011/04/23 18:21:24.0928 2752 tosrfbd (71bb669bfcade1580fdce010abc76310) C:\Windows\system32\DRIVERS\tosrfbd.sys
2011/04/23 18:21:25.0053 2752 tosrfbnp (62512b5277d88600f8bd4b7aec43569d) C:\Windows\system32\Drivers\tosrfbnp.sys
2011/04/23 18:21:25.0178 2752 Tosrfcom (c523a9186c39d65cc9adebb2e1b93ccd) C:\Windows\system32\Drivers\tosrfcom.sys
2011/04/23 18:21:25.0318 2752 tosrfec (11699d47b3491d86249c168496d55c92) C:\Windows\system32\DRIVERS\tosrfec.sys
2011/04/23 18:21:25.0443 2752 Tosrfhid (451b8c1815c6cc39650af916c2a382cd) C:\Windows\system32\DRIVERS\Tosrfhid.sys
2011/04/23 18:21:25.0568 2752 tosrfnds (b6fdc3c76ffe9c5171eea9c37ea367c2) C:\Windows\system32\DRIVERS\tosrfnds.sys
2011/04/23 18:21:25.0693 2752 TosRfSnd (e1e045240c1184fa6628f3c7e7ff85d8) C:\Windows\system32\drivers\tosrfsnd.sys
2011/04/23 18:21:25.0818 2752 Tosrfusb (da7aa562448e29ca895895920bff8946) C:\Windows\system32\DRIVERS\tosrfusb.sys
2011/04/23 18:21:25.0974 2752 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\Windows\system32\DRIVERS\tos_sps64.sys
2011/04/23 18:21:26.0114 2752 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/23 18:21:26.0270 2752 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
2011/04/23 18:21:26.0426 2752 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/23 18:21:26.0582 2752 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/04/23 18:21:26.0707 2752 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\Windows\system32\DRIVERS\TVALZFL.sys
2011/04/23 18:21:26.0832 2752 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/23 18:21:26.0972 2752 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/23 18:21:27.0112 2752 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/23 18:21:27.0237 2752 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/23 18:21:27.0346 2752 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/23 18:21:27.0487 2752 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/04/23 18:21:27.0612 2752 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/23 18:21:27.0830 2752 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/23 18:21:27.0955 2752 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/23 18:21:28.0080 2752 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/23 18:21:28.0204 2752 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/23 18:21:28.0345 2752 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/23 18:21:28.0470 2752 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/23 18:21:28.0610 2752 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/23 18:21:28.0719 2752 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/23 18:21:28.0860 2752 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/04/23 18:21:29.0031 2752 vcd10bus (f0faf3fb9b138f8cafb65ecffe9f4ab6) C:\Windows\system32\DRIVERS\vcd10bus.sys
2011/04/23 18:21:29.0172 2752 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/23 18:21:29.0296 2752 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/23 18:21:29.0421 2752 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/04/23 18:21:29.0546 2752 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/23 18:21:29.0686 2752 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/23 18:21:29.0811 2752 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/23 18:21:29.0952 2752 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/04/23 18:21:30.0092 2752 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/23 18:21:30.0232 2752 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/23 18:21:30.0498 2752 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/04/23 18:21:30.0732 2752 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/04/23 18:21:30.0872 2752 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/23 18:21:31.0012 2752 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/23 18:21:31.0044 2752 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/23 18:21:31.0168 2752 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/04/23 18:21:31.0293 2752 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/23 18:21:31.0480 2752 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/23 18:21:31.0574 2752 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/04/23 18:21:31.0777 2752 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/04/23 18:21:31.0886 2752 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/23 18:21:32.0042 2752 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/23 18:21:32.0167 2752 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/04/23 18:21:32.0323 2752 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/23 18:21:32.0682 2752 ================================================================================
2011/04/23 18:21:32.0682 2752 Scan finished
2011/04/23 18:21:32.0682 2752 ================================================================================
2011/04/23 18:21:32.0682 2112 Detected object count: 1
2011/04/23 18:21:44.0335 2112 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot
2011/04/23 18:21:44.0397 2112 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot
2011/04/23 18:21:44.0428 2112 C:\Windows\system32\Drivers\sptd.sys - will be deleted after reboot
2011/04/23 18:21:44.0428 2112 Locked file(sptd) - User select action: Delete
2011/04/23 18:21:51.0370 4260 Deinitialize success

