Home » Spyware & Browser Hijacker Support Forum » msa.exe und ständige PopUp's sowie Antivir Meldungen » Themenansicht

msa.exe und ständige PopUp's sowie Antivir Meldungen
#0
28.01.2010, 13:54
dr.ago
Member

Beiträge: 60
#1 Hallo,

ich habe seit gestern Abend folgendes Problem: habe mich mit msa.exe infiziert, es öffnen sich ständig popups im IE obwohl mein Standardbrowser Firefox ist.

Könntet ihr mir vielleicht Helfen den Fehler zu bereinigen?

Hab folgendes schon unternommen:

1. HijackThis-Log erstellt
2. mit mbam gescant und log erstellt
3. neues Hijackthis-log erstellt
4. wollte noch gmer durchführen, aber während des scanens kam ein bluescreen und der laptop stürtzte ab.

(Edit: selbst im abgesicherten modus bricht er mir gmer mitten im scan ab)

danke schon einmal im voraus.

hier nun die einzelnen log auswertungen in obiger Reihenfolge:

1.hijackthis-log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:48:58, on 27.01.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\Toshiba\TECO\TEco.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Toshiba\TRCMan\TRCMan.exe
C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\T-Mobile\Communication Center\AutoUpdateSrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\rundll32.exe
C:\Windows\msa.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
O4 - HKLM\..\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [ThpSrv] C:\Windows\system32\thpsrv /logon
O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
O4 - HKLM\..\Run: [TRCMan] C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe
O4 - HKLM\..\Run: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [cfFncEnabler.exe] "C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe"
O4 - HKLM\..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [LosAlamos] rundll32.exe C:\Windows\system32\sshnas21.dll,AttachConsoleA
O4 - HKCU\..\Run: [BMIMZMHMFM] C:\Users\Drago\AppData\Local\Temp\Thi.exe
O4 - HKCU\..\Run: [ROUA3O12PW] C:\Users\Drago\AppData\Local\Temp\Thj.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: Logitech Touch Mouse Server.lnk = C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe
O4 - Global Startup: Automatic Update-Agent.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/707-44556-9400-3/4 (file missing)
O9 - Extra button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home (file missing)
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: TOSHIBA Web Camera Service (camsvc) - TOSHIBA - C:\Program Files\Toshiba\TOSHIBA Web Camera Application\TWebCameraSrv.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: GtDetectSc Service (gtdetectsc) - OptionNV - C:\Windows\system32\gtdetectsc.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TOSHIBA Festplattenschutz (Thpsrv) - TOSHIBA Corporation - C:\Windows\system32\ThpSrv.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

--
End of file - 14576 bytes



2. mbam-logfile

Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3647
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

28.01.2010 13:30:51
mbam-log-2010-01-28 (13-30-51).txt

Scan-Methode: Vollständiger Scan (C:\|E:\|)
Durchsuchte Objekte: 412324
Laufzeit: 2 hour(s), 45 minute(s), 53 second(s)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 23
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 11

Infizierte Speicherprozesse:
C:\Windows\msb.exe (Trojan.Agent) -> Unloaded process successfully.

Infizierte Speichermodule:
C:\Windows\System32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\BMIMZMHMFM (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmimzmhmfm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\losalamos (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\roua3o12pw (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Program Files\Rosetta Stone\Rosetta Stone V3\Rosetta Stone v3.2 - Patch.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Drago\AppData\Local\Temp\Thf.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Drago\AppData\Local\Temp\Thg.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_lt-lt_bf12ba06fdc0c65b_msimsg.dll.mui_72e8994f (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\serauth1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\serauth2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\msb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.

und nun noch

3. neues hijackthis-log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:45:33, on 28.01.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\Toshiba\TECO\TEco.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Toshiba\TRCMan\TRCMan.exe
C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\T-Mobile\Communication Center\AutoUpdateSrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
O4 - HKLM\..\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [ThpSrv] C:\Windows\system32\thpsrv /logon
O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
O4 - HKLM\..\Run: [TRCMan] C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe
O4 - HKLM\..\Run: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [cfFncEnabler.exe] "C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe"
O4 - HKLM\..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: Logitech Touch Mouse Server.lnk = C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe
O4 - Global Startup: Automatic Update-Agent.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/707-44556-9400-3/4 (file missing)
O9 - Extra button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home (file missing)
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: TOSHIBA Web Camera Service (camsvc) - TOSHIBA - C:\Program Files\Toshiba\TOSHIBA Web Camera Application\TWebCameraSrv.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: GtDetectSc Service (gtdetectsc) - OptionNV - C:\Windows\system32\gtdetectsc.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TOSHIBA Festplattenschutz (Thpsrv) - TOSHIBA Corporation - C:\Windows\system32\ThpSrv.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

--
End of file - 14026 bytes
Dieser Beitrag wurde am 28.01.2010 um 14:23 Uhr von dr.ago editiert.
Seitenanfang Seitenende
28.01.2010, 16:15
virenfinder
Member

Beiträge: 3716
#2 http://board.protecus.de/t23187.htm
bitte noch combofix ausführen, log posten.
dann gmer mit rechtsklick als admin starten.
Seitenanfang Seitenende
28.01.2010, 16:18
dr.ago
Member

Themenstarter

Beiträge: 60
#3 gmer stürzt wenn ich mit rechtsklick - admin ausführe immer ab, sogar im agbesicherten modus

vielleicht nach dem comofix nicht
Seitenanfang Seitenende
28.01.2010, 16:54
dr.ago
Member

Themenstarter

Beiträge: 60
#4 das combofix hat super geklappt, aber gmer ist mir wieder abgestürzt (siehe anhang)

hier das combofix log:

ComboFix 10-01-27.06 - Drago 28.01.2010 16:28:17.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3036.1989 [GMT 1:00]
ausgeführt von:: c:\users\Drago\Desktop\test.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 96 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-4032735365-608106937-2049815217-500
C:\LOG.TXT
c:\program files\temp
c:\users\Drago\AppData\Roaming\file1.exe
c:\windows\system32\lsprst7.dll
c:\windows\system32\nsprs.dll
c:\windows\system32\prsgrc.dll
c:\windows\system32\ssprs.dll

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((( Dateien erstellt von 2009-12-28 bis 2010-01-28 ))))))))))))))))))))))))))))))
.

2010-01-28 15:36 . 2010-01-28 15:36 -------- d-----w- c:\users\Mcx1-DRAGO-PC\AppData\Local\temp
2010-01-28 14:05 . 2010-01-28 14:05 -------- d-----w- c:\programdata\WindowsSearch
2010-01-27 22:57 . 2010-01-27 22:57 -------- d-----w- c:\users\Drago\AppData\Roaming\Malwarebytes
2010-01-27 22:57 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-27 22:57 . 2010-01-27 22:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-27 22:57 . 2010-01-27 22:57 -------- d-----w- c:\programdata\Malwarebytes
2010-01-27 22:57 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-27 22:40 . 2010-01-27 22:40 -------- d-----w- c:\program files\CCleaner
2010-01-27 22:38 . 2010-01-27 22:38 -------- d-----w- c:\program files\Trend Micro
2010-01-27 22:15 . 2010-01-27 22:15 -------- d-----w- c:\users\Drago\AppData\Roaming\MOVAVI
2010-01-27 22:13 . 2010-01-27 22:18 -------- d-----w- c:\program files\Movavi Video Suite 8
2010-01-27 22:12 . 2010-01-27 22:12 -------- d-----w- c:\users\Drago\AppData\Local\Downloaded Installations
2010-01-27 21:56 . 2010-01-27 21:56 -------- d-----w- c:\programdata\AVS4YOU
2010-01-27 21:54 . 2010-01-27 21:58 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-01-27 21:54 . 2007-02-27 18:36 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-01-27 21:54 . 2007-02-27 18:36 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-01-27 21:54 . 2010-01-27 21:58 -------- d-----w- c:\program files\AVS4YOU
2010-01-27 21:54 . 2007-02-27 18:36 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-01-27 21:54 . 2007-02-27 18:36 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-01-27 21:53 . 2010-01-27 21:53 -------- d-----w- C:\Drivers
2010-01-27 21:13 . 2010-01-27 21:27 -------- d-----w- c:\users\Drago\AppData\Roaming\Sytexis Software
2010-01-27 21:13 . 2010-01-27 21:37 -------- d-----w- c:\program files\Sytexis Software
2010-01-27 20:40 . 2010-01-27 20:40 -------- d-----w- c:\users\Drago\AppData\Local\Jaksta_LLC
2010-01-27 20:39 . 2010-01-27 20:40 -------- d-----w- c:\users\Drago\AppData\Roaming\Jaksta
2010-01-27 20:39 . 2010-01-27 20:39 -------- d-----w- c:\program files\Jaksta
2010-01-26 21:03 . 2010-01-26 21:03 -------- d-----w- c:\program files\Logitech Touch Mouse Server
2010-01-23 13:49 . 2010-01-23 13:49 -------- d-----w- c:\users\Drago\trash
2010-01-16 17:17 . 2008-04-07 04:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-01-15 02:01 . 2010-01-15 02:01 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-14 16:01 . 2010-01-22 17:18 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-13 18:46 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 18:46 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-11 19:47 . 2010-01-11 22:57 -------- d-----w- c:\program files\nettvplayer2.0
2010-01-11 16:49 . 2010-01-11 16:49 -------- d-----w- c:\users\Drago\.spss
2010-01-10 13:43 . 2010-01-10 13:43 -------- d-----w- c:\program files\WhereIsIt
2010-01-09 22:50 . 2010-01-09 22:50 -------- d-----w- c:\program files\MediaMonkey
2010-01-09 22:39 . 2010-01-09 22:39 -------- d-----w- c:\users\Birungueta
2010-01-09 22:39 . 2010-01-09 22:39 -------- d-----w- c:\users\Drago\AppData\Local\Thinstall
2010-01-09 22:16 . 2010-01-24 12:17 -------- d-----w- c:\users\Drago\AppData\Local\MediaMonkey
2010-01-07 08:44 . 2010-01-07 08:44 -------- d-----w- c:\users\Drago\AppData\Local\SPSS 15.0 für Windows [Auswertung Version]
2010-01-07 08:42 . 2010-01-07 08:42 1024 ----a-w- c:\windows\system32\clauth2.dll
2010-01-07 08:42 . 2010-01-07 08:42 1024 ----a-w- c:\windows\system32\clauth1.dll
2010-01-07 08:42 . 2006-05-10 10:15 1929216 ----a-w- c:\windows\system32\cdintf250.dll
2010-01-07 08:39 . 2010-01-23 08:26 -------- d-----w- c:\program files\SPSSEV-DE
2010-01-07 00:04 . 2010-01-07 00:04 -------- d-----w- c:\program files\RAR Password Recovery Magic
2010-01-06 18:34 . 2010-01-06 18:34 249856 ------w- c:\windows\Setup1.exe
2010-01-06 18:34 . 2010-01-06 18:34 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-01-06 17:32 . 1999-03-23 08:12 299520 ----a-w- c:\windows\uninst.exe
2010-01-05 22:05 . 2010-01-07 18:49 -------- d-----w- c:\users\Drago\Karaoke
2010-01-05 20:08 . 2001-02-25 00:57 69632 ----a-w- c:\windows\system32\WGDRVR32.DLL
2010-01-05 20:08 . 2010-01-05 20:08 -------- d-----w- c:\program files\WinGroove
2010-01-05 20:06 . 2010-01-05 20:09 -------- d-----w- C:\WG0A4.TMP
2010-01-03 22:49 . 2010-01-27 20:34 -------- d-----w- c:\users\Drago\TV-Browser
2010-01-03 22:45 . 2010-01-03 22:45 -------- d-----w- c:\users\Drago\AppData\Roaming\Regensoft
2010-01-03 18:59 . 2010-01-03 19:11 -------- d-----w- c:\users\Drago\AppData\Roaming\DC++
2010-01-03 18:59 . 2010-01-03 18:59 -------- d-----w- c:\users\Drago\AppData\Local\DC++

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-28 15:29 . 2008-01-21 07:15 618442 ----a-w- c:\windows\system32\perfh007.dat
2010-01-28 15:29 . 2008-01-21 07:15 122842 ----a-w- c:\windows\system32\perfc007.dat
2010-01-27 23:01 . 2009-10-25 12:37 -------- d-----w- c:\users\Drago\AppData\Roaming\skypePM
2010-01-27 22:34 . 2009-10-25 12:36 -------- d-----w- c:\users\Drago\AppData\Roaming\Skype
2010-01-27 22:15 . 2009-11-04 15:31 -------- d-----w- c:\program files\NetTVPlus Player
2010-01-27 21:53 . 2009-06-05 08:23 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-25 00:58 . 2009-10-25 14:34 -------- d-----w- c:\users\Drago\AppData\Roaming\vlc
2010-01-24 23:57 . 2009-11-18 01:03 -------- d-----w- c:\users\Drago\AppData\Roaming\dvdcss
2010-01-24 23:47 . 2009-11-09 17:54 -------- d-----w- c:\program files\JDownloader
2010-01-23 13:31 . 2009-12-03 11:14 -------- d-----w- c:\users\Drago\AppData\Roaming\Apple Computer
2010-01-19 06:16 . 2009-10-26 19:25 80616 ----a-w- c:\users\Katarina\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-17 22:58 . 2009-10-26 18:12 -------- d-----w- c:\program files\Full Tilt Poker
2010-01-16 17:42 . 2009-10-24 21:55 80616 ----a-w- c:\users\Drago\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-16 00:04 . 2009-06-05 09:07 -------- d-----w- c:\program files\Microsoft Works
2010-01-14 10:12 . 2009-11-18 11:15 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 22:14 . 2009-11-18 17:28 2516 --sha-w- c:\programdata\KGyGaAvL.sys
2010-01-13 22:14 . 2009-11-18 17:28 2516 --sha-w- c:\programdata\KGyGaAvL.sys
2010-01-09 22:39 . 2009-11-02 20:21 -------- d-----w- c:\users\Drago\AppData\Roaming\Thinstall
2010-01-05 20:23 . 2009-11-01 21:51 -------- d-----w- c:\program files\vanBasco's Karaoke Player
2010-01-03 22:38 . 2009-11-18 18:11 -------- d-----w- c:\program files\TPNet
2010-01-03 21:06 . 2010-01-03 21:06 177024 ----a-w- c:\users\Drago\AppData\Roaming\Mozilla\Firefox\Profiles\ct7w40o0.default\FlashGot.exe
2010-01-02 06:38 . 2010-01-22 17:24 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 17:24 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 17:24 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 17:24 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-23 17:26 . 2009-12-23 17:26 -------- d-----w- c:\program files\Hugin
2009-12-22 22:16 . 2009-06-05 09:01 -------- d-----w- c:\program files\Google
2009-12-22 17:37 . 2009-11-02 23:39 -------- d-----w- c:\program files\Elaborate Bytes
2009-12-22 17:36 . 2009-12-22 17:33 -------- d-----w- c:\program files\Unlocker
2009-12-22 17:26 . 2009-11-05 22:47 -------- d-----w- c:\program files\SlySoft
2009-12-21 00:20 . 2009-12-21 00:20 -------- d-----w- c:\users\Katarina\AppData\Roaming\HP
2009-12-21 00:18 . 2009-12-21 00:18 -------- d-----w- c:\users\Katarina\AppData\Roaming\Alice Systems
2009-12-15 22:28 . 2009-10-29 22:05 -------- d-----w- c:\programdata\Apple
2009-12-08 02:03 . 2009-10-26 15:01 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-03 12:42 . 2009-12-03 10:51 -------- d-----w- c:\programdata\Rosetta Stone
2009-12-03 11:13 . 2009-12-03 11:12 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-03 11:13 . 2009-12-03 11:12 -------- d-----w- c:\program files\iTunes
2009-12-03 11:12 . 2009-12-03 11:12 -------- d-----w- c:\program files\iPod
2009-12-03 11:12 . 2009-12-03 11:11 -------- d-----w- c:\programdata\Apple Computer
2009-12-03 11:12 . 2009-12-03 11:07 -------- d-----w- c:\program files\Common Files\Apple
2009-12-03 11:12 . 2009-12-03 11:12 -------- d-----w- c:\program files\Bonjour
2009-12-03 11:11 . 2009-12-03 11:11 -------- d-----w- c:\program files\QuickTime
2009-12-03 11:10 . 2009-12-03 11:10 -------- d-----w- c:\program files\Apple Software Update
2009-12-03 10:51 . 2009-12-03 10:51 -------- d-----w- c:\program files\Rosetta Stone
2009-12-03 10:13 . 2009-12-03 10:13 -------- d-----w- c:\users\Drago\AppData\Roaming\gtk-2.0
2009-12-03 09:34 . 2009-12-03 09:34 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-03 09:18 . 2009-10-27 11:46 -------- d-----w- c:\program files\Common Files\SPSS
2009-12-03 09:18 . 2009-12-03 09:18 -------- d-----w- c:\programdata\SPSS
2009-12-01 22:06 . 2009-06-05 08:46 -------- d-----w- c:\program files\Java
2009-11-18 17:28 . 2009-11-18 17:28 8 --sh--r- c:\programdata\AFC2C51FF8.sys
2009-11-18 17:28 . 2009-11-18 17:28 8 --sh--r- c:\programdata\AFC2C51FF8.sys
2009-11-18 00:35 . 2009-11-18 00:35 40960 ----a-r- c:\users\Drago\AppData\Roaming\Microsoft\Installer\{E9E5845E-C2E1-4D8D-A2E1-46E6F7F68C68}\NewShortcut1_E9E5845EC2E14D8DA2E146E6F7F68C68.exe
2009-11-18 00:35 . 2009-11-18 00:35 40960 ----a-r- c:\users\Drago\AppData\Roaming\Microsoft\Installer\{E9E5845E-C2E1-4D8D-A2E1-46E6F7F68C68}\ARPPRODUCTICON.exe
2009-11-16 12:59 . 2009-11-16 12:59 4846 ----a-r- c:\users\Drago\AppData\Roaming\Microsoft\Installer\{37FD2F04-EC91-41AE-B5AB-AFF904BF20EE}\ARPPRODUCTICON.exe
2009-11-16 12:59 . 2009-11-16 12:59 67771 ----a-w- c:\windows\Novatel_V20025InstallerUninstall.exe
2009-11-16 12:56 . 2009-11-16 12:56 67727 ----a-w- c:\windows\OptionPluss_PCCardInstallerUninstall.exe
2009-11-16 12:56 . 2009-11-16 12:56 67719 ----a-w- c:\windows\OptionPCCardInstallerUninstall.exe
2009-11-16 12:27 . 2009-11-16 12:27 8464 ----a-w- c:\windows\system32\SpOrder.dll
2009-11-12 16:07 . 2009-11-12 16:07 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-09 12:31 . 2009-12-10 02:03 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-10 02:03 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-10 02:03 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-04 22:26 . 2009-11-04 22:26 0 ----a-w- c:\windows\nsreg.dat
2009-11-02 20:21 . 2009-11-02 20:21 7168 ----a-w- c:\users\Drago\AppData\Roaming\Thinstall\Steinberg WaveLab 5.01b\f000000c100003i\ntvdm.exe
2009-11-02 20:21 . 2009-11-02 20:21 0 --sha-r- c:\users\Drago\AppData\Roaming\Thinstall\Steinberg WaveLab 5.01b\%drive_C%\MSDOS.SYS
2009-11-02 20:21 . 2009-11-02 20:21 0 --sha-r- c:\users\Drago\AppData\Roaming\Thinstall\Steinberg WaveLab 5.01b\%drive_C%\IO.SYS
2009-11-02 20:21 . 2009-11-02 20:21 7168 ----a-w- c:\users\Drago\AppData\Roaming\Thinstall\Steinberg WaveLab 5.01b\40000048600002i\WaveLab-app.exe
2009-11-02 19:46 . 2009-11-02 19:35 147906 ----a-w- c:\windows\hpoins12.dat
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-30 7289376]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336]
"TUSBSleepChargeSrv"="c:\program files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-03-27 252288]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2007-04-16 421888]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2008-11-21 438272]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [2009-04-23 1011712]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-04-16 2513472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-21 61440]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-03-06 468320]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-03-31 503808]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-03-23 729088]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-04-01 1283384]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2009-04-07 811008]
"TRCMan"="c:\program files\TOSHIBA\TRCMan\TRCMan.exe" [2008-11-26 701752]
"TPCHWMsg"="c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe" [2009-04-15 570736]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]