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Combofix Logfile:

Code:

ComboFix 11-04-26.01 - Lene 26.04.2011  21:17:17.1.2 - x64

Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.4061.2710 [GMT 1:00]

ausgeführt von:: c:\users\Lene\Desktop\cofi.exe

AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\xp

c:\programdata\xp\EBLib.dll

c:\programdata\xp\TPwSav.sys

c:\users\Lene\AppData\Roaming\Adobe\plugs

c:\users\Lene\AppData\Roaming\Adobe\shed

c:\users\Lene\GoToAssistDownloadHelper.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-03-26 bis 2011-04-26  ))))))))))))))))))))))))))))))

.

.

2011-04-26 20:21 . 2011-04-26 20:21        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-04-26 20:12 . 2011-04-26 20:12        --------        d-----w-        c:\program files\CCleaner

2011-04-22 18:22 . 2011-04-11 08:21        8802128        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9AA94EC5-5FEA-40F9-A023-8E398C73A211}\mpengine.dll

2011-04-19 16:36 . 2011-04-19 16:36        --------        d-----w-        c:\users\Lene\AppData\Roaming\Malwarebytes

2011-04-19 16:36 . 2010-12-20 17:09        38224        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-04-19 16:36 . 2011-04-19 16:36        --------        d-----w-        c:\programdata\Malwarebytes

2011-04-19 16:36 . 2010-12-20 17:08        24152        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-04-19 16:36 . 2011-04-19 17:54        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2011-04-19 13:04 . 2011-04-19 13:04        --------        d-----w-        c:\users\Lene\AppData\Roaming\SUPERAntiSpyware.com

2011-04-19 13:04 . 2011-04-19 13:04        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com

2011-04-19 13:03 . 2011-04-19 13:03        --------        d-----w-        c:\programdata\!SASCORE

2011-04-19 13:03 . 2011-04-19 13:04        --------        d-----w-        c:\program files (x86)\Neuer Ordner

2011-04-19 13:03 . 2011-04-19 13:03        --------        d-----w-        c:\program files (x86)\SUPERAntiSpyware

2011-04-14 02:39 . 2011-04-14 02:39        103864        ----a-w-        c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2011-04-14 02:39 . 2011-04-14 02:39        103864        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

2011-04-09 14:36 . 2011-04-09 14:39        --------        d-----w-        c:\program files (x86)\Google

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-19 06:37 . 2011-03-09 12:59        1135104        ----a-w-        c:\windows\system32\FntCache.dll

2011-02-19 06:37 . 2011-03-09 12:59        1540608        ----a-w-        c:\windows\system32\DWrite.dll

2011-02-19 06:36 . 2011-03-09 12:59        902656        ----a-w-        c:\windows\system32\d2d1.dll

2011-02-19 05:32 . 2011-03-09 12:59        1074176        ----a-w-        c:\windows\SysWow64\DWrite.dll

2011-02-19 05:32 . 2011-03-09 12:59        739840        ----a-w-        c:\windows\SysWow64\d2d1.dll

2011-02-02 17:11 . 2009-12-25 22:24        270720        ------w-        c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

"SUPERAntiSpyware"="c:\program files (x86)\Neuer Ordner\SUPERAntiSpyware.exe" [2011-03-16 2988488]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-29 98304]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-11 281768]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]

.

c:\users\Lene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Hardcopy.LNK - c:\program files (x86)\Hardcopy\hardcopy.exe [2010-5-18 1725440]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-09 136176]

R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]

R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]

R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\gPotato.eu\FLYFF\GameGuard\dump_wmimmc.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys [x]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 X6va001;X6va001;c:\users\Lene\AppData\Local\Temp\0016429.tmp [x]

R3 X6va005;X6va005;c:\users\Lene\AppData\Local\Temp\0058D03.tmp [x]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files (x86)\Neuer Ordner\SASDIFSV64.SYS [2010-02-17 14920]

S1 SASKUTIL;SASKUTIL;c:\program files (x86)\Neuer Ordner\SASKUTIL64.SYS [2010-02-17 12360]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files (x86)\Neuer Ordner\SASCORE64.EXE [2010-06-29 128752]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-11 135336]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]

S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]

S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]

S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-08-06 116104]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2009-12-09 1394504]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]

S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]

S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai        REG_MULTI_SZ           Akamai

.

Inhalt des "geplante Tasks" Ordners

.

2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-09 14:36]

.

2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-09 14:36]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]

"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-07-30 134032]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

UxTuneUp

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://mystart.incredimail.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Lene\AppData\Roaming\Mozilla\Firefox\Profiles\1bp4bkgz.default\

FF - prefs.js: browser.search.selectedEngine - DramaWiki (en)

FF - prefs.js: browser.startup.homepage - www.google.de

FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: All-in-One Sidebar: {097d3191-e6fa-4728-9826-b533d755359d} - %profile%\extensions\{097d3191-e6fa-4728-9826-b533d755359d}

FF - Ext: Tab Scope: tabscope@xuldev.org - %profile%\extensions\tabscope@xuldev.org

FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe

Wow6432Node-HKLM-Run-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe

SafeBoot-klmdb.sys

SafeBoot-mcmscsvc

SafeBoot-MCODS

HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe

HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-TosWaitSrv - %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe

AddRemove-A Fairy Tale 1.0.0.0 - d:\spiele\A Fary Tale\A Fairy Tale\Uninstall.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-Amelie's Restaurant 1.00 - d:\spiele\Amelie's\Amelie's Restaurant\Uninstall.exe

AddRemove-Antique Shop 1.00 - d:\spiele\Neuer Ordner\Antique Shop\Uninstall.exe

AddRemove-Ashtons - Family Resort 1.00 - d:\spiele\Ashton's Family Resort\Ashtons - Family Resort\Uninstall.exe

AddRemove-Audition Online1.2.6064 - d:\spiele\Audition\II\uninstall.exe

AddRemove-Beach Party Craze 1.0.0.0 - d:\spiele\Beach Party Craze\Beach Party Craze\Uninstall.exe

AddRemove-Bilbo - Die vier Ecken der Welt 1.00 - d:\spiele\Bilbo - Die vier Ecken der Welt\Bilbo - Die vier Ecken der Welt\Uninstall.exe

AddRemove-BitTorrent - c:\program files (x86)\BitTorrent\BitTorrent.exe

AddRemove-Chocolatier 2 - Secret Ingredients 1.0.0.64 - c:\program files (x86)\LISA510\Chocolatier 2 - Secret Ingredients\Uninstall.exe

AddRemove-Cooking Academy - d:\spiele\Cooking Academy\Uninstall.exe

AddRemove-Der Stein der Weisen - d:\spiele\HARRYP~1\DERSTE~1\DERSTE~1\UNWISE.EXE

AddRemove-Dracula 3_is1 - d:\spiele\Dracula 3\unins000.exe

AddRemove-Drakensang_TRoT_is1 - d:\spiele\Drakensang - Am Fluss der Zeit\unins000.exe

AddRemove-Hot Dish - d:\spiele\Hot Dish\Uninstal.exe

AddRemove-IsoBuster_is1 - d:\downloads\IsoBuster\Uninst\unins000.exe

AddRemove-Wakan - d:\japanisch\Wakan Dict\Wakan\uninst.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va001]

"ImagePath"="\??\c:\users\Lene\AppData\Local\Temp\0016429.tmp"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]

"ImagePath"="\??\c:\users\Lene\AppData\Local\Temp\0058D03.tmp"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.9"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]

@Denied: (A 2) (Everyone)

@="IFlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2011-04-26  21:23:05

ComboFix-quarantined-files.txt  2011-04-26 20:23

.

Vor Suchlauf: 14 Verzeichnis(se), 33.542.627.328 Bytes frei

Nach Suchlauf: 15 Verzeichnis(se), 34.453.671.936 Bytes frei

.