c:\users\Katarina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2009-2-24 391072]

c:\users\Mcx1-DRAGO-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2009-2-24 391072]

c:\users\Drago\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Touch Mouse Server.lnk - c:\program files\Logitech Touch Mouse Server\iTouch-Server-Win.exe [2009-10-23 228352]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Automatic Update-Agent.lnk - c:\program files\T-Mobile\Communication Center\AutoUpdateSrv.exe [2009-11-16 499712]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI2"=WGDRVR32.DLL
"WAVE2"=WGDRVR32.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cfFncEnabler.exe]
2009-03-24 11:53 16384 ----a-w- c:\program files\Toshiba\ConfigFree\cfFncEnabler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
2009-05-12 20:26 299008 ----a-w- c:\program files\Toshiba\ConfigFree\NDSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartFaceVWatcher]
2009-03-24 17:33 163840 ----a-w- c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Teco]
2009-04-24 09:40 1323008 ----a-w- c:\program files\Toshiba\TECO\TEco.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-10-29 21:25 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2009-03-04 13:53 96144 ----a-w- c:\program files\Toshiba\Registration\ToshibaReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPRO]
2009-03-23 12:30 1045904 ----a-w- c:\program files\Toshiba TEMPRO\TemproTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2009-10-26 07:33 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):7b,9f,7a,54,58,56,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4032735365-608106937-2049815217-1000]
"EnableNotificationsRef"=dword:00000001

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\System32\drivers\thpdrv.sys [25.03.2009 16:23 30272]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\System32\drivers\Thpevm.sys [04.09.2007 09:30 13336]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16.09.2008 12:03 169312]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [24.07.2009 10:08 176128]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [26.10.2009 16:01 108289]
R2 camsvc;TOSHIBA Web Camera Service;c:\program files\Toshiba\TOSHIBA Web Camera Application\TWebCameraSrv.exe [05.06.2009 09:50 20544]
R2 gtdetectsc;GtDetectSc Service;c:\windows\System32\Gtdetectsc.exe [16.11.2009 13:56 118784]
R2 GtFlashSwitch;GtFlashSwitch;c:\program files\Common Files\GtFlashSwitch\GtFlashSwitch.exe [09.02.2007 13:48 176128]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [23.03.2009 13:30 116104]
R2 TMachInfo;TMachInfo;c:\program files\Toshiba\TOSHIBA Service Station\TMachInfo.exe [24.07.2009 10:26 62776]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\Toshiba\TECO\TecoService.exe [24.04.2009 10:40 176128]
R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [17.03.2009 10:49 73728]
R2 TPCHSrv;TPCH Service;c:\program files\Toshiba\TPHM\TPCHSrv.exe [15.04.2009 16:03 656752]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\System32\drivers\TVALZFL.sys [20.03.2009 22:29 12920]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [30.12.2008 11:18 57856]
R3 enecirhid;ENE CIR HID Receiver;c:\windows\System32\drivers\enecirhid.sys [29.04.2008 00:56 11264]
R3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\System32\drivers\enecirhidma.sys [25.04.2008 08:16 5632]
R3 JakNDisMP;JakNDisMP;c:\windows\System32\drivers\JakNDis.sys [11.05.2009 14:53 21504]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17.11.2008 06:40 3668480]
R3 PGEffect;Pangu effect driver;c:\windows\System32\drivers\PGEffect.sys [05.06.2009 09:50 22272]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10.11.2009 01:10 135664]
S3 JakNDis;Jaksta Service;c:\windows\System32\drivers\JakNDis.sys [11.05.2009 14:53 21504]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [08.04.2009 15:36 114528]
S4 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [10.03.2009 17:51 46448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners

2010-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-10 00:10]

2010-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-10 00:10]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/707-44556-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
Trusted Zone: btopenzone.com\www
Trusted Zone: t-mobile.net\hotspot
FF - ProfilePath - c:\users\Drago\AppData\Roaming\Mozilla\Firefox\Profiles\ct7w40o0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

SafeBoot-mcmscsvc
SafeBoot-MCODS



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-28 16:38
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys thpdrv.sys hal.dll iaStor.sys spui.sys >>UNKNOWN [0x85CAE938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8aa0cd24
\Driver\ACPI -> acpi.sys @ 0x805bbd68
\Driver\atapi -> 0x85cf81f8
\Driver\iaStor -> iaStor.sys @ 0x82af20b0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-4032735365-608106937-2049815217-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9A4E3BC2-6451-D004-771F-4AAFA4EA7311}*]
"maphhjbkccpmhlhpdefjkcfcin"=hex:6a,61,66,6a,6b,6f,6a,64,67,66,6d,63,65,70,6e,
6a,6c,70,65,66,00,00
"nabinlndebhlpajpeonchfmfiijn"=hex:6a,61,66,6a,6b,6f,6a,64,67,66,6d,63,65,70,
6e,6a,6c,70,65,66,00,fe
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\atieclxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\ThpSrv.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\conime.exe
c:\windows\System32\ThpSrv.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\ehome\ehRecvr.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-01-28 16:47:18 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-01-28 15:47

Vor Suchlauf: 10 Verzeichnis(se), 77.691.850.752 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 76.273.946.624 Bytes frei

- - End Of File - - 54085C5765AF03FB6E5EBE68337A1CF2

Anhang: gmer.jpg
Seitenanfang Seitenende
28.01.2010, 17:12
virenfinder
Member

Beiträge: 3716
#5 ok, brauch n paar minuten.
Seitenanfang Seitenende
28.01.2010, 17:27
virenfinder
Member

Beiträge: 3716
#6 http://www.paules-pc-forum.de/forum/4-pc-sicherheit/124825-rootkit-tdss-entfernen-kaspersky-tdss-killer.html#post760397
log posten.
Seitenanfang Seitenende
28.01.2010, 17:56
dr.ago
Member

Themenstarter

Beiträge: 60
#7 hier ist der log

17:55:35:166 4192 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25
17:55:35:166 4192 ================================================================================
17:55:35:166 4192 SystemInfo:

17:55:35:166 4192 OS Version: 6.0.6002 ServicePack: 2.0
17:55:35:166 4192 Product type: Workstation
17:55:35:166 4192 ComputerName: DRAGO-PC
17:55:35:166 4192 UserName: Drago
17:55:35:166 4192 Windows directory: C:\Windows
17:55:35:166 4192 Processor architecture: Intel x86
17:55:35:166 4192 Number of processors: 2
17:55:35:166 4192 Page size: 0x1000
17:55:35:166 4192 Boot type: Normal boot
17:55:35:166 4192 ================================================================================
17:55:35:166 4192 UnloadDriverW: NtUnloadDriver error 2
17:55:35:166 4192 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
17:55:35:166 4192 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000
17:55:35:182 4192 UtilityInit: KLMD drop and load success
17:55:35:182 4192 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)
17:55:35:182 4192 UtilityInit: KLMD open success
17:55:35:182 4192 UtilityInit: Initialize success
17:55:35:182 4192
17:55:35:182 4192 Scanning Services ...
17:55:35:182 4192 CreateRegParser: Registry parser init started
17:55:35:182 4192 CreateRegParser: DisableWow64Redirection error
17:55:35:182 4192 wfopen_ex: Trying to open file C:\Windows\system32\config\system
17:55:35:182 4192 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\system) returned status C0000043
17:55:35:182 4192 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
17:55:35:182 4192 wfopen_ex: Trying to KLMD file open
17:55:35:182 4192 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\system
17:55:35:182 4192 wfopen_ex: File opened ok (Flags 2)
17:55:35:197 4192 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\system) init success: 1B86F88
17:55:35:197 4192 wfopen_ex: Trying to open file C:\Windows\system32\config\software
17:55:35:197 4192 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\software) returned status C0000043
17:55:35:197 4192 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
17:55:35:197 4192 wfopen_ex: Trying to KLMD file open
17:55:35:197 4192 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\software
17:55:35:197 4192 wfopen_ex: File opened ok (Flags 2)
17:55:35:197 4192 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\software) init success: 1B86FB0
17:55:35:197 4192 CreateRegParser: EnableWow64Redirection error
17:55:35:197 4192 CreateRegParser: RegParser init completed
17:55:36:149 4192 GetAdvancedServicesInfo: Raw services enum returned 468 services
17:55:36:149 4192 fclose_ex: Trying to close file C:\Windows\system32\config\system
17:55:36:149 4192 fclose_ex: Trying to close file C:\Windows\system32\config\software
17:55:36:149 4192
17:55:36:149 4192 Scanning Kernel memory ...
17:55:36:149 4192 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
17:55:36:149 4192 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 86893AC0
17:55:36:149 4192 DetectCureTDL3: KLMD_GetDeviceObjectList returned 1 DevObjects
17:55:36:149 4192
17:55:36:149 4192 DetectCureTDL3: DEVICE_OBJECT: 86F02820
17:55:36:149 4192 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F02820
17:55:36:149 4192 DetectCureTDL3: DEVICE_OBJECT: 86DFF8E8
17:55:36:149 4192 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86DFF8E8
17:55:36:149 4192 DetectCureTDL3: DEVICE_OBJECT: 85D76028
17:55:36:149 4192 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85D76028
17:55:36:149 4192 KLMD_ReadMem: Trying to ReadMemory 0x85D76028[0x38]
17:55:36:149 4192 DetectCureTDL3: DRIVER_OBJECT: 85D8B830
17:55:36:149 4192 KLMD_ReadMem: Trying to ReadMemory 0x85D8B830[0xA8]
17:55:36:149 4192 KLMD_ReadMem: Trying to ReadMemory 0x85D8C008[0x1C]
17:55:36:149 4192 DetectCureTDL3: DRIVER_OBJECT name: \Driver\iaStor, Driver Name: iaStor
17:55:36:149 4192 DetectCureTDL3: IrpHandler (0) addr: 82AF20B0
17:55:36:149 4192 DetectCureTDL3: IrpHandler (1) addr: 8243A9D2
17:55:36:149 4192 DetectCureTDL3: IrpHandler (2) addr: 82AF20B0
17:55:36:149 4192 DetectCureTDL3: IrpHandler (3) addr: 8243A9D2
17:55:36:149 4192 DetectCureTDL3: IrpHandler (4) addr: 8243A9D2
17:55:36:149 4192 DetectCureTDL3: IrpHandler (5) addr: 8243A9D2
17:55:36:149 4192 DetectCureTDL3: IrpHandler (6) addr: 8243A9D2
17:55:36:149 4192 DetectCureTDL3: IrpHandler (7) addr: 8243A9D2
17:55:36:149 4192 DetectCureTDL3: IrpHandler (8) addr: 8243A9D2
17:55:36:149 4192 DetectCureTDL3: IrpHandler (9) addr: 8243A9D2
17:55:36:149 4192 DetectCureTDL3: IrpHandler (10) addr: 8243A9D2
17:55:36:149 4192 DetectCureTDL3: IrpHandler (11) addr: 8243A9D2
17:55:36:149 4192 DetectCureTDL3: IrpHandler (12) addr: 8243A9D2
17:55:36:149 4192 DetectCureTDL3: IrpHandler (13) addr: 8243A9D2
17:55:36:149 4192 DetectCureTDL3: IrpHandler (14) addr: 82AF20B0
17:55:36:149 4192 DetectCureTDL3: IrpHandler (15) addr: 82AF20B0
17:55:36:149 4192 DetectCureTDL3: IrpHandler (16) addr: 8243A9D2
17:55:36:149 4192 DetectCureTDL3: IrpHandler (17) addr: 8243A9D2
17:55:36:149 4192 DetectCureTDL3: IrpHandler (18) addr: 8243A9D2
17:55:36:149 4192 DetectCureTDL3: IrpHandler (19) addr: 8243A9D2
17:55:36:149 4192 DetectCureTDL3: IrpHandler (20) addr: 8243A9D2
17:55:36:149 4192 DetectCureTDL3: IrpHandler (21) addr: 8243A9D2
17:55:36:149 4192 DetectCureTDL3: IrpHandler (22) addr: 82AF20B0
17:55:36:149 4192 DetectCureTDL3: IrpHandler (23) addr: 82AF20B0
17:55:36:149 4192 DetectCureTDL3: IrpHandler (24) addr: 8243A9D2
17:55:36:149 4192 DetectCureTDL3: IrpHandler (25) addr: 8243A9D2
17:55:36:149 4192 DetectCureTDL3: IrpHandler (26) addr: 8243A9D2
17:55:36:149 4192 TDL3_FileDetect: Processing driver: iaStor
17:55:36:149 4192 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\iaStor.sys
17:55:36:149 4192 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\iaStor.sys
17:55:36:180 4192 TDL3_FileDetect: C:\Windows\system32\DRIVERS\iaStor.sys - Verdict: Clean
17:55:36:180 4192
17:55:36:180 4192 Completed
17:55:36:180 4192
17:55:36:180 4192 Results:
17:55:36:180 4192 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
17:55:36:180 4192 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
17:55:36:180 4192 File objects infected / cured / cured on reboot: 0 / 0 / 0
17:55:36:180 4192
17:55:36:180 4192 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000
17:55:36:180 4192 UtilityDeinit: KLMD(ARK) unloaded successfully
Seitenanfang Seitenende
28.01.2010, 18:08
virenfinder
Member

Beiträge: 3716
#8 1. öffne avira, verwaltung, leere die Quarantäne
2. lass drweb cureit laufen:
http://www.paules-pc-forum.de/forum/4-pc-sicherheit/125060-dr-web-cureit.html#post762096
poste das log.
3. berichte, wie der pc läuft.
Seitenanfang Seitenende
28.01.2010, 19:18
dr.ago
Member

Themenstarter

Beiträge: 60
#9 also, drweb stürtz bei mir ab, d.h. der laptop geht einfach mittendrin aus.
die frage wie mein rechner läuft kann ich nur mit gut beatworten, sehe keinen unterschied zu dem wie es war bevor ich mich infiziert habe. also eigentlich alles wieder super.
Oder irre ich mich da, und da ist irgendwo noch etwas auf meinem rechner?!

vielen dank schon mal
Seitenanfang Seitenende
28.01.2010, 19:35
virenfinder
Member

Beiträge: 3716
#10 hast du den scan im abgesicherten modus gemacht?
Seitenanfang Seitenende
28.01.2010, 19:55
dr.ago
Member

Themenstarter

Beiträge: 60
#11 ja habe ich, aber wie erwähnt, zwei mal absturz
Seitenanfang Seitenende
28.01.2010, 20:59
virenfinder
Member

Beiträge: 3716
#12 kannst du noch mal ein combofix log posten bitte.
Seitenanfang Seitenende
28.01.2010, 21:27
dr.ago
Member

Themenstarter

Beiträge: 60
#13 gerne, hier nochmal combofix-log

ComboFix 10-01-27.06 - Drago 28.01.2010 21:13:21.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3036.1861 [GMT 1:00]
ausgeführt von:: c:\users\Drago\Desktop\Virus\test.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((( Dateien erstellt von 2009-12-28 bis 2010-01-28 ))))))))))))))))))))))))))))))
.

2010-01-28 20:22 . 2010-01-28 20:22 -------- d-----w- c:\users\Drago\AppData\Local\temp
2010-01-28 20:22 . 2010-01-28 20:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-28 20:22 . 2010-01-28 20:22 -------- d-----w- c:\users\Mcx1-DRAGO-PC\AppData\Local\temp
2010-01-28 20:22 . 2010-01-28 20:22 -------- d-----w- c:\users\Katarina\AppData\Local\temp
2010-01-28 20:22 . 2010-01-28 20:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-28 20:22 . 2010-01-28 20:22 -------- d-----w- c:\users\Birungueta\AppData\Local\temp
2010-01-28 17:53 . 2010-01-28 17:53 -------- d-----w- c:\users\Drago\DoctorWeb
2010-01-28 14:05 . 2010-01-28 14:05 -------- d-----w- c:\programdata\WindowsSearch
2010-01-27 22:57 . 2010-01-27 22:57 -------- d-----w- c:\users\Drago\AppData\Roaming\Malwarebytes
2010-01-27 22:57 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-27 22:57 . 2010-01-27 22:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-27 22:57 . 2010-01-27 22:57 -------- d-----w- c:\programdata\Malwarebytes
2010-01-27 22:57 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-27 22:40 . 2010-01-27 22:40 -------- d-----w- c:\program files\CCleaner
2010-01-27 22:38 . 2010-01-27 22:38 -------- d-----w- c:\program files\Trend Micro
2010-01-27 22:15 . 2010-01-27 22:15 -------- d-----w- c:\users\Drago\AppData\Roaming\MOVAVI
2010-01-27 22:13 . 2010-01-27 22:18 -------- d-----w- c:\program files\Movavi Video Suite 8
2010-01-27 22:12 . 2010-01-27 22:12 -------- d-----w- c:\users\Drago\AppData\Local\Downloaded Installations
2010-01-27 21:56 . 2010-01-27 21:56 -------- d-----w- c:\programdata\AVS4YOU
2010-01-27 21:54 . 2010-01-27 21:58 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-01-27 21:54 . 2007-02-27 18:36 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-01-27 21:54 . 2007-02-27 18:36 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-01-27 21:54 . 2010-01-27 21:58 -------- d-----w- c:\program files\AVS4YOU
2010-01-27 21:54 . 2007-02-27 18:36 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-01-27 21:54 . 2007-02-27 18:36 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-01-27 21:53 . 2010-01-27 21:53 -------- d-----w- C:\Drivers
2010-01-27 21:13 . 2010-01-27 21:27 -------- d-----w- c:\users\Drago\AppData\Roaming\Sytexis Software
2010-01-27 21:13 . 2010-01-27 21:37 -------- d-----w- c:\program files\Sytexis Software
2010-01-27 20:40 . 2010-01-27 20:40 -------- d-----w- c:\users\Drago\AppData\Local\Jaksta_LLC
2010-01-27 20:39 . 2010-01-27 20:40 -------- d-----w- c:\users\Drago\AppData\Roaming\Jaksta
2010-01-27 20:39 . 2010-01-27 20:39 -------- d-----w- c:\program files\Jaksta
2010-01-26 21:03 . 2010-01-26 21:03 -------- d-----w- c:\program files\Logitech Touch Mouse Server
2010-01-23 13:49 . 2010-01-23 13:49 -------- d-----w- c:\users\Drago\trash
2010-01-16 17:17 . 2008-04-07 04:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-01-15 02:01 . 2010-01-15 02:01 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-14 16:01 . 2010-01-22 17:18 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-13 18:46 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 18:46 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-11 19:47 . 2010-01-11 22:57 -------- d-----w- c:\program files\nettvplayer2.0
2010-01-11 16:49 . 2010-01-11 16:49 -------- d-----w- c:\users\Drago\.spss
2010-01-10 13:43 . 2010-01-10 13:43 -------- d-----w- c:\program files\WhereIsIt
2010-01-09 22:50 . 2010-01-09 22:50 -------- d-----w- c:\program files\MediaMonkey
2010-01-09 22:39 . 2010-01-28 15:47 -------- d-----w- c:\users\Birungueta
2010-01-09 22:39 . 2010-01-09 22:39 -------- d-----w- c:\users\Drago\AppData\Local\Thinstall
2010-01-09 22:16 . 2010-01-24 12:17 -------- d-----w- c:\users\Drago\AppData\Local\MediaMonkey
2010-01-07 08:44 . 2010-01-07 08:44 -------- d-----w- c:\users\Drago\AppData\Local\SPSS 15.0 für Windows [Auswertung Version]
2010-01-07 08:42 . 2010-01-07 08:42 1024 ----a-w- c:\windows\system32\clauth2.dll
2010-01-07 08:42 . 2010-01-07 08:42 1024 ----a-w- c:\windows\system32\clauth1.dll
2010-01-07 08:42 . 2006-05-10 10:15 1929216 ----a-w- c:\windows\system32\cdintf250.dll
2010-01-07 08:39 . 2010-01-23 08:26 -------- d-----w- c:\program files\SPSSEV-DE
2010-01-07 00:04 . 2010-01-07 00:04 -------- d-----w- c:\program files\RAR Password Recovery Magic
2010-01-06 18:34 . 2010-01-06 18:34 249856 ------w- c:\windows\Setup1.exe
2010-01-06 18:34 . 2010-01-06 18:34 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-01-06 17:32 . 1999-03-23 08:12 299520 ----a-w- c:\windows\uninst.exe
2010-01-05 22:05 . 2010-01-07 18:49 -------- d-----w- c:\users\Drago\Karaoke
2010-01-05 20:08 . 2001-02-25 00:57 69632 ----a-w- c:\windows\system32\WGDRVR32.DLL
2010-01-05 20:08 . 2010-01-05 20:08 -------- d-----w- c:\program files\WinGroove
2010-01-05 20:06 . 2010-01-05 20:09 -------- d-----w- C:\WG0A4.TMP
2010-01-03 22:49 . 2010-01-28 18:32 -------- d-----w- c:\users\Drago\TV-Browser
2010-01-03 22:45 . 2010-01-03 22:45 -------- d-----w- c:\users\Drago\AppData\Roaming\Regensoft
2010-01-03 21:06 . 2010-01-03 21:06 177024 ----a-w- c:\users\Drago\AppData\Roaming\Mozilla\Firefox\Profiles\ct7w40o0.default\FlashGot.exe
2010-01-03 18:59 . 2010-01-03 19:11 -------- d-----w- c:\users\Drago\AppData\Roaming\DC++
2010-01-03 18:59 . 2010-01-03 18:59 -------- d-----w- c:\users\Drago\AppData\Local\DC++

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-28 20:17 . 2008-01-21 07:15 618442 ----a-w- c:\windows\system32\perfh007.dat
2010-01-28 20:17 . 2008-01-21 07:15 122842 ----a-w- c:\windows\system32\perfc007.dat
2010-01-28 19:38 . 2009-11-04 15:31 -------- d-----w- c:\program files\NetTVPlus Player
2010-01-27 23:01 . 2009-10-25 12:37 -------- d-----w- c:\users\Drago\AppData\Roaming\skypePM
2010-01-27 22:34 . 2009-10-25 12:36 -------- d-----w- c:\users\Drago\AppData\Roaming\Skype
2010-01-27 21:53 . 2009-06-05 08:23 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-25 00:58 . 2009-10-25 14:34 -------- d-----w- c:\users\Drago\AppData\Roaming\vlc
2010-01-24 23:57 . 2009-11-18 01:03 -------- d-----w- c:\users\Drago\AppData\Roaming\dvdcss
2010-01-24 23:47 . 2009-11-09 17:54 -------- d-----w- c:\program files\JDownloader
2010-01-23 13:31 . 2009-12-03 11:14 -------- d-----w- c:\users\Drago\AppData\Roaming\Apple Computer
2010-01-19 06:16 . 2009-10-26 19:25 80616 ----a-w- c:\users\Katarina\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-17 22:58 . 2009-10-26 18:12 -------- d-----w- c:\program files\Full Tilt Poker
2010-01-16 17:42 . 2009-10-24 21:55 80616 ----a-w- c:\users\Drago\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-16 00:04 . 2009-06-05 09:07 -------- d-----w- c:\program files\Microsoft Works
2010-01-14 10:12 . 2009-11-18 11:15 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 22:14 . 2009-11-18 17:28 2516 --sha-w- c:\programdata\KGyGaAvL.sys
2010-01-13 22:14 . 2009-11-18 17:28 2516 --sha-w- c:\programdata\KGyGaAvL.sys
2010-01-09 22:39 . 2009-11-02 20:21 -------- d-----w- c:\users\Drago\AppData\Roaming\Thinstall
2010-01-05 20:23 . 2009-11-01 21:51 -------- d-----w- c:\program files\vanBasco's Karaoke Player
2010-01-03 22:38 . 2009-11-18 18:11 -------- d-----w- c:\program files\TPNet
2010-01-02 06:38 . 2010-01-22 17:24 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 17:24 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 17:24 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 17:24 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-23 17:26 . 2009-12-23 17:26 -------- d-----w- c:\program files\Hugin
2009-12-22 22:16 . 2009-06-05 09:01 -------- d-----w- c:\program files\Google
2009-12-22 17:37 . 2009-11-02 23:39 -------- d-----w- c:\program files\Elaborate Bytes
2009-12-22 17:36 . 2009-12-22 17:33 -------- d-----w- c:\program files\Unlocker
2009-12-22 17:26 . 2009-11-05 22:47 -------- d-----w- c:\program files\SlySoft
2009-12-21 00:20 . 2009-12-21 00:20 -------- d-----w- c:\users\Katarina\AppData\Roaming\HP
2009-12-21 00:18 . 2009-12-21 00:18 -------- d-----w- c:\users\Katarina\AppData\Roaming\Alice Systems
2009-12-15 22:28 . 2009-10-29 22:05 -------- d-----w- c:\programdata\Apple
2009-12-08 02:03 . 2009-10-26 15:01 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-03 12:42 . 2009-12-03 10:51 -------- d-----w- c:\programdata\Rosetta Stone
2009-12-03 11:13 . 2009-12-03 11:12 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-03 11:13 . 2009-12-03 11:12 -------- d-----w- c:\program files\iTunes
2009-12-03 11:12 . 2009-12-03 11:12 -------- d-----w- c:\program files\iPod
2009-12-03 11:12 . 2009-12-03 11:11 -------- d-----w- c:\programdata\Apple Computer
2009-12-03 11:12 . 2009-12-03 11:07 -------- d-----w- c:\program files\Common Files\Apple
2009-12-03 11:12 . 2009-12-03 11:12 -------- d-----w- c:\program files\Bonjour
2009-12-03 11:11 . 2009-12-03 11:11 -------- d-----w- c:\program files\QuickTime
2009-12-03 11:10 . 2009-12-03 11:10 -------- d-----w- c:\program files\Apple Software Update
2009-12-03 10:51 . 2009-12-03 10:51 -------- d-----w- c:\program files\Rosetta Stone
2009-12-03 10:13 . 2009-12-03 10:13 -------- d-----w- c:\users\Drago\AppData\Roaming\gtk-2.0
2009-12-03 09:34 . 2009-12-03 09:34 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-03 09:18 . 2009-10-27 11:46 -------- d-----w- c:\program files\Common Files\SPSS
2009-12-03 09:18 . 2009-12-03 09:18 -------- d-----w- c:\programdata\SPSS
2009-12-01 22:06 . 2009-06-05 08:46 -------- d-----w- c:\program files\Java
2009-11-18 17:28 . 2009-11-18 17:28 8 --sh--r- c:\programdata\AFC2C51FF8.sys
2009-11-18 17:28 . 2009-11-18 17:28 8 --sh--r- c:\programdata\AFC2C51FF8.sys
2009-11-18 00:35 . 2009-11-18 00:35 40960 ----a-r- c:\users\Drago\AppData\Roaming\Microsoft\Installer\{E9E5845E-C2E1-4D8D-A2E1-46E6F7F68C68}\NewShortcut1_E9E5845EC2E14D8DA2E146E6F7F68C68.exe
2009-11-18 00:35 . 2009-11-18 00:35 40960 ----a-r- c:\users\Drago\AppData\Roaming\Microsoft\Installer\{E9E5845E-C2E1-4D8D-A2E1-46E6F7F68C68}\ARPPRODUCTICON.exe
2009-11-16 12:59 . 2009-11-16 12:59 4846 ----a-r- c:\users\Drago\AppData\Roaming\Microsoft\Installer\{37FD2F04-EC91-41AE-B5AB-AFF904BF20EE}\ARPPRODUCTICON.exe
2009-11-16 12:59 . 2009-11-16 12:59 67771 ----a-w- c:\windows\Novatel_V20025InstallerUninstall.exe
2009-11-16 12:56 . 2009-11-16 12:56 67727 ----a-w- c:\windows\OptionPluss_PCCardInstallerUninstall.exe
2009-11-16 12:56 . 2009-11-16 12:56 67719 ----a-w- c:\windows\OptionPCCardInstallerUninstall.exe
2009-11-16 12:27 . 2009-11-16 12:27 8464 ----a-w- c:\windows\system32\SpOrder.dll
2009-11-12 16:07 . 2009-11-12 16:07 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-09 12:31 . 2009-12-10 02:03 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-10 02:03 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-10 02:03 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-04 22:26 . 2009-11-04 22:26 0 ----a-w- c:\windows\nsreg.dat
2009-11-02 20:21 . 2009-11-02 20:21 7168 ----a-w- c:\users\Drago\AppData\Roaming\Thinstall\Steinberg WaveLab 5.01b\f000000c100003i\ntvdm.exe
2009-11-02 20:21 . 2009-11-02 20:21 0 --sha-r- c:\users\Drago\AppData\Roaming\Thinstall\Steinberg WaveLab 5.01b\%drive_C%\MSDOS.SYS
2009-11-02 20:21 . 2009-11-02 20:21 0 --sha-r- c:\users\Drago\AppData\Roaming\Thinstall\Steinberg WaveLab 5.01b\%drive_C%\IO.SYS
2009-11-02 20:21 . 2009-11-02 20:21 7168 ----a-w- c:\users\Drago\AppData\Roaming\Thinstall\Steinberg WaveLab 5.01b\40000048600002i\WaveLab-app.exe
2009-11-02 19:46 . 2009-11-02 19:35 147906 ----a-w- c:\windows\hpoins12.dat
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-30 7289376]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336]
"TUSBSleepChargeSrv"="c:\program files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-03-27 252288]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2007-04-16 421888]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2008-11-21 438272]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [2009-04-23 1011712]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-04-16 2513472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-21 61440]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-03-06 468320]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-03-31 503808]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-03-23 729088]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-04-01 1283384]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2009-04-07 811008]
"TRCMan"="c:\program files\TOSHIBA\TRCMan\TRCMan.exe" [2008-11-26 701752]
"TPCHWMsg"="c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe" [2009-04-15 570736]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]