- - End Of File - - 0EB669CAB0F90C756AEF5FDB743DF84E

--- --- ---

Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

GMER hat nichts gefunden.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: TOSHIBA
System Manufacturer: TOSHIBA
System Product Name: Satellite L550
Logical Drives Mask: 0x0200001c

Kernel Drivers (total 204):
0x03205000 \SystemRoot\system32\ntoskrnl.exe
0x037E2000 \SystemRoot\system32\hal.dll
0x00BC0000 \SystemRoot\system32\kdcom.dll
0x00C40000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C84000 \SystemRoot\system32\PSHED.dll
0x00C98000 \SystemRoot\system32\CLFS.SYS
0x00CF6000 \SystemRoot\system32\CI.dll
0x00E2A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00ECE000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EDD000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F34000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F3D000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F47000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F54000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F87000 \SystemRoot\System32\drivers\partmgr.sys
0x00F9C000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FA5000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FB1000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x010CC000 \SystemRoot\System32\drivers\volmgrx.sys
0x01128000 \SystemRoot\System32\drivers\mountmgr.sys
0x01142000 \SystemRoot\system32\DRIVERS\pciide.sys
0x01149000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x01288000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x013A4000 \SystemRoot\system32\DRIVERS\atapi.sys
0x013AD000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x013D7000 \SystemRoot\system32\DRIVERS\msahci.sys
0x013E2000 \SystemRoot\system32\drivers\amdxata.sys
0x01200000 \SystemRoot\system32\drivers\fltmgr.sys
0x0124C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01449000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01159000 \SystemRoot\System32\Drivers\msrpc.sys
0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x0141A000 \SystemRoot\System32\drivers\pcw.sys
0x0142B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0163E000 \SystemRoot\system32\drivers\ndis.sys
0x01730000 \SystemRoot\system32\drivers\NETIO.SYS
0x01790000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01073000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x017BB000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x018CC000 \SystemRoot\system32\DRIVERS\tos_sps64.sys
0x01946000 \SystemRoot\System32\Drivers\spldr.sys
0x0194E000 \SystemRoot\System32\drivers\rdyboost.sys
0x01988000 \SystemRoot\System32\Drivers\mup.sys
0x0199A000 \SystemRoot\System32\drivers\hwpolicy.sys
0x019A3000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x019DD000 \SystemRoot\system32\DRIVERS\disk.sys
0x01800000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01868000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01892000 \SystemRoot\System32\Drivers\Null.SYS
0x0189B000 \SystemRoot\System32\Drivers\Beep.SYS
0x018A2000 \SystemRoot\System32\drivers\vga.sys
0x017C0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x018B0000 \SystemRoot\System32\drivers\watchdog.sys
0x018C0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x019F3000 \SystemRoot\system32\drivers\rdpencdd.sys
0x017E5000 \SystemRoot\system32\drivers\rdprefmp.sys
0x017EE000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01600000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02C02000 \SystemRoot\System32\drivers\tcpip.sys
0x00DB6000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01611000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0162F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03A50000 \SystemRoot\system32\drivers\afd.sys
0x03ADA000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03B1F000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03B28000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03B4E000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03B64000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03B73000 \SystemRoot\System32\Drivers\tosrfcom.sys
0x03B86000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03BA1000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03BB5000 \??\C:\Program Files (x86)\Neuer Ordner\SASKUTIL64.SYS
0x03BBF000 \??\C:\Program Files (x86)\Neuer Ordner\SASDIFSV64.SYS
0x03CCD000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03D1E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03D2A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03D35000 \SystemRoot\System32\drivers\discache.sys
0x03D44000 \SystemRoot\System32\Drivers\dfsc.sys
0x03D62000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03D73000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x03D95000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03E3D000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x04454000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04548000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0458E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x045B2000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x03C00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x045BF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03E00000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04995000 \SystemRoot\system32\DRIVERS\LPCFilter.sys
0x049A4000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x049AE000 \SystemRoot\system32\DRIVERS\TVALZFL.sys
0x049B5000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x049CB000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x049DB000 \SystemRoot\System32\Drivers\RootMdm.sys
0x049E3000 \SystemRoot\system32\drivers\modem.sys
0x04800000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04816000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0483A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04846000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x045D0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03C56000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03C77000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x045EB000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03C91000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04875000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03DBB000 \SystemRoot\system32\DRIVERS\ks.sys
0x03CA0000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04C70000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04CCA000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04CDF000 \SystemRoot\system32\drivers\RtHDMIVX.sys
0x04D0F000 \SystemRoot\system32\drivers\portcls.sys
0x04D4C000 \SystemRoot\system32\drivers\drmk.sys
0x04D6E000 \SystemRoot\system32\drivers\ksthunk.sys
0x05A08000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05BE7000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04D74000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x04D92000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x05BEC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05BEE000 \SystemRoot\system32\DRIVERS\tosrfec.sys
0x04DDB000 \SystemRoot\system32\DRIVERS\tosporte.sys
0x00090000 \SystemRoot\System32\win32k.sys
0x04DEC000 \SystemRoot\System32\drivers\Dxapi.sys
0x04C00000 \SystemRoot\system32\DRIVERS\udfs.sys
0x03BC9000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x04C54000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x03CB2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05BF7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x03A00000 \SystemRoot\System32\Drivers\usbvideo.sys
0x04C62000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x049F2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00440000 \SystemRoot\System32\TSDDD.dll
0x03A2E000 \SystemRoot\System32\Drivers\crashdmp.sys
0x03A3C000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x03BE6000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x01830000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00640000 \SystemRoot\System32\cdd.dll
0x008B0000 \SystemRoot\System32\ATMFD.DLL
0x01260000 \SystemRoot\system32\drivers\luafv.sys
0x00FC6000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x00E00000 \SystemRoot\system32\drivers\WudfPf.sys
0x015EB000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x034FE000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x03551000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x03564000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03400000 \SystemRoot\system32\drivers\HTTP.sys
0x034C8000 \SystemRoot\system32\DRIVERS\bowser.sys
0x034E6000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0357C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x035A9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x00C00000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06A07000 \SystemRoot\system32\drivers\peauth.sys
0x06AAD000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06AB8000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06AE5000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06AF7000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06B5E000 \SystemRoot\System32\DRIVERS\srv.sys
0x06BF3000 \??\C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
0x096C9000 \SystemRoot\system32\DRIVERS\rtl8192se.sys
0x097D0000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x09613000 \SystemRoot\system32\DRIVERS\tosrfusb.sys
0x09620000 \SystemRoot\system32\DRIVERS\tosrfbd.sys
0x09653000 \SystemRoot\system32\DRIVERS\Tosrfhid.sys
0x76D00000 \Windows\System32\ntdll.dll
0x47C00000 \Windows\System32\smss.exe
0xFF020000 \Windows\System32\apisetschema.dll
0xFFC00000 \Windows\System32\autochk.exe
0xFEFF0000 \Windows\System32\sechost.dll
0xFEF70000 \Windows\System32\shlwapi.dll
0xFEE40000 \Windows\System32\rpcrt4.dll
0xFEC60000 \Windows\System32\setupapi.dll
0xFEC10000 \Windows\System32\Wldap32.dll
0xFEBA0000 \Windows\System32\gdi32.dll
0xFEA90000 \Windows\System32\msctf.dll
0xFE960000 \Windows\System32\wininet.dll
0xFE950000 \Windows\System32\lpk.dll
0xFE8D0000 \Windows\System32\difxapi.dll
0xFE830000 \Windows\System32\msvcrt.dll
0xFE750000 \Windows\System32\advapi32.dll
0x76ED0000 \Windows\System32\psapi.dll
0xFE730000 \Windows\System32\imagehlp.dll
0xFD9A0000 \Windows\System32\shell32.dll
0x76BE0000 \Windows\System32\kernel32.dll
0xFD820000 \Windows\System32\urlmon.dll
0xFD780000 \Windows\System32\comdlg32.dll
0x76EC0000 \Windows\System32\normaliz.dll
0xFD730000 \Windows\System32\ws2_32.dll
0xFD660000 \Windows\System32\usp10.dll
0xFD580000 \Windows\System32\oleaut32.dll
0xFD4E0000 \Windows\System32\clbcatq.dll
0x76AE0000 \Windows\System32\user32.dll
0xFD280000 \Windows\System32\iertutil.dll
0xFD250000 \Windows\System32\imm32.dll
0xFD240000 \Windows\System32\nsi.dll
0xFD030000 \Windows\System32\ole32.dll
0xFCFF0000 \Windows\System32\wintrust.dll
0xFCF80000 \Windows\System32\KernelBase.dll
0xFCE10000 \Windows\System32\crypt32.dll
0xFCDD0000 \Windows\System32\cfgmgr32.dll
0xFCD30000 \Windows\System32\comctl32.dll
0xFCD10000 \Windows\System32\devobj.dll
0xFCD00000 \Windows\System32\msasn1.dll
0x75120000 \Windows\SysWOW64\normaliz.dll