c:\users\Katarina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2009-2-24 391072]

c:\users\Mcx1-DRAGO-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2009-2-24 391072]

c:\users\Drago\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Touch Mouse Server.lnk - c:\program files\Logitech Touch Mouse Server\iTouch-Server-Win.exe [2009-10-23 228352]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Automatic Update-Agent.lnk - c:\program files\T-Mobile\Communication Center\AutoUpdateSrv.exe [2009-11-16 499712]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI2"=WGDRVR32.DLL
"WAVE2"=WGDRVR32.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cfFncEnabler.exe]
2009-03-24 11:53 16384 ----a-w- c:\program files\Toshiba\ConfigFree\cfFncEnabler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
2009-05-12 20:26 299008 ----a-w- c:\program files\Toshiba\ConfigFree\NDSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartFaceVWatcher]
2009-03-24 17:33 163840 ----a-w- c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Teco]
2009-04-24 09:40 1323008 ----a-w- c:\program files\Toshiba\TECO\TEco.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-10-29 21:25 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2009-03-04 13:53 96144 ----a-w- c:\program files\Toshiba\Registration\ToshibaReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPRO]
2009-03-23 12:30 1045904 ----a-w- c:\program files\Toshiba TEMPRO\TemproTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2009-10-26 07:33 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):7b,9f,7a,54,58,56,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4032735365-608106937-2049815217-1000]
"EnableNotificationsRef"=dword:00000001

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\System32\drivers\thpdrv.sys [25.03.2009 16:23 30272]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\System32\drivers\Thpevm.sys [04.09.2007 09:30 13336]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16.09.2008 12:03 169312]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [24.07.2009 10:08 176128]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [26.10.2009 16:01 108289]
R2 camsvc;TOSHIBA Web Camera Service;c:\program files\Toshiba\TOSHIBA Web Camera Application\TWebCameraSrv.exe [05.06.2009 09:50 20544]
R2 gtdetectsc;GtDetectSc Service;c:\windows\System32\Gtdetectsc.exe [16.11.2009 13:56 118784]
R2 GtFlashSwitch;GtFlashSwitch;c:\program files\Common Files\GtFlashSwitch\GtFlashSwitch.exe [09.02.2007 13:48 176128]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [23.03.2009 13:30 116104]
R2 TMachInfo;TMachInfo;c:\program files\Toshiba\TOSHIBA Service Station\TMachInfo.exe [24.07.2009 10:26 62776]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\Toshiba\TECO\TecoService.exe [24.04.2009 10:40 176128]
R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [17.03.2009 10:49 73728]
R2 TPCHSrv;TPCH Service;c:\program files\Toshiba\TPHM\TPCHSrv.exe [15.04.2009 16:03 656752]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\System32\drivers\TVALZFL.sys [20.03.2009 22:29 12920]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [30.12.2008 11:18 57856]
R3 enecirhid;ENE CIR HID Receiver;c:\windows\System32\drivers\enecirhid.sys [29.04.2008 00:56 11264]
R3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\System32\drivers\enecirhidma.sys [25.04.2008 08:16 5632]
R3 JakNDisMP;JakNDisMP;c:\windows\System32\drivers\JakNDis.sys [11.05.2009 14:53 21504]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17.11.2008 06:40 3668480]
R3 PGEffect;Pangu effect driver;c:\windows\System32\drivers\PGEffect.sys [05.06.2009 09:50 22272]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [27.10.2009 12:33 722416]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10.11.2009 01:10 135664]
S3 JakNDis;Jaksta Service;c:\windows\System32\drivers\JakNDis.sys [11.05.2009 14:53 21504]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [08.04.2009 15:36 114528]
S4 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [10.03.2009 17:51 46448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners

2010-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-10 00:10]

2010-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-10 00:10]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/707-44556-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
Trusted Zone: btopenzone.com\www
Trusted Zone: t-mobile.net\hotspot
FF - ProfilePath - c:\users\Drago\AppData\Roaming\Mozilla\Firefox\Profiles\ct7w40o0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-28 21:22
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-4032735365-608106937-2049815217-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9A4E3BC2-6451-D004-771F-4AAFA4EA7311}*]
"maphhjbkccpmhlhpdefjkcfcin"=hex:6a,61,66,6a,6b,6f,6a,64,67,66,6d,63,65,70,6e,
6a,6c,70,65,66,00,00
"nabinlndebhlpajpeonchfmfiijn"=hex:6a,61,66,6a,6b,6f,6a,64,67,66,6d,63,65,70,
6e,6a,6c,70,65,66,00,fe
.
Zeit der Fertigstellung: 2010-01-28 21:26:00
ComboFix-quarantined-files.txt 2010-01-28 20:25
ComboFix2.txt 2010-01-28 15:47

Vor Suchlauf: 14 Verzeichnis(se), 78.173.892.608 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 76.066.193.408 Bytes frei

- - End Of File - - C1F85DF23B68D6E58C0E94FA8561467F
Seitenanfang Seitenende
29.01.2010, 23:14
Swisstreasure
Moderator

Beiträge: 5694
#14 Ich werde hier übernehmen, das Virenfinder Weg ist einige Tage.

Grüsse Dich ;)

Sieht doch gut aus, aber denoch will ich mir noch einiges anschauen:

Schritt 1

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

>Doppelklick auf die OTL.exe
-->Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
>Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
>Unter Extra Registry, wähle bitte Use SafeList
>Klicke nun auf Run Scan links oben
>Wenn der Scan beendet wurde werden 2 Logfiles erstellt
>Poste die Logfiles in Code-Tags hier in den Thread.


Schritt 2

Rootkitscan mit RootRepeal
• Gehe hierhin, scrolle runter und downloade RootRepeal.zip.
• Entpacke die Datei auf Deinen Desktop.
• Doppelklicke die RootRepeal.exe, um den Scanner zu starten.
• Klicke auf den Reiter Report und dann auf den Button Scan.
• Mache einen Haken bei den folgenden Elementen und klicke Ok.
.
Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services
Shadow SSDT
.
• Im Anschluss wirst Du gefragt, welche Laufwerke gescannt werden sollen.
• Wähle C:\ und klicke wieder Ok.
• Der Suchlauf beginnt automatisch, es wird eine Weile dauern, bitte Geduld.
• Wenn der Suchlauf beendet ist, klicke auf Save Report.
• Speichere das Logfile als RootRepeal.txt auf dem Desktop.
• Kopiere den Inhalt hier in den Thread.
Seitenanfang Seitenende
30.01.2010, 14:44
dr.ago
Member

Themenstarter

Beiträge: 60
#15 Danke, dass du dich meines Problems annimmst.

Hier sind die logs:

Code

 OTL logfile created on: 30.01.2010 14:07:29 - Run 1
OTL by OldTimer - Version 3.1.27.0     Folder = C:\Users\Drago\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186,31 Gb Total Space | 67,67 Gb Free Space | 36,32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 184,84 Gb Total Space | 115,78 Gb Free Space | 62,64% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DRAGO-PC
Current User Name: Drago
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Drago\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Programme\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Programme\Logitech Touch Mouse Server\iTouch-Server-Win.exe (Logitech, Inc.)
PRC - C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Toshiba\TECO\TecoService.exe (TOSHIBA Corporation)
PRC - C:\Programme\Toshiba\TECO\TEco.exe (TOSHIBA Corporation)
PRC - C:\Programme\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Toshiba\TOSHIBA Web Camera Application\TWebCameraSrv.exe (TOSHIBA)
PRC - C:\Programme\Toshiba\TPHM\TPCHWMsg.exe (TOSHIBA Corporation)
PRC - C:\Programme\Toshiba\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
PRC - C:\Programme\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
PRC - C:\Programme\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
PRC - C:\Programme\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Toshiba\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
PRC - C:\Programme\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
PRC - C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
PRC - C:\Programme\Synaptics\SynTP\SynTPHelper.exe (Synaptics Incorporated)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Toshiba\HDMICtrlMan\HCMSoundChanger.exe (TOSHIBA Corporation.)
PRC - C:\Programme\Toshiba\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - C:\Programme\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Programme\Toshiba\TRCMan\TRCMan.exe (TOSHIBA Corporation)
PRC - C:\Programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Programme\T-Mobile\Communication Center\AutoUpdateSrv.exe ()
PRC - C:\Programme\Common Files\GtFlashSwitch\GtFlashSwitch.exe (OptionNV)
PRC - C:\Windows\System32\Gtdetectsc.exe (OptionNV)
PRC - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Programme\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\Drago\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (camsvc) -- C:\Programme\Toshiba\TOSHIBA Web Camera Application\TWebCameraSrv.exe (TOSHIBA)
SRV - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV - (TMachInfo) -- C:\Programme\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (TNaviSrv) -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (AdobeActiveFileMonitor7.0) -- C:\Programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (Thpsrv) -- C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation)
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (GtFlashSwitch) -- C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe (OptionNV)
SRV - (hpqcxs08) -- C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc) -- C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (gtdetectsc) -- C:\Windows\System32\Gtdetectsc.exe (OptionNV)
SRV - (Pml Driver HPZ12) -- C:\Windows\System32\HPZipm12.dll (Hewlett-Packard)
SRV - (Net Driver HPZ12) -- C:\Windows\System32\HPZinw12.dll (Hewlett-Packard)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (USBAAPL) -- C:\Windows\System32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (GEARAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (JakNDisMP) -- C:\Windows\System32\drivers\JakNDis.sys (Jaksta LLC)
DRV - (JakNDis) -- C:\Windows\System32\drivers\JakNDis.sys (Jaksta LLC)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (NWUSBPort) -- C:\Windows\System32\drivers\nwusbser.sys (Novatel Wireless Inc.)
DRV - (NWUSBModem) -- C:\Windows\System32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (Thpdrv) -- C:\Windows\system32\DRIVERS\thpdrv.sys (TOSHIBA Corporation)
DRV - (TVALZFL) -- C:\Windows\System32\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (mod7700) -- C:\Windows\System32\drivers\dvb7700all.sys (DiBcom)
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (enecirhid) -- C:\Windows\System32\drivers\enecirhid.sys (ENE TECHNOLOGY INC.)
DRV - (enecirhidma) -- C:\Windows\System32\drivers\enecirhidma.sys (ENE TECHNOLOGY INC.)
DRV - (PxHelp20) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (UMPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (Thpevm) -- C:\Windows\system32\DRIVERS\Thpevm.SYS (TOSHIBA Corporation)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (NWADI) -- C:\Windows\System32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (DeviceGuys, Inc.)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.08
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.07 00:41:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.01.16 18:15:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009.12.03 12:11:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.01.16 18:15:50 | 00,000,000 | ---D | M]
 
[2009.11.05 22:28:07 | 00,000,000 | ---D | M] -- C:\Users\Drago\AppData\Roaming\mozilla\Extensions
[2010.01.29 22:52:49 | 00,000,000 | ---D | M] -- C:\Users\Drago\AppData\Roaming\mozilla\Firefox\Profiles\ct7w40o0.default\extensions
[2010.01.03 22:06:36 | 00,000,000 | ---D | M] (FlashGot) -- C:\Users\Drago\AppData\Roaming\mozilla\Firefox\Profiles\ct7w40o0.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010.01.30 12:40:42 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.12.17 15:08:00 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.12.17 15:08:00 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.12.17 15:08:00 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.12.17 15:08:00 | 00,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.12.17 15:08:01 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.01.28 16:38:30 | 00,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HDMICtrlMan] C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HSON] C:\Programme\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Programme\Toshiba\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [ThpSrv] C:\Windows\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Programme\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPCHWMsg] C:\Programme\Toshiba\TPHM\TPCHWMsg.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TRCMan] C:\Programme\Toshiba\TRCMan\TRCMan.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Programme\Toshiba\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Drago\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk = C:\Programme\Logitech Touch Mouse Server\iTouch-Server-Win.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -  File not found
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPLive.exe ()
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPLive.exe ()
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: btopenzone.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: t-mobile.net ([hotspot] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\Windows\System32\acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010.01.30 14:06:28 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Users\Drago\Desktop\OTL.exe
[2010.01.28 21:26:04 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.01.28 21:26:02 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2010.01.28 21:26:02 | 00,000,000 | ---D | C] -- C:\Users\Drago\AppData\Local\temp
[2010.01.28 21:08:55 | 00,000,000 | ---D | C] -- C:\test
[2010.01.28 21:08:39 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.01.28 18:53:45 | 00,000,000 | ---D | C] -- C:\Users\Drago\DoctorWeb
[2010.01.28 16:25:15 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.01.28 16:25:15 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.01.28 16:25:15 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.01.28 16:22:36 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.01.28 16:20:35 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010.01.28 15:23:45 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2010.01.28 15:05:37 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010.01.28 00:13:23 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.01.27 23:57:26 | 00,000,000 | ---D | C] -- C:\Users\Drago\AppData\Roaming\Malwarebytes
[2010.01.27 23:57:21 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.01.27 23:57:18 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.01.27 23:57:18 | 00,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.01.27 23:57:18 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.01.27 23:48:52 | 00,000,000 | ---D | C] -- C:\Users\Drago\Desktop\Virus
[2010.01.27 23:40:39 | 00,000,000 | ---D | C] -- C:\Programme\[url="http://www.ccleaner.de"]CCleaner[/url]
[2010.01.27 23:38:20 | 00,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.01.27 23:15:58 | 00,000,000 | ---D | C] -- C:\Users\Drago\AppData\Roaming\MOVAVI
[2010.01.27 23:13:43 | 00,000,000 | ---D | C] -- C:\Programme\Movavi Video Suite 8
[2010.01.27 23:12:30 | 00,000,000 | ---D | C] -- C:\Users\Drago\AppData\Local\Downloaded Installations
[2010.01.27 22:56:16 | 00,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2010.01.27 22:54:44 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc70.dll
[2010.01.27 22:54:44 | 00,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp70.dll
[2010.01.27 22:54:44 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\AVSMedia
[2010.01.27 22:54:43 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr70.dll
[2010.01.27 22:54:43 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll
[2010.01.27 22:54:43 | 00,000,000 | ---D | C] -- C:\Programme\AVS4YOU
[2010.01.27 22:53:18 | 00,000,000 | ---D | C] -- C:\Drivers
[2010.01.27 22:13:51 | 00,000,000 | ---D | C] -- C:\Users\Drago\AppData\Roaming\Sytexis Software
[2010.01.27 22:13:47 | 00,000,000 | ---D | C] -- C:\Programme\Sytexis Software
[2010.01.27 21:40:40 | 00,000,000 | ---D | C] -- C:\Users\Drago\Documents\My Streaming Media
[2010.01.27 21:40:37 | 00,000,000 | ---D | C] -- C:\Users\Drago\AppData\Local\Jaksta_LLC
[2010.01.27 21:39:14 | 00,000,000 | ---D | C] -- C:\Users\Drago\AppData\Roaming\Jaksta
[2010.01.27 21:39:11 | 00,000,000 | ---D | C] -- C:\Programme\Jaksta
[2010.01.27 21:01:40 | 00,000,000 | ---D | C] -- C:\Users\Drago\Desktop\desktop shit
[2010.01.26 22:03:07 | 00,000,000 | ---D | C] -- C:\Programme\Logitech Touch Mouse Server
[2010.01.23 14:49:54 | 00,000,000 | ---D | C] -- C:\Users\Drago\trash
[2010.01.22 18:24:53 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.01.22 18:24:53 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.01.22 18:24:53 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.01.22 18:24:52 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.01.22 18:24:52 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.01.22 18:24:52 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.01.22 18:24:52 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.01.22 18:24:52 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.01.22 18:24:52 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.01.22 18:24:52 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.01.22 18:24:52 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.01.22 18:24:52 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.01.22 18:24:52 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.01.22 18:24:52 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.01.16 18:17:20 | 00,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[2010.01.15 03:01:14 | 00,000,000 | ---D | C] -- C:\Programme\Microsoft CAPICOM 2.1.0.2
[2010.01.14 17:01:02 | 00,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight
[2010.01.13 19:46:48 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.01.13 19:46:48 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.01.11 20:47:50 | 00,000,000 | ---D | C] -- C:\Programme\nettvplayer2.0
[2010.01.11 17:49:11 | 00,000,000 | ---D | C] -- C:\Users\Drago\.spss
[2010.01.11 17:34:56 | 00,000,000 | ---D | C] -- C:\Users\Drago\Desktop\Studium
[2010.01.10 14:43:27 | 00,000,000 | ---D | C] -- C:\Programme\WhereIsIt
[2010.01.09 23:50:00 | 00,000,000 | ---D | C] -- C:\Programme\MediaMonkey
[2010.01.09 23:39:49 | 00,000,000 | ---D | C] -- C:\Users\Drago\AppData\Local\Thinstall
[2010.01.09 23:16:09 | 00,000,000 | ---D | C] -- C:\Users\Drago\AppData\Local\MediaMonkey
[2010.01.07 09:48:09 | 00,000,000 | ---D | C] -- C:\Users\Drago\Desktop\Doktorarbeit
[2010.01.07 09:44:48 | 00,000,000 | ---D | C] -- C:\Users\Drago\AppData\Local\SPSS 15.0 für Windows [Auswertung Version]
[2010.01.07 09:42:49 | 01,929,216 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\System32\cdintf250.dll
[2010.01.07 09:39:59 | 00,000,000 | ---D | C] -- C:\Programme\SPSSEV-DE
[2010.01.07 01:04:00 | 00,000,000 | ---D | C] -- C:\Programme\RAR Password Recovery Magic
[2010.01.06 19:34:18 | 00,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2010.01.06 19:34:17 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2010.01.06 18:32:41 | 00,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe
[2010.01.05 23:05:05 | 00,000,000 | ---D | C] -- C:\Users\Drago\Karaoke
[2010.01.05 21:08:55 | 00,069,632 | ---- | C] (AZARASHI Corp.) -- C:\Windows\System32\WGDRVR32.DLL
[2010.01.05 21:08:54 | 00,000,000 | ---D | C] -- C:\Programme\WinGroove
[2010.01.05 21:06:40 | 00,000,000 | ---D | C] -- C:\WG0A4.TMP
[2010.01.03 23:49:45 | 00,000,000 | ---D | C] -- C:\Users\Drago\TV-Browser
[2010.01.03 23:45:50 | 00,000,000 | ---D | C] -- C:\Users\Drago\AppData\Roaming\Regensoft
[2010.01.03 19:59:25 | 00,000,000 | ---D | C] -- C:\Users\Drago\AppData\Roaming\DC++
[2010.01.03 19:59:25 | 00,000,000 | ---D | C] -- C:\Users\Drago\AppData\Local\DC++
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010.01.30 14:06:58 | 04,194,304 | -HS- | M] () -- C:\Users\Drago\NTUSER.DAT
[2010.01.30 14:06:32 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Drago\Desktop\OTL.exe
[2010.01.30 14:04:12 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.01.30 13:15:00 | 00,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.01.30 13:00:01 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.01.30 13:00:01 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.01.30 01:15:00 | 00,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.01.29 06:56:34 | 01,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.01.29 06:56:34 | 00,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.01.29 06:56:34 | 00,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.01.29 06:56:34 | 00,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.01.29 06:56:34 | 00,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.01.29 06:50:55 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.01.28 23:46:02 | 00,524,288 | -HS- | M] () -- C:\Users\Drago\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.01.28 23:46:02 | 00,065,536 | -HS- | M] () -- C:\Users\Drago\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.01.28 23:46:01 | 02,966,152 | -H-- | M] () -- C:\Users\Drago\AppData\Local\IconCache.db
[2010.01.28 21:22:52 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.01.28 16:38:30 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.01.28 14:00:44 | 30,885,7686 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.01.28 10:04:22 | 00,312,887 | ---- | M] () -- C:\Users\Drago\Documents\Gutschein_444513156208856909_Guido_Letz.pdf
[2010.01.28 10:03:40 | 01,476,047 | ---- | M] () -- C:\Users\Drago\Desktop\Gutschein_444513156208856909_Guido_Letz.pdf
[2010.01.27 23:25:41 | 00,082,944 | ---- | M] () -- C:\Users\Drago\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.27 23:14:53 | 00,004,956 | ---- | M] () -- C:\ProgramData\esswogwb.bbd
[2010.01.27 23:14:10 | 00,001,918 | ---- | M] () -- C:\Users\Public\Desktop\Movavi Video Suite 8.lnk
[2010.01.27 23:02:55 | 00,000,214 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010.01.27 22:13:51 | 00,001,104 | ---- | M] () -- C:\Users\Drago\Desktop\Web Stream Recorder 2010.lnk
[2010.01.27 22:07:07 | 00,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Jaksta Streaming Media Recorder and Converter.lnk
[2010.01.27 21:31:19 | 00,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.01.27 20:23:30 | 02,178,560 | ---- | M] () -- C:\Users\Drago\Documents\Statistik Klausur.pdf
[2010.01.26 22:03:13 | 00,001,013 | ---- | M] () -- C:\Users\Drago\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk
[2010.01.23 14:19:43 | 00,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.01.23 13:08:32 | 00,000,016 | -H-- | M] () -- C:\Windows\System32\servdat.slm
[2010.01.23 09:26:44 | 00,000,219 | ---- | M] () -- C:\Windows\System32\lsprst7.tgz
[2010.01.23 09:26:44 | 00,000,014 | ---- | M] () -- C:\Windows\System32\ssprs.tgz
[2010.01.18 14:13:30 | 00,322,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.01.16 18:42:35 | 00,080,616 | ---- | M] () -- C:\Users\Drago\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.01.16 18:15:50 | 00,001,905 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro Extended.lnk
[2010.01.15 22:39:09 | 00,000,880 | ---- | M] () -- C:\Users\Drago\Desktop\NetTVPlusPlayer.lnk
[2010.01.14 11:12:06 | 00,181,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.01.13 23:14:01 | 00,002,516 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010.01.12 10:37:31 | 00,001,907 | ---- | M] () -- C:\Windows\WINGROOV.INI
[2010.01.12 10:37:31 | 00,000,376 | ---- | M] () -- C:\Windows\WINGROOV.PSF
[2010.01.12 10:37:28 | 00,000,231 | ---- | M] () -- C:\Windows\win.ini
[2010.01.11 20:58:00 | 00,000,678 | ---- | M] () -- C:\Users\Public\Desktop\NetTVPlayer 2.0.lnk
[2010.01.10 01:40:03 | 11,268,6744 | ---- | M] () -- C:\Users\Drago\HKW2010.rar
[2010.01.09 23:50:07 | 00,000,787 | ---- | M] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2010.01.07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.01.07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.01.07 09:42:49 | 00,001,024 | ---- | M] () -- C:\Windows\System32\clauth2.dll
[2010.01.07 09:42:49 | 00,001,024 | ---- | M] () -- C:\Windows\System32\clauth1.dll
[2010.01.07 09:42:49 | 00,000,000 | ---- | M] () -- C:\Windows\System32\nsprs.tgz
[2010.01.06 19:34:18 | 00,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2010.01.06 19:34:17 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2010.01.06 00:45:44 | 00,030,500 | ---- | M] () -- C:\Windows\FontData.fdb
[2010.01.05 21:28:18 | 00,000,437 | ---- | M] () -- C:\Windows\WGPLAYER.INI
[2010.01.05 21:06:35 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.01.05 21:06:35 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2010.01.02 07:33:32 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.01.02 07:33:32 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.01.02 07:32:51 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.01.02 07:32:46 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.01.02 07:32:33 | 00,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.01.02 07:32:33 | 00,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.01.02 07:32:33 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.01.02 07:32:32 | 00,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.01.02 07:32:32 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.01.02 07:32:26 | 00,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.01.02 05:57:00 | 00,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.01.02 05:56:50 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.01.02 05:56:14 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.01.02 05:55:54 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010.01.28 16:25:15 | 00,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010.01.28 16:25:15 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.01.28 16:25:15 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.01.28 16:25:15 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.01.28 16:25:15 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.01.28 10:04:22 | 00,312,887 | ---- | C] () -- C:\Users\Drago\Documents\Gutschein_444513156208856909_Guido_Letz.pdf
[2010.01.28 10:02:50 | 01,476,047 | ---- | C] () -- C:\Users\Drago\Desktop\Gutschein_444513156208856909_Guido_Letz.pdf
[2010.01.28 00:13:17 | 30,885,7686 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.01.27 23:14:53 | 00,004,956 | ---- | C] () -- C:\ProgramData\esswogwb.bbd
[2010.01.27 23:14:10 | 00,001,918 | ---- | C] () -- C:\Users\Public\Desktop\Movavi Video Suite 8.lnk
[2010.01.27 22:13:51 | 00,001,104 | ---- | C] () -- C:\Users\Drago\Desktop\Web Stream Recorder 2010.lnk
[2010.01.27 21:41:09 | 00,001,182 | ---- | C] () -- C:\ProgramData\jaksta.smr.lic
[2010.01.27 21:39:12 | 00,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Jaksta Streaming Media Recorder and Converter.lnk
[2010.01.27 20:23:54 | 02,178,560 | ---- | C] () -- C:\Users\Drago\Documents\Statistik Klausur.pdf
[2010.01.26 22:03:13 | 00,001,013 | ---- | C] () -- C:\Users\Drago\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk
[2010.01.16 18:15:50 | 00,001,905 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro Extended.lnk
[2010.01.15 22:39:09 | 00,000,880 | ---- | C] () -- C:\Users\Drago\Desktop\NetTVPlusPlayer.lnk
[2010.01.11 20:47:51 | 00,000,678 | ---- | C] () -- C:\Users\Public\Desktop\NetTVPlayer 2.0.lnk
[2010.01.10 01:37:29 | 11,268,6744 | ---- | C] () -- C:\Users\Drago\HKW2010.rar
[2010.01.09 23:50:07 | 00,000,787 | ---- | C] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2010.01.07 09:42:49 | 00,001,024 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2010.01.07 09:42:49 | 00,001,024 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2010.01.07 09:42:49 | 00,000,014 | ---- | C] () -- C:\Windows\System32\ssprs.tgz
[2010.01.07 09:42:49 | 00,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.tgz
[2010.01.05 21:08:55 | 00,000,437 | ---- | C] () -- C:\Windows\WGPLAYER.INI
[2010.01.05 21:07:12 | 00,000,376 | ---- | C] () -- C:\Windows\WINGROOV.PSF
[2010.01.05 21:07:05 | 00,001,907 | ---- | C] () -- C:\Windows\WINGROOV.INI
[2010.01.05 21:06:35 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010.01.05 21:06:35 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009.11.18 18:28:43 | 00,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.11.18 18:28:43 | 00,000,008 | RHS- | C] () -- C:\ProgramData\AFC2C51FF8.sys
[2009.11.18 01:01:55 | 00,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.11.18 01:01:55 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009.11.05 23:44:49 | 00,000,214 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.11.05 23:41:03 | 00,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.11.02 23:14:21 | 00,000,010 | ---- | C] () -- C:\Windows\wininit.ini
[2009.11.02 21:13:23 | 00,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.11.02 20:36:02 | 00,000,778 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.10.27 12:49:23 | 00,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll
[2009.10.27 12:49:23 | 00,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll
[2009.10.27 12:45:45 | 00,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2009.10.27 12:33:17 | 00,722,416 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.10.25 20:48:49 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.25 15:34:18 | 00,082,944 | ---- | C] () -- C:\Users\Drago\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.14 21:09:32 | 01,936,528 | ---- | C] () -- C:\Windows\System32\ltmm15.dll
[2009.07.24 10:39:33 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009.07.24 10:08:34 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.06.05 09:43:09 | 00,045,056 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2009.06.05 07:22:47 | 00,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008.09.02 01:32:38 | 00,028,672 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2006.11.02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >


Code

 OTL Extras logfile created on: 30.01.2010 14:07:29 - Run 1
OTL by OldTimer - Version 3.1.27.0     Folder = C:\Users\Drago\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186,31 Gb Total Space | 67,67 Gb Free Space | 36,32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 184,84 Gb Total Space | 115,78 Gb Free Space | 62,64% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DRAGO-PC
Current User Name: Drago
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [Meine CEWE FOTOWELT] -- "C:\Program Files\CeWe Color\Meine CEWE FOTOWELT\Meine CEWE FOTOWELT.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4032735365-608106937-2049815217-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{055C5137-A0D9-42FA-A45B-B67E7F8A9A32}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{067171DE-06DE-4BA3-B297-E3DC42080A18}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{09D4A4E1-739C-4023-937F-579A0263D957}" = lport=139 | protocol=6 | dir=in | app=system | 
"{12988BE5-B2BA-4796-AD70-701C6842AF24}" = lport=138 | protocol=17 | dir=in | app=system | 
"{277E1851-B84F-4955-A23E-81694796327E}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe | 
"{2C5D17DA-5DBC-4638-952B-A18A86F1520C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{33028629-305E-44CD-BAD6-25FAE6C7896A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{478FC8C2-EDE5-4124-B31C-73023B7A5855}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe | 
"{4B8E1CB9-A347-4141-815E-28E0F48E286D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{54BC3EAF-DE8E-47FB-BF4C-7F9BE1DBE191}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5B9EF814-F071-4816-B1E1-46BBCF970412}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5F001314-9517-419D-8E8B-ED8E80E6C6CE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{5F277B6F-79B4-4F85-8684-7155FA1C86D1}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5F5FD424-2AF7-4BE8-A474-014BB70828E2}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{619C314E-905A-430F-A27C-A919EB217662}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{713C10E5-0AF1-4C58-825B-A7000C40DB0C}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{7BC29FA1-C4F8-429F-B314-FDA0DCDBC1B1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8006AC32-CD11-4EF6-A4EA-33F13B1DC069}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{80AC0CF1-8C66-4E5E-A056-8D42534FEC05}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{8CA4B80C-5A5F-4CFD-B82A-6660EC5285A1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{90C4594C-96E0-41FB-8436-9EB08E0A4280}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{A5E6BA7C-D6BA-4614-BC06-4A6B5B636900}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe | 
"{BE6A712E-0112-45AD-9A3A-FC02AEC3BE4A}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe | 
"{C0ACE7CF-A01F-4D4D-A5E9-28A00E093407}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{D4B55364-314F-47EC-B8CD-35CF19F69C70}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{D7EE35B2-323D-4518-8164-2EF82BE40700}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{E024DD13-545C-4626-8898-EAB181600830}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{E83344C6-AC71-4EB2-AA1E-DF28C3F8CC74}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{EA4F0FF6-0383-47D6-9072-44629C5B31B9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F08D347D-C0D7-48F7-96B7-8BB02978881B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{FC4DE971-AD3A-4EF3-AA3C-58276A5B15C8}" = rport=138 | protocol=17 | dir=out | app=system | 
"{FF000478-AAB3-4DE5-8FF4-5E5AD766E5C8}" = rport=137 | protocol=17 | dir=out | app=system | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{021CB87D-9183-4129-AB7D-D9A352E9818E}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe | 
"{02D216E2-B012-40AF-8343-8A7CBDD5733A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{06606746-5017-4B7A-8CEC-CAD576001D52}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{06F605AE-307B-4627-A793-CCAD3A43B13F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{399D54A5-73B3-4C81-AE8C-0154FC437766}" = dir=in | app=c:\program files\rosetta stone\rosetta stone v3\rosettastoneversion3.exe | 
"{3F6DD851-36BF-47C6-BADE-55D36963F421}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{50B9AF9A-B44D-468E-85C2-A55F755A2386}" = protocol=6 | dir=in | app=c:\program files\pplive\pplive.exe | 
"{571CC9B2-B896-4205-8C0D-E80DF296D971}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{61BD60E1-ED29-4E33-A3CD-CDA5420EE25D}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe | 
"{629084A7-353E-4657-B775-3E870B16878C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{651A2D73-6B0B-42CF-8C5C-E8699F6ED933}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone v3\rosettastoneversion3.exe | 
"{68D2D4A6-CC1C-421F-801F-86FFBAEF02EC}" = dir=in | app=c:\program files\rosetta stone\rosetta stone v3\support\bin\win\rosettastoneltdservices.exe | 
"{6C56A75A-3E9B-4B52-B5B7-28DA0875F8A1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{755F5F6F-C0B0-4124-AF91-2C6B5C9D8265}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{83F596B5-139D-44DF-8F60-098F1209D0DE}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe | 
"{91F03E0D-00BE-46A6-AACE-0575C91D1186}" = protocol=17 | dir=in | app=c:\program files\pplive\pplive.exe | 
"{9AD81074-E6D5-4362-888A-263E8F4DA830}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{A0DA9564-5EB7-4324-A39C-509341BE0922}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe | 
"{A1759E21-AC9E-4E2D-823A-35EA38AA0A53}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A6DEA0B6-E74D-438F-9426-6E6C61E1FB81}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A7B09C54-1BFB-4173-B1C4-07406E4426EA}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe | 
"{AFB7EA84-2DCF-4A4D-8DBA-94A904AFCDE3}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe | 
"{B6CFA2D7-3C50-4692-8AC3-8FF5FBA137C1}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe | 
"{B8E3E42F-D38F-4311-AE81-CC0F3FF0A8C7}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe | 
"{E2367E92-4F15-496C-8CE5-CE697B658E52}" = protocol=17 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe | 
"{F2B2C392-C3F5-46AC-A331-306D741C2900}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F4480279-C2F4-4AA0-A244-D8F6AA6BCB23}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F9B80E7C-B8A2-49D8-9BD8-77C0F927753C}" = protocol=6 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe | 
"TCP Query User{04FBDA94-EC3E-4BDC-AD10-6C9883C062C4}C:\program files\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files\dc++\dcplusplus.exe | 
"TCP Query User{1980F8EE-2B35-4E3F-B1B3-2A85FDB7CF8E}C:\program files\nettvplayer2.0\nettvplayer2.exe" = protocol=6 | dir=in | app=c:\program files\nettvplayer2.0\nettvplayer2.exe | 
"TCP Query User{2D3B92DD-8837-445F-862B-8233061062C8}C:\program files\logitech touch mouse server\itouch-server-win.exe" = protocol=6 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe | 
"TCP Query User{3B3FC328-B2F0-48F9-ACCE-256C3CDB7300}C:\program files\nettvplayer 2.0\nettvplayer2.exe" = protocol=6 | dir=in | app=c:\program files\nettvplayer 2.0\nettvplayer2.exe | 
"TCP Query User{4D50FB74-6C57-49CF-835D-9886B5512789}C:\program files\nettvplus player\nettvplayer.exe" = protocol=6 | dir=in | app=c:\program files\nettvplus player\nettvplayer.exe | 
"TCP Query User{574695E2-5C81-4270-9A4E-4E88B95C9940}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe | 
"TCP Query User{5B540635-897C-407C-993F-0A65AE853283}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{6FD2C160-CCC4-4949-914A-937E6E4AA1A8}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{7B695F63-9FC6-4166-88F6-7EE023CF3933}C:\program files\java\jre6\launch4j-tmp\stanza.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\stanza.exe | 
"TCP Query User{9C217352-A874-4EC4-A138-1AEDBF32D428}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{A9E6BD7C-7075-4E7B-9BDF-2DFAF4E2BB7C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{B52D428F-5D8D-4FB2-95BB-9D0334D8F648}C:\program files\nettvplus player\nettvplayer.exe" = protocol=6 | dir=in | app=c:\program files\nettvplus player\nettvplayer.exe | 
"TCP Query User{B542DB12-CBD8-4CF8-B477-FCF7205BF387}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe | 
"TCP Query User{B94CEDDB-6E62-4791-B228-109E8ABB378C}C:\program files\nettvplayer 2.0\nettvplayer2.exe" = protocol=6 | dir=in | app=c:\program files\nettvplayer 2.0\nettvplayer2.exe | 
"TCP Query User{B95EDDFF-18BF-45B1-80B0-AD5258D09193}E:\nettv install\nettvplayer2.0\nettvplayer2.exe" = protocol=6 | dir=in | app=e:\nettv install\nettvplayer2.0\nettvplayer2.exe | 
"TCP Query User{BBDB77A0-F5D3-445D-B8CD-B3F688914D82}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{C9775856-051B-4E20-85C4-4CC9D8836B7C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{D02F931A-F6A9-4A10-8876-E40E7BDE1596}C:\program files\e.w.e.-software\befree4iphone\befree4iphone.exe" = protocol=6 | dir=in | app=c:\program files\e.w.e.-software\befree4iphone\befree4iphone.exe | 
"TCP Query User{D94A8C66-9AA9-4C73-B025-8BDF5639F9AC}C:\program files\readon technology\readon tv movie radio player 5.8.0.0\internettv.exe" = protocol=6 | dir=in | app=c:\program files\readon technology\readon tv movie radio player 5.8.0.0\internettv.exe | 
"TCP Query User{E18343ED-939E-4669-9937-3A65082CB5A6}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{EB8D315A-884D-4A8E-B7E9-C50200AEF7B4}C:\program files\readon technology\readon tv movie radio player 5.5.0.0\internettv.exe" = protocol=6 | dir=in | app=c:\program files\readon technology\readon tv movie radio player 5.5.0.0\internettv.exe | 
"TCP Query User{F011AC76-6CB8-4C0E-BCCC-037F34EA3A1A}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"TCP Query User{F081D106-A84A-4941-911A-F25990A21F54}C:\windows\system32\presentationhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\presentationhost.exe | 
"TCP Query User{FB207454-5F85-4C25-A7EF-C2FFB102BED3}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{1784467E-4375-4301-8242-46BE7C042442}C:\program files\nettvplus player\nettvplayer.exe" = protocol=17 | dir=in | app=c:\program files\nettvplus player\nettvplayer.exe | 
"UDP Query User{18817525-D242-4EEF-9F28-842FC871DCC6}C:\program files\nettvplayer 2.0\nettvplayer2.exe" = protocol=17 | dir=in | app=c:\program files\nettvplayer 2.0\nettvplayer2.exe | 
"UDP Query User{195ED9EA-11A5-4196-A1DA-9E416BFA1599}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{29C4FA40-9313-41AF-85B1-9B54E2BCB8EE}C:\program files\logitech touch mouse server\itouch-server-win.exe" = protocol=17 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe | 
"UDP Query User{2CD882BA-243C-489C-9BFF-0E0E2B4950E7}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{322DC170-2384-4AC1-8ACE-51A530551EE9}C:\program files\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files\dc++\dcplusplus.exe | 
"UDP Query User{33207998-6D33-4D96-AF91-A6BF1DA06615}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{33C5139A-5EFD-4D18-88BA-C782A3F8B0DF}C:\program files\nettvplayer 2.0\nettvplayer2.exe" = protocol=17 | dir=in | app=c:\program files\nettvplayer 2.0\nettvplayer2.exe | 
"UDP Query User{4A85EC0C-CBAB-42CD-9E02-8EB5715360C3}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe | 
"UDP Query User{4B35DDBC-4049-421C-826E-D85D7E093693}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{5186BBA3-D172-4F46-BF40-387F029935F6}C:\program files\e.w.e.-software\befree4iphone\befree4iphone.exe" = protocol=17 | dir=in | app=c:\program files\e.w.e.-software\befree4iphone\befree4iphone.exe | 
"UDP Query User{530745DB-5620-4BA4-B722-43B356E9E72A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{63D5F7B6-8AD9-4B93-A35B-C7740411AE8E}C:\program files\nettvplus player\nettvplayer.exe" = protocol=17 | dir=in | app=c:\program files\nettvplus player\nettvplayer.exe | 
"UDP Query User{67A95FE6-6C38-413E-BBE7-9F40E53F5471}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe | 
"UDP Query User{82D6A954-85B3-47BA-8622-BD0D55BB87DC}C:\program files\nettvplayer2.0\nettvplayer2.exe" = protocol=17 | dir=in | app=c:\program files\nettvplayer2.0\nettvplayer2.exe | 
"UDP Query User{836197AD-1878-4AC2-AA33-E6D54EB69013}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"UDP Query User{8A29E98B-CABB-4805-8B4F-D11058E9ACB8}E:\nettv install\nettvplayer2.0\nettvplayer2.exe" = protocol=17 | dir=in | app=e:\nettv install\nettvplayer2.0\nettvplayer2.exe | 
"UDP Query User{91357C67-1753-49C8-9E0E-9F186A243E96}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{AB7610FA-3347-4C6E-974E-5F384CC07B60}C:\program files\java\jre6\launch4j-tmp\stanza.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\stanza.exe | 
"UDP Query User{AD08CE9A-A3B5-4136-A500-A8980D94C2C1}C:\program files\readon technology\readon tv movie radio player 5.5.0.0\internettv.exe" = protocol=17 | dir=in | app=c:\program files\readon technology\readon tv movie radio player 5.5.0.0\internettv.exe | 
"UDP Query User{B7DA8ABA-E89D-4843-9D46-BBDF327A425C}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{C5F49F09-63EE-4E8F-B64E-FC8297A9C172}C:\windows\system32\presentationhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\presentationhost.exe | 
"UDP Query User{F215BA48-A334-4C72-B350-4348B443BC1A}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{FF619F4F-929F-46E0-8D4B-00824A4F37EA}C:\program files\readon technology\readon tv movie radio player 5.8.0.0\internettv.exe" = protocol=17 | dir=in | app=c:\program files\readon technology\readon tv movie radio player 5.8.0.0\internettv.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06223EA1-8977-4A44-B2AB-30FD78B7DCC1}" = CCC Help Thai
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0CF37D58-38A8-E03F-8DD8-B01B55C09615}" = CCC Help English
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{20CCA435-1465-4567-885C-4A0AFCD0EB05}" = F2100_Help
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{24557DC0-0839-496f-82F9-C4EB72EFE4FA}" = HP Deskjet All-In-One Software 8.0
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{27349465-3521-8214-5311-286D806C86C3}" = CCC Help Dutch
"{32762866-8C6E-437E-1E79-4506FEB7323A}" = Catalyst Control Center Graphics Full Existing
"{37FD2F04-EC91-41AE-B5AB-AFF904BF20EE}" = Mobile Broadband Drivers
"{3AB2F8DF-F905-44F9-8003-C81FEE95BC2B}" = Communication Center
"{3CAF2B2D-0DA3-7BD6-6701-E3D71992DB78}" = Catalyst Control Center Localization All
"{3D0DC563-4C99-4AB1-8C22-514940666938}" = Catalyst Control Center - Branding
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4324E4DD-C67C-A413-5C12-5DC694A99AF6}" = ATI Catalyst Install Manager
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{45633D5F-76CE-B1D7-325B-A3F329AA99DB}" = Catalyst Control Center InstallProxy
"{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}" = SPSS Statistics 17.0
"{4786E500-4FA0-C30F-D4E8-0E3D70D86227}" = CCC Help Swedish
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4C3EF687-803F-4825-B815-04AE32DDEB41}" = YAVIDO
"{4F147AEF-790D-DBE2-5830-94D90C02AC24}" = Catalyst Control Center Graphics Full New
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5985DD7D-67F4-DD15-8589-B3F43C4A111D}" = CCC Help Chinese Traditional
"{5D264375-3E92-7D10-F219-3536F5BAE7BA}" = CCC Help Japanese
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5F98C4EE-879F-232C-3F44-0BBFAB6A29D4}" = CCC Help Polish
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61F8A9EC-5CB4-0001-FF88-C469156BA14C}" = CCC Help German
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67830C2E-0345-7CE7-3829-8AB3D34E3AEB}" = CCC Help Turkish
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A9B4C2D-E651-6DD7-EC1D-AF331F250AB8}" = ccc-core-static
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D9B9CF3-1E9C-45B6-B41E-5CF568605556}" = SPSS 15.0 für Windows [Auswertung Version]
"{6DEEDB89-D449-B985-4E0E-91D45AF66DFF}" = CCC Help Spanish
"{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7513A376-16F0-7E53-5CA1-7DA10A6216BC}" = CCC Help Danish
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{769033E4-C119-496A-8144-3F468081F8D7}" = Movavi Video Suite 8
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Disk Creator Reminder
"{7C30283C-8DC7-4FBB-805E-52BEA5F580E8}" = Toshiba TEMPRO
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{811EF3A7-0861-0B8F-5432-3052E8230DC0}" = Catalyst Control Center Graphics Light
"{8259E348-50E8-A3C8-52B8-699DFDD31BA8}" = CCC Help Finnish
"{846E11C7-4E39-469C-8469-569E7DE9C5CD}" = Readon TV Movie Radio Player 5.8.0.0
"{85E4952C-8C85-A58D-B9D9-783D1FADB775}" = Skins
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8921F4ED-A696-D629-45E6-45A43A0F4FF0}" = CCC Help Czech
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CB313FF-1CC6-4435-9D83-BC898BC221DC}" = Streaming Media Recorder
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German
"{98C70B57-4930-7088-22F4-93FC196938D0}" = CCC Help Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{9ECB4705-B9CB-405A-B6D4-33BDF707308E}" = DJ_AIO_Software
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A6137721-B2D0-1DAF-0B19-12AB0D065C45}" = Catalyst Control Center Core Implementation
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC1A4255-0EC8-585B-2D1A-8306C07F2B91}" = CCC Help Hungarian
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AEE65D6C-EDF4-B3E1-00CD-B17A6FC6BC6A}" = CCC Help Italian
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{B0E5D7E7-A106-458F-BA7B-2F8CAEA3BF16}" = PlayReady PC runtime
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9F119C0-6886-A250-BF18-3ABEAA26F6A5}" = CCC Help Korean
"{BB3B4056-4539-485E-A996-3B52480AA4B7}" = GT HSDPA driver installer
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DB64C016-1705-36E9-1AEA-C2D4738BDE9A}" = CCC Help Norwegian
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{DC83F417-8068-4074-BA2F-C4F8AB872556}" = DJ_AIO_Software_min
"{DE2E45A2-31B1-7D26-2701-B1244763DE10}" = CCC Help Portuguese
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E16087F4-3CE3-B644-A5F5-503F55F34CC0}" = CCC Help Russian
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E4FD13E2-1638-A5B8-E28A-54D39F13D747}" = Catalyst Control Center Graphics Previews Vista
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E9598E78-C39A-4FAB-A8C9-2F5F915A3852}" = TOSHIBA TV Tuner
"{E9E5845E-C2E1-4D8D-A2E1-46E6F7F68C68}" = Befree4iPhone
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}" = TOSHIBA ConfigFree
"{F0E4A500-34B5-E8B7-FC2C-3726A0577AAD}" = CCC Help French
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F34009E9-6EA5-F0D2-4D7D-A9CE421908B6}" = CCC Help Greek
"{F69114BE-EFDC-C756-1B38-ABD1E4873113}" = ccc-utility
"{F6F90406-4726-4559-B6F7-3A96529CDD45}" = F2100
"{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}" = HDMI Control Manager
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}" = TOSHIBA Remote Control Manager
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"2F91FC44350477C3D31ADE03728FF7F1B1B9E493" = ENE CIR Receiver Driver
"630F35D9C4C7F7F8BA4429CDB68D368E926D33B3" = Windows-Treiberpaket - TOSHIBA (mod7700) Media  (08/12/2008 2.3.3.24)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"[url="http://www.ccleaner.de"]CCleaner[/url]" = [url="http://www.ccleaner.de"]CCleaner[/url]
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"CloneDVDmobile" = CloneDVDmobile
"DiskAid_is1" = DiskAid 3.0
"FreePDF_XP" = FreePDF (Remove only)
"FTP Commander" = FTP Commander
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HPOCR" = HP OCR Software 8.0
"Hugin_release_is1" = Hugin 2009.2.0
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Disk Creator Reminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.6 (Standard)
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.2
"Meine CEWE FOTOWELT" = Meine CEWE FOTOWELT
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"Mp3tag" = Mp3tag v2.44
"myphotobook" = myphotobook 3.65
"Net TV Plus Player" = Net TV Plus Player 1.81
"nettvplayer2.0" = nettvplayer2.0
"Novatel_V20025Installer" = Novatel driver package V2.00.25
"OptionPCCardInstaller" = Option Fusion Card driver, Ricola v 2.0.0.0
"OptionPluss_PCCardInstaller" = Option Fusion+ Card driver, Nozomi v 2.1.1.112
"Picasa2" = Picasa 2
"PokerStars.net" = PokerStars.net
"PPLive" = PPLive 1.9
"ProgDVB" = ProgDVB
"RAR Password Recovery Magic_is1" = RAR Password Recovery Magic v6.1.1.95
"RealPlayer 12.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"ShockwaveFlash" = Macromedia Flash Player 8
"Super Internet TV (Premium Edition)_is1" = Super Internet TV v8.0 (Premium Edition)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"tvbrowser" = TV-Browser 2.7.4
"TVUPlayer" = TVUPlayer 2.4.9.1
"Unlocker" = Unlocker 1.8.8
"Videora iPod Converter" = Videora iPod Converter 5.03
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.0.2
"VMidi" = vanBasco's Karaoke Player
"Web Stream Recorder 2010" = Web Stream Recorder 2010
"Where Is It? 3.00" = Where Is It? 3.00
"WildTangent toshiba Master Uninstall" = WildTangent-Spiele
"Winamp" = Winamp
"Winamp Essentials Pack" = Winamp Essentials Pack
"Winamp Offizielle Deutsche Sprachdatei" = Winamp Offizielle Deutsche Sprachdatei v5.56
"WinGroove" = WinGroove (Software WaveTable Synthesizer)
"WinRAR archiver" = WinRAR
"YouTube Downloader App" = YouTube Downloader App 2.03
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 18.01.2010 09:14:53 | Computer Name = Drago-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.01.2010 16:34:18 | Computer Name = Drago-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 18.01.2010 16:34:18 | Computer Name = Drago-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 19.01.2010 02:09:41 | Computer Name = Drago-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.01.2010 05:17:00 | Computer Name = Drago-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.01.2010 06:50:13 | Computer Name = Drago-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.01.2010 08:16:17 | Computer Name = Drago-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 19.01.2010 08:16:17 | Computer Name = Drago-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 19.01.2010 16:46:39 | Computer Name = Drago-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.01.2010 15:37:56 | Computer Name = Drago-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 25.10.2009 13:05:59 | Computer Name = Drago-PC | Source = McrMgr | ID = 107
Description = 
 