Processes (total 70):
0 System Idle Process
4 System
264 C:\Windows\System32\smss.exe
420 csrss.exe
500 C:\Windows\System32\wininit.exe
520 csrss.exe
600 C:\Windows\System32\services.exe
688 C:\Windows\System32\lsass.exe
696 C:\Windows\System32\lsm.exe
792 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\atiesrxx.exe
972 C:\Windows\System32\winlogon.exe
108 C:\Windows\System32\svchost.exe
436 C:\Windows\System32\svchost.exe
308 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\svchost.exe
1220 C:\Windows\System32\svchost.exe
1412 C:\Windows\System32\atieclxx.exe
1436 C:\Windows\System32\spoolsv.exe
1500 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1536 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1564 C:\Windows\System32\svchost.exe
1696 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
1704 C:\Windows\System32\conhost.exe
1832 C:\Windows\System32\taskhost.exe
1904 C:\Windows\System32\dwm.exe
1036 C:\Windows\explorer.exe
1068 C:\Program Files (x86)\Neuer Ordner\SASCore64.exe
1604 C:\Windows\SysWOW64\svchost.exe
1384 C:\Windows\System32\svchost.exe
1400 C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
2220 C:\Windows\System32\TODDSrv.exe
2252 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
2360 C:\Program Files\TOSHIBA\TECO\TecoService.exe
2420 C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
2448 C:\Windows\System32\svchost.exe
2680 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
2712 C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
2748 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
2824 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2844 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3028 C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
1420 C:\Program Files\Windows Sidebar\sidebar.exe
2264 C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
3476 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
3564 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
3632 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3640 C:\Windows\System32\SearchIndexer.exe
3656 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
3880 C:\Windows\System32\svchost.exe
3940 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2856 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
4304 C:\Program Files\Windows Media Player\wmpnetwk.exe
4388 C:\Windows\System32\svchost.exe
4256 C:\Windows\System32\svchost.exe
4628 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
1064 C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
4776 C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
2548 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
1368 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
5052 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
4280 C:\Windows\System32\audiodg.exe
2928 C:\Windows\System32\taskeng.exe
3296 C:\Program Files (x86)\Winamp\winamp.exe
3628 C:\Windows\System32\SearchProtocolHost.exe
2276 C:\Windows\System32\SearchFilterHost.exe
3284 C:\Users\Lene\Desktop\MBRCheck.exe
4012 C:\Windows\System32\conhost.exe
4084 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`19100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000015`5ea00000 (NTFS)
\\.\Z: --> \\.\PhysicalDrive0 at offset 0x00000048`85d75a00 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK3263GSX, Rev: FG020M