Error - 28.10.2009 17:50:55 | Computer Name = Drago-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) TOSHIBA 
Analog TV Tuner (Dev1 Path2)
 
Error - 08.11.2009 08:37:50 | Computer Name = Drago-PC | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (1208.1128)
 
Error - 08.11.2009 08:37:50 | Computer Name = Drago-PC | Source = MCUpdate | ID = 0
Description =     Serververbindung konnte nicht hergestellt werden.. (1208.1129)
 
Error - 08.11.2009 09:37:59 | Computer Name = Drago-PC | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (3908.1128)
 
Error - 08.11.2009 09:37:59 | Computer Name = Drago-PC | Source = MCUpdate | ID = 0
Description =     Serververbindung konnte nicht hergestellt werden.. (3908.1129)
 
Error - 09.11.2009 06:43:02 | Computer Name = Drago-PC | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (4300.1128)
 
Error - 09.11.2009 06:43:02 | Computer Name = Drago-PC | Source = MCUpdate | ID = 0
Description =     Serververbindung konnte nicht hergestellt werden.. (4300.1129)
 
Error - 09.11.2009 07:43:57 | Computer Name = Drago-PC | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (5816.1128)
 
Error - 09.11.2009 07:43:57 | Computer Name = Drago-PC | Source = MCUpdate | ID = 0
Description =     Serververbindung konnte nicht hergestellt werden.. (5816.1129)
 
[ System Events ]
Error - 01.01.2010 17:18:48 | Computer Name = Drago-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X xD Host Controller" (PCI\VEN_197B&DEV_2384&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&04E5)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 01.01.2010 22:05:39 | Computer Name = Drago-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD/MMC Host Controller" (PCI\VEN_197B&DEV_2382&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&00E5)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 01.01.2010 22:05:39 | Computer Name = Drago-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD Host Controller" (PCI\VEN_197B&DEV_2381&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&02E5)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 01.01.2010 22:05:39 | Computer Name = Drago-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X MS Host Controller" (PCI\VEN_197B&DEV_2383&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&03E5)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 01.01.2010 22:05:39 | Computer Name = Drago-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X xD Host Controller" (PCI\VEN_197B&DEV_2384&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&04E5)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 03.01.2010 11:04:43 | Computer Name = Drago-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.01.2010 11:07:58 | Computer Name = Drago-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD/MMC Host Controller" (PCI\VEN_197B&DEV_2382&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&00E5)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 03.01.2010 11:07:58 | Computer Name = Drago-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD Host Controller" (PCI\VEN_197B&DEV_2381&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&02E5)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 03.01.2010 11:07:58 | Computer Name = Drago-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X MS Host Controller" (PCI\VEN_197B&DEV_2383&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&03E5)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 03.01.2010 11:07:58 | Computer Name = Drago-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X xD Host Controller" (PCI\VEN_197B&DEV_2384&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&04E5)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
 
< End of report >


ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/01/30 14:16
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x8FE6A000 Size: 897024 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x9E7A6000 Size: 49152 File Visible: No Signed: -
Status: -

Name: splj.sys
Image Path: C:\Windows\System32\Drivers\splj.sys
Address: 0x80695000 Size: 1052672 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\System Volume Information\{074f6941-0b6f-11df-aee8-afb0ef0d9a46}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{074f69a0-0b6f-11df-aee8-995e83a6a71b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{074f69ed-0b6f-11df-aee8-a656b8d6bae2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{12b59b34-077a-11df-b162-9a78d547bb47}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{26e269b4-04e8-11df-bcd2-a999b691af14}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{30fb236b-0433-11df-bf3e-a34201956ca8}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{31cadc85-08de-11df-b04a-9c3b5910717e}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{37dd905f-0c9a-11df-aa16-a80a13ce3295}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{72b058be-06db-11df-8ab2-8341b0ea0775}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{75108b3e-0b99-11df-87fd-c878b069f46f}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{85ab1ade-09ac-11df-8ce8-cbd6a095dd1d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{d2d9f76b-0c0d-11df-96be-f4b725dfa9e5}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{f3f74b89-07f5-11df-b248-e12eecc8a26f}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\System32\XPSViewer\XPSVIE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0efb442f8a0f46c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.91_none_0e9c342f74fd2e58.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_5c400d5e63e93b68.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_58b1a5ca663317c4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.1.0.0_none_6c030d6fdc86522c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_db5f5c9d98cb161f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_dc9917e997f80c63.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.91_none_d6c3f1519bae0514.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_7658964504b9f3b6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.91_none_588445e3d272feb1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_a6e4a7980e9b18a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.91_none_54c1279468b7b84b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\d14225a52543aa5a9605b00dd7574812bf89c605ebc73a9730e1e386bfc965f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\d5ecf2ab9387e082648bbcccd6eceb9d67b096939150833d0ae3066b3a1a676e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\91ca50cec42075fff02b366323bf3b45d2053b24544bd12b622b65621bd0edd5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\b3beb16c28db357e654a6b132f59cd48cb95cee949d7b97587f8f02f233f3ce1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\935df4549e21123a2efb986a707f54475380a037519679510e4b4dfc4bdb5767.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\88b03fe13d2710ad787d5d96cd0e5cbeda3a61c2a0a2bdc0c0984a48365242e2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\b080e112e69d2e9c8e71acd39a81f0d469d837625ceb8ed73b5b87da1fd1424c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\23b92a7e8d7a21cc76b46dc3885c05ac29036240854e18dfce39b283b8cfdf52.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\f8209ee440679adcdab198fe5262dd5ff95c1d654f488816d0f33c8a45d5e8d8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\26340819d2ef86080d9001c6f2737d70fd6602ddf4b86b6c26b326ef81cc3342.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\ef483ae0673e2975dd4224fe26749623c1c702b8b3fded10161417459e1771a7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\2d3cb7907b1336ea5889a2b731d5e97ad40903a4efd2287c1c117bc30f208f46.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\a2492fa83366394b7c17fa6c9650ce5688b887d0ad0ad79743a3422debf4d997.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\a951d53950c367acc37622f0dd619a954df5de2c4ec40296e6636605aa33714a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\5effcbd6bfe308cd94c31922a126a132ef26282a495f9fc0963000a8e158d866.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\71503c1b988fb27a41668f3ba35468d268daf07e8e79cf7b82a1ef64a8d213a1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\f7bf65ca621d8ad32ead1500a08827be239d0f49d83dc20dabf57d2eb17adbd7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\989e628160e12c984a435d2bb2a335ad043e006646150c7b1f3bb52dccd842cc.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\bd83dce340498e7c363093c2fc74dfb58e1ec17770453905172c7471fadd9333.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\dd72f7ab2def5f75f58d01b24643b308750c38685daaed50bcddf61c18460dee.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\8b414e757cb8b153bff77dd00a36556aea3adab25ce15f3e8b184ffbf41ba7a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.speech_31bf3856ad364e35_6.0.6000.16708_none_080e70cf835a2dc3\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.speech_31bf3856ad364e35_6.0.6000.20864_none_08532cea9cac0fd7\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.speech_31bf3856ad364e35_6.0.6001.18096_none_09915daf80cb8a58\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.speech_31bf3856ad364e35_6.0.6001.22208_none_0a7e4c40999e5e7e\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.speech_31bf3856ad364e35_6.0.6002.18005_none_0bd8244b7da9c221\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_fdproxy_31bf3856ad364e35_6.0.6000.16386_none_792f8ff471a64e3b\$$DeleteMe.fdProxy.dll.01ca5657512ca4c6.0026
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_fdssdp_31bf3856ad364e35_6.0.6001.18000_none_3addf297743e6161\$$DeleteMe.fdSSDP.dll.01ca56575755f1d6.0055
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_fdwsd_31bf3856ad364e35_6.0.6001.18000_none_7da88373c225d895\$$DeleteMe.fdWSD.dll.01ca565761e57f36.00a8
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_fundisc_31bf3856ad364e35_6.0.6001.18000_none_7be46ed83ae29055\$$DeleteMe.fundisc.dll.01ca565754c582f6.0041
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..dcredentialprovider_31bf3856ad364e35_6.0.6001.18000_none_420aa4b9c28d5162\$$DeleteMe.SmartcardCredentialProvider.dll.01ca56575dd28f06.0080
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_d51103be4cb9d6c3\$$DeleteMe.apphelp.dll.01ca56576216c866.00ab
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..o-mmecore-wdm-audio_31bf3856ad364e35_6.0.6001.18000_none_4a4e4c26e5b22007\$$DeleteMe.wdmaud.drv.01ca565757fa2116.0059
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..terface-ldapc-layer_31bf3856ad364e35_6.0.6001.18000_none_5f327439667d597c\$$DeleteMe.adsldpc.dll.01ca565754abb966.003f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.18293_none_aac1f52459f8aeb3\$$DeleteMe.atl.dll.01ca56575e025196.0082
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6001.18000_none_769fc426e49fbfda\$$DeleteMe.audiodg.exe.01ca56574fbdf996.0021
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6001.18000_none_769fc426e49fbfda\$$DeleteMe.AudioSes.dll.01ca56575d364f06.007a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6001.18000_none_769fc426e49fbfda\$$DeleteMe.audiosrv.dll.01ca5657613234c6.00a0
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.0.6001.18000_none_589bbe5841e2df00\$$DeleteMe.dsound.dll.01ca56575af44e46.0069
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-mmecore-base_31bf3856ad364e35_6.0.6001.18000_none_b5dfbc3a51b01b87\$$DeleteMe.winmm.dll.01ca56575fac7f26.0092
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.0.6001.18000_none_8cfdc804108fe1a6\$$DeleteMe.midimap.dll.01ca56575d24c2d6.0079
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.0.6001.18000_none_8cfdc804108fe1a6\$$DeleteMe.msacm32.drv.01ca565765ce5226.00c8
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.0.6001.18000_none_e34851aa8681b8b0\$$DeleteMe.advapi32.dll.01ca56574fa0fbb6.0020
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.18000_none_ab203fc659b26ce7\$$DeleteMe.atl.dll.01ca55016b7023c0.001a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-authentication-authui_31bf3856ad364e35_6.0.6001.22364_none_0c403f4e0eb28911\$$DeleteMe.authui.dll.01ca56575c101e86.0071
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-azman_31bf3856ad364e35_6.0.6001.18000_none_56571935b2b95c99\$$DeleteMe.azroles.dll.01ca56574f65c776.001c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\$$DeleteMe.bcrypt.dll.01ca56575072f1b6.0024
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\$$DeleteMe.qmgr.dll.01ca565759a05706.0063
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-bits-igdsearcher_31bf3856ad364e35_6.0.6001.18000_none_b16c3d098f004f58\$$DeleteMe.bitsigd.dll.01ca56575847cbe6.005a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18057_none_0cbe918751dfdd3f\$$DeleteMe.es.dll.01ca56576108b3c6.009f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..ent-indexing-common_31bf3856ad364e35_6.0.6001.18000_none_06b40dcad71051f6\$$DeleteMe.Query.dll.01ca5657594c6aa6.005f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..fe-catsrvut-comsvcs_31bf3856ad364e35_6.0.6001.18000_none_72c2652d9fddfafd\$$DeleteMe.comsvcs.dll.01ca56575db3bc66.007f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..rformance-xperfcore_31bf3856ad364e35_6.0.6001.18000_none_d71173946e986845\$$DeleteMe.diagperf.dll.01ca565764d52516.00c1
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..tionauthorityclient_31bf3856ad364e35_6.0.6001.18000_none_d77db57c3ca78826\$$DeleteMe.certcli.dll.01ca565755180fc6.0043
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-cmi_31bf3856ad364e35_6.0.6001.18000_none_a9ce4a485a8ade99\$$DeleteMe.cmiv2.dll.01ca56576a32bdb6.00d7
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6001.18000_none_ac1da75bf2516084\$$DeleteMe.ole32.dll.01ca565756813cb6.004e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\$$DeleteMe.rpcss.dll.01ca565760daed06.009d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.0.6001.18085_none_4ca16fc8b98a26e2\$$DeleteMe.xolehlp.dll.01ca5657641641e6.00bd
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-comdlg32_31bf3856ad364e35_6.0.6001.18000_none_b5b111a1a5a793a5\$$DeleteMe.comdlg32.dll.01ca565755257d46.0044
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6001.18000_none_7701ab362cebf905\$$DeleteMe.umpnpmgr.dll.01ca565763087b66.00b5
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-credui_31bf3856ad364e35_6.0.6001.18000_none_db374cc18eed7408\$$DeleteMe.credui.dll.01ca56574c800ca6.000a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6001.18000_none_5b6fc1dbddd3c6da\$$DeleteMe.crypt32.dll.01ca56575e8208e6.0088
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\$$DeleteMe.cryptsvc.dll.01ca5657563b3306.004a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-cryptui-dll_31bf3856ad364e35_6.0.6001.18000_none_85ee5b5e98235317\$$DeleteMe.cryptui.dll.01ca56575b2e9826.006b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-cpfilters_31bf3856ad364e35_6.1.1000.18299_none_f24aebf2486034b3\$$DeleteMe.CPFilters.dll.01ca56535442bd64.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.0.6001.18000_none_8da39414bd31fb37\$$DeleteMe.uxsms.dll.01ca565762840926.00af
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6001.18000_none_d75a29a02e8fcf7a\$$DeleteMe.dhcpcsvc.dll.01ca565762a043b6.00b1
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6001.18000_none_d75a29a02e8fcf7a\$$DeleteMe.dhcpcsvc6.dll.01ca56574ce3fe96.000d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dfsr-core-clientonly_31bf3856ad364e35_6.0.6001.18000_none_b6798caa9a04157b\$$DeleteMe.dfsr.exe.01ca565758653ef6.005b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.0.6001.18000_none_c24d6ca560c635f9\$$DeleteMe.d3d9.dll.01ca56575b4b47e6.006c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_e1e27cdd8259636b\$$DeleteMe.dnsapi.dll.01ca56574e4e15e6.0015
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_e1e27cdd8259636b\$$DeleteMe.dnsrslvr.dll.01ca5657539e19f6.0039
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6001.22167_none_a6bff72a072e245d\$$DeleteMe.quartz.dll.01ca56575b7df0a6.006d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6000.16386_none_571790f3532b2696\$$DeleteMe.winrnr.dll.01ca5657658d7896.00c6
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.0.6001.18000_none_64138b2cc36a286b\$$DeleteMe.eappcfg.dll.01ca56574cf0f6e6.000e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.0.6001.18000_none_64138b2cc36a286b\$$DeleteMe.eapphost.dll.01ca565764a2ca76.00bf
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6001.18000_none_b1ee595da0f48e64\$$DeleteMe.samlib.dll.01ca565759264506.005d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6001.18000_none_b1ee595da0f48e64\$$DeleteMe.samsrv.dll.01ca56574efe7a26.0019
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-e..emorydevicesservice_31bf3856ad364e35_6.0.6001.18098_none_9e329f52f6fc276d\$$DeleteMe.emdmgmt.dll.01ca56575ebbb686.008a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-e..estorageengine-isam_31bf3856ad364e35_6.0.6001.18000_none_f1e446e12c0bbf09\$$DeleteMe.esent.dll.01ca56575c4ba0e6.0074
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-enhancedvideorenderer_31bf3856ad364e35_6.0.6001.22164_none_8fef3c16e5d12be0\$$DeleteMe.evr.dll.01ca565761c65e76.00a7
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_6.0.6001.18000_none_2076b21605e43be9\$$DeleteMe.wer.dll.01ca565756a53f76.0050
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-eventlog-api_31bf3856ad364e35_6.0.6001.18000_none_ac31021c654a3267\$$DeleteMe.wevtapi.dll.01ca56574d03bb96.000f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-eventlog_31bf3856ad364e35_6.0.6001.18000_none_dcc45c1a12d92f84\$$DeleteMe.wevtsvc.dll.01ca56574f77c8d6.001d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-feclient_31bf3856ad364e35_6.0.6001.18000_none_beda112b5794d4e0\$$DeleteMe.feclient.dll.01ca5657634695d6.00b7
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-feedback-service_31bf3856ad364e35_6.0.6001.18000_none_79cbf36190e59fa9\$$DeleteMe.wersvc.dll.01ca565356688394.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-feedback-service_31bf3856ad364e35_6.0.6001.18145_none_79a5b70991018b47\$$DeleteMe.wersvc.dll.01ca56575defdb06.0081
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-grouppolicy-base_31bf3856ad364e35_6.0.6001.18000_none_282361dee702a605\$$DeleteMe.gpapi.dll.01ca5657598a5e06.0062
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-grouppolicy-base_31bf3856ad364e35_6.0.6001.18000_none_282361dee702a605\$$DeleteMe.gpsvc.dll.01ca56575f636836.0090
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-hid-user_31bf3856ad364e35_6.0.6000.16386_none_d47586718a839763\$$DeleteMe.hidserv.dll.01ca56575fb69146.0093
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18828_none_97be9dffeca028c3\$$DeleteMe.urlmon.dll.01ca793f6c40c8b0.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18865_none_97905d71ecc34c82\$$DeleteMe.urlmon.dll.01ca9b8b9d003217.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..mentation.resources_31bf3856ad364e35_6.0.6000.16386_de-de_6d2913106de015bc\$$DeleteMe.wininet.dll.mui.01ca5501742b4ee0.0023
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..nal-core-locale-nls_31bf3856ad364e35_6.0.6001.18000_none_6ab830d9a945c1d1\$$DeleteMe.locale.nls.01ca5657656927b6.00c4
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18226_none_01d9592da1dddc20\$$DeleteMe.wininet.dll.01ca55016cce0de0.001e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18828_none_e4c479a1b7a94f56\$$DeleteMe.wininet.dll.01ca793f6c5fba90.0004
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18865_none_e4963913b7cc7315\$$DeleteMe.wininet.dll.01ca9b8b9d0c18f7.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-icm-base_31bf3856ad364e35_6.0.6001.18000_none_22c7ea5489633945\$$DeleteMe.mscms.dll.01ca5657597fafa6.0061
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6001.18000_none_11e312d27c5a6ba6\$$DeleteMe.iphlpsvc.dll.01ca5657471b4816.0004
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18226_none_479410098c8efa7d\$$DeleteMe.iertutil.dll.01ca55016c54a7c0.001d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\ASPNET~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\REDIRE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\ASPNET~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\REDIRE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18005_none_12d4ebd0b1f42298\ASPNET~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18005_none_12d4ebd0b1f42298\REDIRE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\ASPNET~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\REDIRE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\ASPNET~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\REDIRE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_5c561e167a6afd02\$$DeleteMe.imm32.dll.01ca5657521bbfb6.002e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-installer-engine_31bf3856ad364e35_6.0.6001.18000_none_037a7e2bb384bf01\$$DeleteMe.msi.dll.01ca56574ea69626.0017
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0\$$DeleteMe.kernel32.dll.01ca565752104e06.002d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-k..eo-capture-plug-ins_31bf3856ad364e35_6.0.6000.16386_none_f333da7d43ad950a\$$DeleteMe.Kswdmcap.ax.01ca56575724cfb6.0054
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ldap-client_31bf3856ad364e35_6.0.6001.18000_none_f33c4797566bb3db\$$DeleteMe.Wldap32.dll.01ca5657596067d6.0060
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\$$DeleteMe.lsass.exe.01ca55016a67eb20.0011
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\$$DeleteMe.lsasrv.dll.01ca55016a7170a0.0012
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\$$DProcesses
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1348 Status: Locked to the Windows API!

SSDT
-------------------
#: 078 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x8b9d7a3c

#: 194 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x8b9d7a28

#: 201 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x8b9d7a2d

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x8b9d7a37

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x85cfa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x85cfa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x85cfa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x85cfa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x85cfa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x85cfa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x85cfa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x85cfa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x85cfa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x85cfa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x85cfa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x85cfa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x85cfa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85cfa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x85cfa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x85cfa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x85cfa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x85cfa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x85cfa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x85cfa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x85cfa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x85cfa1f8 Size: 121

Object: Hidden Code [Driver: cdromĬ, IRP_MJ_CREATE]
Process: System Address: 0x877ba1f8 Size: 121

Object: Hidden Code [Driver: cdromĬ, IRP_MJ_CLOSE]
Process: System Address: 0x877ba1f8 Size: 121

Object: Hidden Code [Driver: cdromĬ, IRP_MJ_READ]
Process: System Address: 0x877ba1f8 Size: 121

Object: Hidden Code [Driver: cdromĬ, IRP_MJ_WRITE]
Process: System Address: 0x877ba1f8 Size: 121

Object: Hidden Code [Driver: cdromĬ, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x877ba1f8 Size: 121

Object: Hidden Code [Driver: cdromĬ, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x877ba1f8 Size: 121

Object: Hidden Code [Driver: cdromĬ, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x877ba1f8 Size: 121

Object: Hidden Code [Driver: cdromĬ, IRP_MJ_SHUTDOWN]
Process: System Address: 0x877ba1f8 Size: 121

Object: Hidden Code [Driver: cdromĬ, IRP_MJ_POWER]
Process: System Address: 0x877ba1f8 Size: 121

Object: Hidden Code [Driver: cdromĬ, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x877ba1f8 Size: 121

Object: Hidden Code [Driver: cdromĬ, IRP_MJ_PNP]
Process: System Address: 0x877ba1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x85cf81f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x85cf81f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85cf81f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85cf81f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x85cf81f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85cf81f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x85cf81f8 Size: 121

Datei Anhang: Datei wird hocObject: Hidden Code [Driver: usbuhci藗Џ浍摌챨藗ࡠ蝥????, IRP_MJ_CREATE]
Process: System Address: 0x876881f8 Size: 121

hgeladen... - bitte Geduld! (je nach Größe)Object: Hidden Code [Driver: usbuhci藗Џ浍摌챨藗ࡠ蝥????, IRP_MJ_CLOSE]
Process: System Address: 0x876881f8 Size: 121

E-Mail Benachrichtigung: Object: Hidden Code [Driver: usbuhci藗Џ浍摌챨藗ࡠ蝥????, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x876881f8 Size: 121

FolgendObject: Hidden Code [Driver: usbuhci藗Џ浍摌챨藗ࡠ蝥????, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x876881f8 Size: 121

e Themen könnten dich auch interessieren:Object: Hidden Code [Driver: usbuhci藗Џ浍摌챨藗ࡠ蝥????, IRP_MJ_POWER]
Process: System Address: 0x876881f8 Size: 121

» ständige AntiVir Meldung ----> TR/VundoObject: Hidden Code [Driver: usbuhci藗Џ浍摌챨藗ࡠ蝥????, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x876881f8 Size: 121

.Gen» WORM/Alcra.B sowie TR/Drop.Agent.sObject: Hidden Code [Driver: usbuhci藗Џ浍摌챨藗ࡠ蝥????, IRP_MJ_PNP]
Process: System Address: 0x876881f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CREATE]
Process: System Address: 0x897c51f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CLOSE]
Process: System Address: 0x897c51f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x897c51f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x897c51f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CLEANUP]
Process: System Address: 0x897c51f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_PNP]
Process: System Address: 0x897c51f8 Size: 121

Object: Hidden Code [Driver: netbt裒, IRP_MJ_CREATE]
Process: System Address: 0x897c11f8 Size: 121

Object: Hidden Code [Driver: netbt裒, IRP_MJ_CLOSE]
Process: System Address: 0x897c11f8 Size: 121

Object: Hidden Code [Driver: netbt裒, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x897c11f8 Size: 121

Object: Hidden Code [Driver: netbt裒, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x897c11f8 Size: 121

Object: Hidden Code [Driver: netbt裒, IRP_MJ_CLEANUP]
Process: System Address: 0x897c11f8 Size: 121

Object: Hidden Code [Driver: netbt裒, IRP_MJ_PNP]
Process: System Address: 0x897c11f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЅ晖呉큤輨툴良, IRP_MJ_CREATE]
Process: System Address: 0x8781c1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЅ晖呉큤輨툴良, IRP_MJ_CLOSE]
Process: System Address: 0x8781c1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЅ晖呉큤輨툴良, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8781c1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЅ晖呉큤輨툴良, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8781c1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЅ晖呉큤輨툴良, IRP_MJ_POWER]
Process: System Address: 0x8781c1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЅ晖呉큤輨툴良, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8781c1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЅ晖呉큤輨툴良, IRP_MJ_PNP]
Process: System Address: 0x8781c1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]
Process: System Address: 0x85cf51f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]
Process: System Address: 0x85cf51f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]
Process: System Address: 0x85cf51f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x85cf51f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85cf51f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85cf51f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]
Process: System Address: 0x85cf51f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]
Process: System Address: 0x85cf51f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]
Process: System Address: 0x85cf51f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85cf51f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]
Process: System Address: 0x85cf51f8 Size: 121

Object: Hidden Code [Driver: a36tqd67Ѕ灓摴껠聯�蝺绰誼, IRP_MJ_CREATE]
Process: System Address: 0x878191f8 Size: 121

Object: Hidden Code [Driver: a36tqd67Ѕ灓摴껠聯�蝺绰誼, IRP_MJ_CLOSE]
Process: System Address: 0x878191f8 Size: 121

Object: Hidden Code [Driver: a36tqd67Ѕ灓摴껠聯�蝺绰誼, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x878191f8 Size: 121

Object: Hidden Code [Driver: a36tqd67Ѕ灓摴껠聯�蝺绰誼, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x878191f8 Size: 121

Object: Hidden Code [Driver: a36tqd67Ѕ灓摴껠聯�蝺绰誼, IRP_MJ_POWER]
Process: System Address: 0x878191f8 Size: 121

Object: Hidden Code [Driver: a36tqd67Ѕ灓摴껠聯�蝺绰誼, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x878191f8 Size: 121

Object: Hidden Code [Driver: a36tqd67Ѕ灓摴껠聯�蝺绰誼, IRP_MJ_PNP]
Process: System Address: 0x878191f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x876fb1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x876fb1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x876fb1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x876fb1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x876fb1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x876fb1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x876fb1f8 Size: 121

Object: Hidden Code [Driver: msahci, IRP_MJ_POWER]
Process: System Address: 0x85cf91f8 Size: 121

Object: Hidden Code [Driver: msahci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85cf91f8 Size: 121

Object: Hidden Code [Driver: msahci, IRP_MJ_PNP]
Process: System Address: 0x85cf91f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE]
Process: System Address: 0x89b69500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x89b69500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLOSE]
Process: System Address: 0x89b69500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_READ]
Process: System Address: 0x89b69500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_WRITE]
Process: System Address: 0x89b69500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89b69500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89b69500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x89b69500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_EA]
Process: System Address: 0x89b69500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89b69500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89b69500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89b69500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89b69500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89b69500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89b69500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89b69500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89b69500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89b69500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLEANUP]
Process: System Address: 0x89b69500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x89b69500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x89b69500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x89b69500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_POWER]
Process: System Address: 0x89b69500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89b69500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x89b69500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x89b69500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x89b69500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_PNP]
Process: System Address: 0x89b69500 Size: 121

Object: Hidden Code [Driver: cdfsЋ瑅퉷堸ꘆ, IRP_MJ_CREATE]
Process: System Address: 0x877841f8 Size: 121

Object: Hidden Code [Driver: cdfsЋ瑅퉷堸ꘆ, IRP_MJ_CLOSE]
Process: System Address: 0x877841f8 Size: 121

Object: Hidden Code [Driver: cdfsЋ瑅퉷堸ꘆ, IRP_MJ_READ]
Process: System Address: 0x877841f8 Size: 121

Object: Hidden Code [Driver: cdfsЋ瑅퉷堸ꘆ, IRP_MJ_WRITE]
Process: System Address: 0x877841f8 Size: 121

Object: Hidden Code [Driver: cdfsЋ瑅퉷堸ꘆ, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x877841f8 Size: 121

Object: Hidden Code [Driver: cdfsЋ瑅퉷堸ꘆ, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x877841f8 Size: 121

Object: Hidden Code [Driver: cdfsЋ瑅퉷堸ꘆ, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x877841f8 Size: 121

Object: Hidden Code [Driver: cdfsЋ瑅퉷堸ꘆ, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x877841f8 Size: 121

Object: Hidden Code [Driver: cdfsЋ瑅퉷堸ꘆ, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x877841f8 Size: 121

Object: Hidden Code [Driver: cdfsЋ瑅퉷堸ꘆ, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x877841f8 Size: 121

Object: Hidden Code [Driver: cdfsЋ瑅퉷堸ꘆ, IRP_MJ_SHUTDOWN]
Process: System Address: 0x877841f8 Size: 121

Object: Hidden Code [Driver: cdfsЋ瑅퉷堸ꘆ, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x877841f8 Size: 121

Object: Hidden Code [Driver: cdfsЋ瑅퉷堸ꘆ, IRP_MJ_CLEANUP]
Process: System Address: 0x877841f8 Size: 121

Object: Hidden Code [Driver: cdfsЋ瑅퉷堸ꘆ, IRP_MJ_PNP]
Process: System Address: 0x877841f8 Size: 121

==EOF==
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 12