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 04/28/2011 bei 07:50 PM

Version der Applikation : 4.51.1000

Version der Kern-Datenbank : 6944
Version der Spur-Datenbank : 4756

Scan Art : kompletter Scann
Totale Scann-Zeit : 02:47:15

Gescannte Speicherelemente : 726
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 14026
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 216571
Erfasste Datei-Elemente : 0

Sieht schonmal gut aus. Malwarebytes machste auch noch?

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6464

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28.04.2011 20:47:01
mbam-log-2011-04-28 (20-47-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Z:\|)
Durchsuchte Objekte: 365809
Laufzeit: 55 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Keine Funde :daumenhoc
Rechner wieder ok?

ja, soweit ich das beurteilen kann, schon. Ich kann jetz wieder alles machen wie vorher, auch ohne Probleme Festplatte und Ebook-reader, etc. anschließen, oder?
DANKESCHÖN!!! :abklatsch::bussi:

Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

okay, hab ich alles gemacht, auch wenn ich wahrscheinlich doch wieder zum Adobe Reader wechseln werde, der ist besser.

Vielen vielen Dank!!! :abklatsch:

Zitat:

doch wieder zum Adobe Reader wechseln werde, der ist besser.

Würde ich zwar nicht unbedingt empfehlen, aber das ist doch sehr Geschmachkssache. Nur gerade bei dem Reader solltest du besonders auf Updates achten. Adobe-Produkte glänzen nicht gerade durch Sicherheit. AdobeReader und Adobe Flashplayer sind riesige Einfallstore wenn die veraltet sind.

okay, ich überlegs mir nochmal! ^^

Riesengroßes Dankeschön!!!:bussi: