|  | 
| 
 | |||||||
| Plagegeister aller Art und deren Bekämpfung: AntimalwareDoctor - Malwarebytes/Spybot haben nichts gebracht!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. | 
|  | 
|  | 
|  08.10.2010, 17:18 | #1 | 
|  |   AntimalwareDoctor - Malwarebytes/Spybot haben nichts gebracht! Hallo! Ich bin eine verzweifelte Studentin im Ausland und habe daher keinen Zugriff auf meine Installationscds. Seit gestern habe ich den AntimalwareDoctor-Virus und bin seit dem am googlen... ohne Erfolg! Ich habe mein Standard-Antivirenprogramm McAfee durchlaufen lassen, Malwarebytes' Antimalware und Spybot erfolglos ausprobiert und im Moment benutze ich OTL. Ich habe mich schon bei einigen Threads durchgelesen, jedoch sagen mir die ganzen Ausdrück relativ wenig und ich habe auch keine Ahnung, was für Angaben ich hier noch posten kann! Vielen Dank für die Hilfe schon mal im Vorraus, Win52 | 
|  08.10.2010, 17:24 | #2 | 
| /// Malware-holic       |   AntimalwareDoctor - Malwarebytes/Spybot haben nichts gebracht! dann stelle die otl logs mal ein. __________________ | 
|  08.10.2010, 17:26 | #3 | 
|  |   AntimalwareDoctor - Malwarebytes/Spybot haben nichts gebracht! OTL Logfile:__________________ Code: 
  ATTFilter OTL logfile created on: 08.10.2010 17:08:13 - Run 1 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Lavinia\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,21 Gb Total Space | 12,67 Gb Free Space | 10,90% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 231,70 Gb Free Space | 99,49% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 115,21 Gb Total Space | 109,29 Gb Free Space | 94,87% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PCSBSLV52 Current User Name: Lavinia Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Lavinia\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Lavinia\AppData\Roaming\B50BF6989C27D56C2A7E11169008A2D2\v700bin00mod.exe () PRC - C:\Programme\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.) PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - c:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\Windows\System32\msfeedssync.exe (Microsoft Corporation) PRC - C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\McAfee\Core\mchost.exe (McAfee, Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe () PRC - C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\Programme\McAfee\SiteAdvisor\McSACore.exe () PRC - C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba) PRC - C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) PRC - C:\Programme\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH) PRC - C:\Programme\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - C:\Windows\System32\TAMSvr.exe (AuthenTec Inc.) PRC - c:\Programme\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - c:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSVR.EXE (Ulead Systems, Inc.) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) ========== Modules (SafeList) ========== MOD - C:\Users\Lavinia\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\McAfee\SiteAdvisor\sahook.dll () MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe () SRV - (AdobeActiveFileMonitor8.0) -- C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (MSSQL$QOSMIOAVINDEXING) SQL Server (QOSMIOAVINDEXING) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe () SRV - (TNaviSrv) -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (SmartFaceVWatchSrv) -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba) SRV - (TempoMonitoringService) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH) SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (TOSHIBA Bluetooth Service) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (Authentec memory manager) -- C:\Windows\System32\TAMSvr.exe (AuthenTec Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TosCoSrv) -- c:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (TOSHIBA SMART Log Service) -- c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSVR.EXE (Ulead Systems, Inc.) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (TpChoice) -- C:\Windows\System32\DRIVERS\TpChoice.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.) DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.) DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.) DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.) DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.) DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV - (SPURS) -- C:\Windows\System32\drivers\spurs.sys (Toshiba Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (enecirhid) -- C:\Windows\System32\drivers\enecirhid.sys (ENE TECHNOLOGY INC.) DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (enecirhidma) -- C:\Windows\System32\drivers\enecirhidma.sys (ENE TECHNOLOGY INC.) DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (mod7700) -- C:\Windows\System32\drivers\dvb7700all.sys (DiBcom) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (AlfaFF) -- C:\Windows\system32\Drivers\AlfaFF.sys (Alfa Corporation) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.) DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.imdb.com/" FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010.03.02 17:59:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.25 10:40:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.16 11:05:58 | 000,000,000 | ---D | M] [2009.07.10 14:08:30 | 000,000,000 | ---D | M] -- C:\Users\Lavinia\AppData\Roaming\mozilla\Extensions [2010.10.08 14:15:07 | 000,000,000 | ---D | M] -- C:\Users\Lavinia\AppData\Roaming\mozilla\Firefox\Profiles\32scw1z0.default\extensions [2010.09.20 16:49:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lavinia\AppData\Roaming\mozilla\Firefox\Profiles\32scw1z0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.20 16:49:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Lavinia\AppData\Roaming\mozilla\Firefox\Profiles\32scw1z0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.07.02 09:27:03 | 000,000,000 | ---D | M] -- C:\Users\Lavinia\AppData\Roaming\mozilla\Firefox\Profiles\32scw1z0.default\extensions\youtube2mp3@mondayx.de [2010.10.08 12:14:58 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.07.10 16:23:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.10.08 12:14:54 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.08.24 14:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Programme\Mozilla Firefox\components\Scriptff.dll [2009.08.09 00:11:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Programme\Mozilla Firefox\plugins\PDFNetC.dll [2009.08.09 00:30:36 | 000,107,760 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\ScorchPDFWrapper.dll [2009.06.24 13:37:42 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.06.24 13:37:42 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.06.24 13:37:42 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.09.14 21:32:28 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.06.24 13:37:42 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20100925104012.dll (McAfee, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll () O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll () O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - HKCU..\Run: [v700bin00mod.exe] C:\Users\Lavinia\AppData\Roaming\B50BF6989C27D56C2A7E11169008A2D2\v700bin00mod.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Lavinia\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 129.12.21.3 129.12.21.8 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll () O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Lavinia\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Lavinia\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.08 15:35:32 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2010.10.08 15:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010.10.08 12:14:42 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2010.10.08 12:07:18 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010.10.08 11:45:55 | 000,000,000 | ---D | C] -- C:\Users\Lavinia\AppData\Roaming\Malwarebytes [2010.10.08 11:45:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.10.08 11:45:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.10.08 11:45:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.10.08 11:45:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.07 17:30:42 | 000,000,000 | ---D | C] -- C:\Users\Lavinia\AppData\Roaming\B50BF6989C27D56C2A7E11169008A2D2 [2010.10.02 11:25:11 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.10.02 11:21:36 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2010.09.29 14:05:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.09.28 18:12:54 | 000,000,000 | ---D | C] -- C:\Users\Lavinia\Documents\Bluetooth [2010.09.25 10:40:12 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys [2010.09.25 10:40:03 | 000,141,792 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe [2010.09.25 10:39:52 | 000,386,712 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys [2010.09.25 10:39:52 | 000,312,904 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys [2010.09.25 10:39:52 | 000,164,808 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys [2010.09.25 10:39:52 | 000,152,992 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys [2010.09.25 10:39:52 | 000,095,600 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys [2010.09.25 10:39:52 | 000,084,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys [2010.09.25 10:39:52 | 000,064,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys [2010.09.25 10:39:52 | 000,055,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys [2010.09.25 10:39:52 | 000,052,104 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys [2010.09.18 17:48:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage [2010.09.16 12:28:04 | 000,000,000 | ---D | C] -- C:\Users\Lavinia\Desktop\ausdrucken [2010.09.16 11:05:16 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010.09.15 17:29:48 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL [2010.09.09 20:12:05 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.09.09 19:51:37 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.09.09 19:51:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.09.09 19:51:37 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.09.09 19:51:37 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.09.09 19:51:36 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.09.09 19:51:35 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.09.09 19:51:35 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.09.09 19:51:34 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.09.09 19:51:33 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.09.09 19:51:32 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.09.09 19:51:32 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.09.09 19:51:32 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.09.09 19:51:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.09.09 19:51:31 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.09.09 19:51:30 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.09.09 19:51:17 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.09.09 19:50:10 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.09.09 19:49:44 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.09.09 19:48:10 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.09.09 19:48:01 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.02.04 09:21:34 | 000,525,656 | ---- | C] (Microsoft Corporation) -- C:\Programme\DXSETUP.exe [2010.02.04 09:21:32 | 001,691,480 | ---- | C] (Microsoft Corporation) -- C:\Programme\dsetup32.dll [2010.02.04 09:21:32 | 000,094,040 | ---- | C] (Microsoft Corporation) -- C:\Programme\DSETUP.dll [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.08 17:14:33 | 006,815,744 | -HS- | M] () -- C:\Users\Lavinia\NTUSER.DAT [2010.10.08 17:13:32 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0D0209DB-2CC4-48DF-A011-0FEF7EF20051}.job [2010.10.08 16:52:05 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010.10.08 16:50:19 | 000,112,529 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.10.08 16:50:19 | 000,112,529 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.10.08 16:50:18 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.10.08 16:50:15 | 000,001,740 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk [2010.10.08 16:48:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.08 16:48:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.08 16:48:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.10.08 16:48:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.08 16:47:21 | 000,524,288 | -HS- | M] () -- C:\Users\Lavinia\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.10.08 16:47:21 | 000,065,536 | -HS- | M] () -- C:\Users\Lavinia\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.10.08 16:46:50 | 003,811,722 | -H-- | M] () -- C:\Users\Lavinia\AppData\Local\IconCache.db [2010.10.08 16:42:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.10.08 15:30:12 | 000,012,881 | ---- | M] () -- C:\Users\Lavinia\Documents\Courses.docx [2010.10.08 15:24:48 | 001,577,460 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.10.08 15:24:48 | 000,675,450 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.10.08 15:24:48 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.10.08 15:24:48 | 000,144,456 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.10.08 15:24:48 | 000,122,072 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.10.05 22:14:31 | 000,000,680 | ---- | M] () -- C:\Users\Lavinia\AppData\Local\d3d9caps.dat [2010.10.05 16:32:19 | 000,010,728 | ---- | M] () -- C:\Users\Lavinia\Documents\salsa.docx [2010.10.02 22:55:20 | 000,010,351 | ---- | M] () -- C:\Users\Lavinia\Documents\Addresses.docx [2010.10.02 22:55:08 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.10.02 10:46:11 | 000,002,078 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.09.30 11:21:50 | 000,021,208 | ---- | M] () -- C:\Users\Lavinia\Documents\FraDez.docx [2010.09.30 10:50:44 | 000,010,068 | ---- | M] () -- C:\Users\Lavinia\Documents\Worship.docx [2010.09.29 19:22:46 | 000,010,989 | ---- | M] () -- C:\Users\Lavinia\Documents\DVDs.docx [2010.09.18 21:57:19 | 000,033,792 | ---- | M] () -- C:\Users\Lavinia\Documents\Praise to our God 3 phonetic lyrics.doc [2010.09.16 11:05:48 | 000,001,731 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.09.14 15:29:27 | 000,010,396 | ---- | M] () -- C:\Users\Lavinia\Documents\Ryanair Irland.docx [2010.09.11 08:03:39 | 000,353,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.09.09 20:17:20 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.05 22:14:31 | 000,000,680 | ---- | C] () -- C:\Users\Lavinia\AppData\Local\d3d9caps.dat [2010.10.05 16:32:19 | 000,010,728 | ---- | C] () -- C:\Users\Lavinia\Documents\salsa.docx [2010.10.05 10:36:41 | 000,012,881 | ---- | C] () -- C:\Users\Lavinia\Documents\Courses.docx [2010.10.02 22:55:18 | 000,010,351 | ---- | C] () -- C:\Users\Lavinia\Documents\Addresses.docx [2010.10.02 11:26:01 | 000,002,413 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.10.02 10:46:11 | 000,002,078 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.09.30 11:21:50 | 000,021,208 | ---- | C] () -- C:\Users\Lavinia\Documents\FraDez.docx [2010.09.30 10:50:43 | 000,010,068 | ---- | C] () -- C:\Users\Lavinia\Documents\Worship.docx [2010.09.29 19:22:45 | 000,010,989 | ---- | C] () -- C:\Users\Lavinia\Documents\DVDs.docx [2010.09.25 15:22:59 | 000,001,740 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk [2010.09.18 21:57:18 | 000,033,792 | ---- | C] () -- C:\Users\Lavinia\Documents\Praise to our God 3 phonetic lyrics.doc [2010.09.16 11:05:48 | 000,001,731 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.09.14 15:08:05 | 000,010,396 | ---- | C] () -- C:\Users\Lavinia\Documents\Ryanair Irland.docx [2010.02.04 09:21:52 | 001,906,878 | ---- | C] () -- C:\Programme\Nov2008_d3dx9_40_x64.cab [2010.02.04 09:21:52 | 001,802,058 | ---- | C] () -- C:\Programme\Nov2007_d3dx9_36_x64.cab [2010.02.04 09:21:52 | 001,709,360 | ---- | C] () -- C:\Programme\Nov2007_d3dx9_36_x86.cab [2010.02.04 09:21:52 | 001,550,796 | ---- | C] () -- C:\Programme\Nov2008_d3dx9_40_x86.cab [2010.02.04 09:21:52 | 001,412,902 | ---- | C] () -- C:\Programme\OCT2006_d3dx9_31_x64.cab [2010.02.04 09:21:52 | 001,127,217 | ---- | C] () -- C:\Programme\OCT2006_d3dx9_31_x86.cab [2010.02.04 09:21:52 | 000,994,154 | ---- | C] () -- C:\Programme\Nov2008_d3dx10_40_x64.cab [2010.02.04 09:21:52 | 000,965,421 | ---- | C] () -- C:\Programme\Nov2008_d3dx10_40_x86.cab [2010.02.04 09:21:52 | 000,864,600 | ---- | C] () -- C:\Programme\Nov2007_d3dx10_36_x64.cab [2010.02.04 09:21:52 | 000,803,884 | ---- | C] () -- C:\Programme\Nov2007_d3dx10_36_x86.cab [2010.02.04 09:21:52 | 000,273,960 | ---- | C] () -- C:\Programme\Nov2008_XAudio_x64.cab [2010.02.04 09:21:52 | 000,272,611 | ---- | C] () -- C:\Programme\Nov2008_XAudio_x86.cab [2010.02.04 09:21:52 | 000,196,762 | ---- | C] () -- C:\Programme\NOV2007_XACT_x64.cab [2010.02.04 09:21:52 | 000,182,361 | ---- | C] () -- C:\Programme\OCT2006_XACT_x64.cab [2010.02.04 09:21:52 | 000,148,264 | ---- | C] () -- C:\Programme\NOV2007_XACT_x86.cab [2010.02.04 09:21:52 | 000,138,017 | ---- | C] () -- C:\Programme\OCT2006_XACT_x86.cab [2010.02.04 09:21:52 | 000,121,794 | ---- | C] () -- C:\Programme\Nov2008_XACT_x64.cab [2010.02.04 09:21:52 | 000,121,506 | ---- | C] () -- C:\Programme\Mar2009_XACT_x64.cab [2010.02.04 09:21:52 | 000,092,684 | ---- | C] () -- C:\Programme\Nov2008_XACT_x86.cab [2010.02.04 09:21:52 | 000,086,037 | ---- | C] () -- C:\Programme\Oct2005_xinput_x64.cab [2010.02.04 09:21:52 | 000,054,522 | ---- | C] () -- C:\Programme\Nov2008_X3DAudio_x64.cab [2010.02.04 09:21:52 | 000,046,144 | ---- | C] () -- C:\Programme\NOV2007_X3DAudio_x64.cab [2010.02.04 09:21:52 | 000,045,359 | ---- | C] () -- C:\Programme\Oct2005_xinput_x86.cab [2010.02.04 09:21:52 | 000,021,851 | ---- | C] () -- C:\Programme\Nov2008_X3DAudio_x86.cab [2010.02.04 09:21:52 | 000,018,496 | ---- | C] () -- C:\Programme\NOV2007_X3DAudio_x86.cab [2010.02.04 09:21:48 | 000,275,044 | ---- | C] () -- C:\Programme\Mar2009_XAudio_x64.cab [2010.02.04 09:21:48 | 000,273,018 | ---- | C] () -- C:\Programme\Mar2009_XAudio_x86.cab [2010.02.04 09:21:48 | 000,092,740 | ---- | C] () -- C:\Programme\Mar2009_XACT_x86.cab [2010.02.04 09:21:44 | 001,973,702 | ---- | C] () -- C:\Programme\Mar2009_d3dx9_41_x64.cab [2010.02.04 09:21:44 | 001,769,862 | ---- | C] () -- C:\Programme\Mar2008_d3dx9_37_x64.cab [2010.02.04 09:21:44 | 001,612,446 | ---- | C] () -- C:\Programme\Mar2009_d3dx9_41_x86.cab [2010.02.04 09:21:44 | 001,443,282 | ---- | C] () -- C:\Programme\Mar2008_d3dx9_37_x86.cab [2010.02.04 09:21:44 | 001,067,160 | ---- | C] () -- C:\Programme\Mar2009_d3dx10_41_x64.cab [2010.02.04 09:21:44 | 001,040,745 | ---- | C] () -- C:\Programme\Mar2009_d3dx10_41_x86.cab [2010.02.04 09:21:44 | 000,251,194 | ---- | C] () -- C:\Programme\Mar2008_XAudio_x64.cab [2010.02.04 09:21:44 | 000,226,250 | ---- | C] () -- C:\Programme\Mar2008_XAudio_x86.cab [2010.02.04 09:21:44 | 000,122,336 | ---- | C] () -- C:\Programme\Mar2008_XACT_x64.cab [2010.02.04 09:21:44 | 000,093,734 | ---- | C] () -- C:\Programme\Mar2008_XACT_x86.cab [2010.02.04 09:21:44 | 000,055,058 | ---- | C] () -- C:\Programme\Mar2008_X3DAudio_x64.cab [2010.02.04 09:21:44 | 000,054,600 | ---- | C] () -- C:\Programme\Mar2009_X3DAudio_x64.cab [2010.02.04 09:21:44 | 000,021,867 | ---- | C] () -- C:\Programme\Mar2008_X3DAudio_x86.cab [2010.02.04 09:21:44 | 000,021,298 | ---- | C] () -- C:\Programme\Mar2009_X3DAudio_x86.cab [2010.02.04 09:21:42 | 000,844,884 | ---- | C] () -- C:\Programme\Mar2008_d3dx10_37_x64.cab [2010.02.04 09:21:42 | 000,818,260 | ---- | C] () -- C:\Programme\Mar2008_d3dx10_37_x86.cab [2010.02.04 09:21:42 | 000,269,024 | ---- | C] () -- C:\Programme\JUN2008_XAudio_x86.cab [2010.02.04 09:21:40 | 001,792,608 | ---- | C] () -- C:\Programme\JUN2008_d3dx9_38_x64.cab [2010.02.04 09:21:40 | 000,269,628 | ---- | C] () -- C:\Programme\JUN2008_XAudio_x64.cab [2010.02.04 09:21:40 | 000,121,054 | ---- | C] () -- C:\Programme\JUN2008_XACT_x64.cab [2010.02.04 09:21:40 | 000,093,128 | ---- | C] () -- C:\Programme\JUN2008_XACT_x86.cab [2010.02.04 09:21:40 | 000,055,154 | ---- | C] () -- C:\Programme\JUN2008_X3DAudio_x64.cab [2010.02.04 09:21:40 | 000,021,905 | ---- | C] () -- C:\Programme\JUN2008_X3DAudio_x86.cab [2010.02.04 09:21:38 | 001,607,774 | ---- | C] () -- C:\Programme\JUN2007_d3dx9_34_x64.cab [2010.02.04 09:21:38 | 001,607,286 | ---- | C] () -- C:\Programme\JUN2007_d3dx9_34_x86.cab [2010.02.04 09:21:38 | 001,463,878 | ---- | C] () -- C:\Programme\JUN2008_d3dx9_38_x86.cab [2010.02.04 09:21:38 | 000,867,828 | ---- | C] () -- C:\Programme\JUN2008_d3dx10_38_x64.cab [2010.02.04 09:21:38 | 000,849,919 | ---- | C] () -- C:\Programme\JUN2008_d3dx10_38_x86.cab [2010.02.04 09:21:38 | 000,698,472 | ---- | C] () -- C:\Programme\JUN2007_d3dx10_34_x86.cab [2010.02.04 09:21:38 | 000,197,122 | ---- | C] () -- C:\Programme\JUN2007_XACT_x64.cab [2010.02.04 09:21:38 | 000,152,909 | ---- | C] () -- C:\Programme\JUN2007_XACT_x86.cab [2010.02.04 09:21:36 | 001,336,002 | ---- | C] () -- C:\Programme\Jun2005_d3dx9_26_x64.cab [2010.02.04 09:21:36 | 001,064,925 | ---- | C] () -- C:\Programme\Jun2005_d3dx9_26_x86.cab [2010.02.04 09:21:36 | 000,699,044 | ---- | C] () -- C:\Programme\JUN2007_d3dx10_34_x64.cab [2010.02.04 09:21:36 | 000,277,191 | ---- | C] () -- C:\Programme\Feb2010_XAudio_x86.cab [2010.02.04 09:21:36 | 000,276,960 | ---- | C] () -- C:\Programme\Feb2010_XAudio_x64.cab [2010.02.04 09:21:36 | 000,194,675 | ---- | C] () -- C:\Programme\FEB2007_XACT_x64.cab [2010.02.04 09:21:36 | 000,180,785 | ---- | C] () -- C:\Programme\JUN2006_XACT_x64.cab [2010.02.04 09:21:36 | 000,147,983 | ---- | C] () -- C:\Programme\FEB2007_XACT_x86.cab [2010.02.04 09:21:36 | 000,133,671 | ---- | C] () -- C:\Programme\JUN2006_XACT_x86.cab [2010.02.04 09:21:36 | 000,132,409 | ---- | C] () -- C:\Programme\Feb2006_XACT_x86.cab [2010.02.04 09:21:36 | 000,122,446 | ---- | C] () -- C:\Programme\Feb2010_XACT_x64.cab [2010.02.04 09:21:36 | 000,093,180 | ---- | C] () -- C:\Programme\Feb2010_XACT_x86.cab [2010.02.04 09:21:36 | 000,054,678 | ---- | C] () -- C:\Programme\Feb2010_X3DAudio_x64.cab [2010.02.04 09:21:36 | 000,020,713 | ---- | C] () -- C:\Programme\Feb2010_X3DAudio_x86.cab [2010.02.04 09:21:34 | 013,264,168 | ---- | C] () -- C:\Programme\dxnt.cab [2010.02.04 09:21:34 | 001,362,796 | ---- | C] () -- C:\Programme\Feb2006_d3dx9_29_x64.cab [2010.02.04 09:21:34 | 001,247,499 | ---- | C] () -- C:\Programme\Feb2005_d3dx9_24_x64.cab [2010.02.04 09:21:34 | 001,084,720 | ---- | C] () -- C:\Programme\Feb2006_d3dx9_29_x86.cab [2010.02.04 09:21:34 | 001,013,225 | ---- | C] () -- C:\Programme\Feb2005_d3dx9_24_x86.cab [2010.02.04 09:21:34 | 000,178,359 | ---- | C] () -- C:\Programme\Feb2006_XACT_x64.cab [2010.02.04 09:21:34 | 000,095,820 | ---- | C] () -- C:\Programme\dxupdate.cab [2010.02.04 09:21:34 | 000,044,448 | ---- | C] () -- C:\Programme\dxdllreg_x86.cab [2010.02.04 09:21:32 | 001,574,376 | ---- | C] () -- C:\Programme\DEC2006_d3dx9_32_x86.cab [2010.02.04 09:21:32 | 001,571,154 | ---- | C] () -- C:\Programme\DEC2006_d3dx9_32_x64.cab [2010.02.04 09:21:32 | 001,357,976 | ---- | C] () -- C:\Programme\Dec2005_d3dx9_28_x64.cab [2010.02.04 09:21:32 | 001,155,491 | ---- | C] () -- C:\Programme\BDANT.cab [2010.02.04 09:21:32 | 001,079,456 | ---- | C] () -- C:\Programme\Dec2005_d3dx9_28_x86.cab [2010.02.04 09:21:32 | 000,975,148 | ---- | C] () -- C:\Programme\BDAXP.cab [2010.02.04 09:21:32 | 000,273,264 | ---- | C] () -- C:\Programme\Aug2009_XAudio_x64.cab [2010.02.04 09:21:32 | 000,272,642 | ---- | C] () -- C:\Programme\Aug2009_XAudio_x86.cab [2010.02.04 09:21:32 | 000,212,807 | ---- | C] () -- C:\Programme\DEC2006_d3dx10_00_x64.cab [2010.02.04 09:21:32 | 000,192,475 | ---- | C] () -- C:\Programme\DEC2006_XACT_x64.cab [2010.02.04 09:21:32 | 000,191,720 | ---- | C] () -- C:\Programme\DEC2006_d3dx10_00_x86.cab [2010.02.04 09:21:32 | 000,145,599 | ---- | C] () -- C:\Programme\DEC2006_XACT_x86.cab [2010.02.04 09:21:30 | 000,930,116 | ---- | C] () -- C:\Programme\Aug2009_d3dx9_42_x64.cab [2010.02.04 09:21:30 | 000,728,456 | ---- | C] () -- C:\Programme\Aug2009_d3dx9_42_x86.cab [2010.02.04 09:21:30 | 000,136,301 | ---- | C] () -- C:\Programme\Aug2009_d3dx11_42_x64.cab [2010.02.04 09:21:30 | 000,122,408 | ---- | C] () -- C:\Programme\Aug2009_XACT_x64.cab [2010.02.04 09:21:30 | 000,105,044 | ---- | C] () -- C:\Programme\Aug2009_d3dx11_42_x86.cab [2010.02.04 09:21:30 | 000,093,106 | ---- | C] () -- C:\Programme\Aug2009_XACT_x86.cab [2010.02.04 09:21:28 | 003,319,740 | ---- | C] () -- C:\Programme\Aug2009_d3dcsx_42_x86.cab [2010.02.04 09:21:28 | 003,112,111 | ---- | C] () -- C:\Programme\Aug2009_d3dcsx_42_x64.cab [2010.02.04 09:21:28 | 000,900,598 | ---- | C] () -- C:\Programme\Aug2009_D3DCompiler_42_x86.cab [2010.02.04 09:21:28 | 000,232,635 | ---- | C] () -- C:\Programme\Aug2009_d3dx10_42_x64.cab [2010.02.04 09:21:28 | 000,192,131 | ---- | C] () -- C:\Programme\Aug2009_d3dx10_42_x86.cab [2010.02.04 09:21:26 | 001,800,160 | ---- | C] () -- C:\Programme\AUG2007_d3dx9_35_x64.cab [2010.02.04 09:21:26 | 001,794,084 | ---- | C] () -- C:\Programme\Aug2008_d3dx9_39_x64.cab [2010.02.04 09:21:26 | 001,708,152 | ---- | C] () -- C:\Programme\AUG2007_d3dx9_35_x86.cab [2010.02.04 09:21:26 | 001,464,672 | ---- | C] () -- C:\Programme\Aug2008_d3dx9_39_x86.cab [2010.02.04 09:21:26 | 000,919,044 | ---- | C] () -- C:\Programme\Aug2009_D3DCompiler_42_x64.cab [2010.02.04 09:21:26 | 000,867,612 | ---- | C] () -- C:\Programme\Aug2008_d3dx10_39_x64.cab [2010.02.04 09:21:26 | 000,852,286 | ---- | C] () -- C:\Programme\AUG2007_d3dx10_35_x64.cab [2010.02.04 09:21:26 | 000,849,167 | ---- | C] () -- C:\Programme\Aug2008_d3dx10_39_x86.cab [2010.02.04 09:21:26 | 000,796,867 | ---- | C] () -- C:\Programme\AUG2007_d3dx10_35_x86.cab [2010.02.04 09:21:26 | 000,271,412 | ---- | C] () -- C:\Programme\Aug2008_XAudio_x64.cab [2010.02.04 09:21:26 | 000,271,038 | ---- | C] () -- C:\Programme\Aug2008_XAudio_x86.cab [2010.02.04 09:21:26 | 000,198,096 | ---- | C] () -- C:\Programme\AUG2007_XACT_x64.cab [2010.02.04 09:21:26 | 000,121,772 | ---- | C] () -- C:\Programme\Aug2008_XACT_x64.cab [2010.02.04 09:21:26 | 000,092,996 | ---- | C] () -- C:\Programme\Aug2008_XACT_x86.cab [2010.02.04 09:21:26 | 000,046,058 | ---- | C] () -- C:\Programme\AUG2006_xinput_x86.cab [2010.02.04 09:21:24 | 001,077,644 | ---- | C] () -- C:\Programme\Aug2005_d3dx9_27_x86.cab [2010.02.04 09:21:24 | 000,182,903 | ---- | C] () -- C:\Programme\AUG2006_XACT_x64.cab [2010.02.04 09:21:24 | 000,153,012 | ---- | C] () -- C:\Programme\AUG2007_XACT_x86.cab [2010.02.04 09:21:24 | 000,137,235 | ---- | C] () -- C:\Programme\AUG2006_XACT_x86.cab [2010.02.04 09:21:24 | 000,087,142 | ---- | C] () -- C:\Programme\AUG2006_xinput_x64.cab [2010.02.04 09:21:22 | 001,606,039 | ---- | C] () -- C:\Programme\APR2007_d3dx9_33_x86.cab [2010.02.04 09:21:22 | 001,350,542 | ---- | C] () -- C:\Programme\Aug2005_d3dx9_27_x64.cab [2010.02.04 09:21:22 | 000,195,766 | ---- | C] () -- C:\Programme\APR2007_XACT_x64.cab [2010.02.04 09:21:22 | 000,151,225 | ---- | C] () -- C:\Programme\APR2007_XACT_x86.cab [2010.02.04 09:21:22 | 000,096,817 | ---- | C] () -- C:\Programme\APR2007_xinput_x64.cab [2010.02.04 09:21:22 | 000,053,302 | ---- | C] () -- C:\Programme\APR2007_xinput_x86.cab [2010.02.04 09:21:20 | 001,607,358 | ---- | C] () -- C:\Programme\APR2007_d3dx9_33_x64.cab [2010.02.04 09:21:20 | 000,698,612 | ---- | C] () -- C:\Programme\APR2007_d3dx10_33_x64.cab [2010.02.04 09:21:20 | 000,695,865 | ---- | C] () -- C:\Programme\APR2007_d3dx10_33_x86.cab [2010.02.04 09:21:20 | 000,179,133 | ---- | C] () -- C:\Programme\Apr2006_XACT_x64.cab [2010.02.04 09:21:20 | 000,133,103 | ---- | C] () -- C:\Programme\Apr2006_XACT_x86.cab [2010.02.04 09:21:20 | 000,087,101 | ---- | C] () -- C:\Programme\Apr2006_xinput_x64.cab [2010.02.04 09:21:20 | 000,046,010 | ---- | C] () -- C:\Programme\Apr2006_xinput_x86.cab [2010.02.04 09:21:18 | 004,162,630 | ---- | C] () -- C:\Programme\Apr2006_MDX1_x86_Archive.cab [2010.02.04 09:21:18 | 001,397,830 | ---- | C] () -- C:\Programme\Apr2006_d3dx9_30_x64.cab [2010.02.04 09:21:18 | 001,347,354 | ---- | C] () -- C:\Programme\Apr2005_d3dx9_25_x64.cab [2010.02.04 09:21:18 | 001,115,221 | ---- | C] () -- C:\Programme\Apr2006_d3dx9_30_x86.cab [2010.02.04 09:21:18 | 001,078,962 | ---- | C] () -- C:\Programme\Apr2005_d3dx9_25_x86.cab [2010.02.04 09:21:18 | 000,916,430 | ---- | C] () -- C:\Programme\Apr2006_MDX1_x86.cab [2009.12.29 19:55:06 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.12.29 19:55:06 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.12.22 21:48:57 | 000,005,120 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.12.22 21:48:57 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2009.12.16 19:37:37 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2 [2009.09.12 18:04:47 | 000,000,016 | -H-- | C] () -- C:\Users\Lavinia\AppData\Roaming\mxfilerelatedcache.mxc2 [2009.09.12 18:04:46 | 000,000,016 | -H-- | C] () -- C:\Users\Lavinia\AppData\Local\mxfilerelatedcache.mxc2 [2009.08.26 15:18:05 | 000,000,000 | ---- | C] () -- C:\Users\Lavinia\AppData\Roaming\wklnhst.dat [2009.08.19 07:41:12 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.08 13:05:47 | 000,350,208 | ---- | C] () -- C:\Windows\System32\Rivet200.dll [2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.07.11 19:39:46 | 000,054,784 | ---- | C] () -- C:\Users\Lavinia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.07.11 19:11:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.07.07 19:19:20 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2009.07.07 19:19:19 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2009.07.07 19:19:19 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2009.07.07 19:19:19 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2009.07.07 19:19:19 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2009.07.07 19:19:19 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2009.07.07 18:34:30 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2009.07.07 18:34:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2009.07.07 18:34:30 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2009.07.07 18:34:30 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2008.07.07 08:06:54 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2008.07.07 07:33:05 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.07.07 07:11:05 | 000,040,960 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll [2008.07.07 06:44:22 | 000,112,529 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.07.07 06:44:18 | 000,112,529 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.04.24 17:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll [2008.04.24 17:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll [2008.04.24 17:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll [2008.04.24 17:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll [2008.04.24 17:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll [2008.04.24 17:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll [2008.04.03 08:55:44 | 000,000,091 | ---- | C] () -- C:\Windows\System32\HD_Demo.ini [2007.12.21 15:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.11.23 12:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll [2005.07.22 20:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:5D351BC6 @Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:F84B8DB5 @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:90D89144 < End of report > | 
|  08.10.2010, 17:30 | #4 | 
|  |   AntimalwareDoctor - Malwarebytes/Spybot haben nichts gebracht! Hier "Extras"OTL EXTRAS Logfile: Code: 
  ATTFilter OTL Extras logfile created on: 08.10.2010 17:08:13 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Lavinia\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,21 Gb Total Space | 12,67 Gb Free Space | 10,90% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 231,70 Gb Free Space | 99,49% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 115,21 Gb Total Space | 109,29 Gb Free Space | 94,87% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PCSBSLV52
Current User Name: Lavinia
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{80A4E51D-5AD3-44DD-B0AB-C62DC3185A86}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EEBDCA00-3342-42F3-9070-CFC780C506E7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D5A11D8-E422-4A43-ABDE-BA756967A541}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{1B090475-D0E2-4FC1-8B55-8BE46E4A5E70}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 
"{1C7D0A31-B695-4EB5-ACF0-53B2CDEF1F39}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{273631A9-BF74-4D37-BA5E-618546C137DF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3215E088-6816-4AF6-8C49-3B0F7625E0CA}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{3DFDFAF2-34FA-4198-B948-3BDA369D28A3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5683DEF0-041D-426B-B378-BF164DF4597B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{7A094FF7-9150-4ECD-B1FB-AE2E03DB9123}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9A221C51-2180-4732-B874-696FDFB680E8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A1CD5A3B-1366-4D43-B6AF-69DCEA033661}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B082FE65-0904-4754-848A-4EBEABC3E68D}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{CBDB42F6-2B66-4316-BB17-B3173A22B66B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (QOSMIOAVINDEXING)
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{39B421FC-E32E-4100-B60E-9222C0025572}" = TOSHIBA Gesture Controller
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5594FF8C-4765-4ADA-BCA4-10C8E7E5B7DD}" = TOSHIBA Quad Core HD Processor Driver 1.0.2.14
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8A0BD487-D185-4316-92CE-9E415C3AC6DB}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{8FEBDF62-A0FD-46A3-B9CE-17C5E3A00BBA}" = TOSHIBA HD Console
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A13E78C5-F64F-4436-B571-07D4ADE18730}" = TOSHIBA TV Tuner
"{A2075A09-28AA-4D30-9BCC-82EAD9FA51BD}" = TrueSuite Access Manager
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BB68D31F-9A51-43DC-B322-020D5C29E5FB}" = TOSHIBA Graphical Video Library
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7124FF8-358C-4209-84FB-50F5B8BC2A7D}" = Toshiba Video Converter
"{E7A53A7C-5E7C-4484-9808-C257CAB9E873}" = Runaway 2 Patch 1.1
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F485E43D-18B1-4B40-AF4B-EDA78E91DA80}" = Dolby Control Center
"{F727EC42-3ECD-4CEA-B8D2-7497667AB689}" = TOSHIBA_Quad_Core_HD_Processor_Demo
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}" = HDMI Control Manager
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}" = TOSHIBA Remote Control Manager
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"06B1BC2A663E3F5B7EBAD9000831FCE29C7CC24A" = Windows-Treiberpaket - TOSHIBA (mod7700) Media  (04/21/2007 2.3.3.21)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.5
"BFGC" = Big Fish Games Client
"BFG-Geheimnisse von London" = Geheimnisse von London
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon iP2700 series Benutzerregistrierung" = Canon iP2700 series Benutzerregistrierung
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"EADM" = EA Download Manager
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ffdshow_is1" = ffdshow [rev 497] [2006-11-04]
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.5
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.5
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{39B421FC-E32E-4100-B60E-9222C0025572}" = TOSHIBA Gesture Controller
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSC" = McAfee Internet Security
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"myphotobook" = myphotobook 3.6
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGimp-2.0_is1" = GIMP 2.6.9
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Antimalware Doctor" = Antimalware Doctor
"Move Media Player" = Move Media Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 18.09.2010 12:43:30 | Computer Name = PCSBSlv52 | Source = Google Update | ID = 20
Description = 
 
Error - 18.09.2010 12:47:37 | Computer Name = PCSBSlv52 | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.09.2010 17:33:11 | Computer Name = PCSBSlv52 | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 18.09.2010 17:33:12 | Computer Name = PCSBSlv52 | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 18.09.2010 17:33:12 | Computer Name = PCSBSlv52 | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 18.09.2010 17:33:12 | Computer Name = PCSBSlv52 | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 18.09.2010 17:33:35 | Computer Name = PCSBSlv52 | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung TAMSvr.exe, Version 2.0.5.9, Zeitstempel 0x47f0f3bf,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0x440, Anwendungsstartzeit 01cb5750fb8dfc60.
 
Error - 19.09.2010 06:46:12 | Computer Name = PCSBSlv52 | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.09.2010 10:05:42 | Computer Name = PCSBSlv52 | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.09.2010 14:50:42 | Computer Name = PCSBSlv52 | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 09.09.2009 15:51:40 | Computer Name = Lavinia-PC | Source = ehRecvr | ID = 3
Description = 
 
Error - 09.09.2009 15:51:40 | Computer Name = Lavinia-PC | Source = ehRecvr | ID = 3
Description = 
 
Error - 19.10.2009 14:13:25 | Computer Name = Lavinia-PC | Source = ehRecvr | ID = 3
Description = 
 
Error - 19.10.2009 14:13:25 | Computer Name = Lavinia-PC | Source = ehRecvr | ID = 3
Description = 
 
Error - 19.10.2009 14:13:25 | Computer Name = Lavinia-PC | Source = ehRecvr | ID = 3
Description = 
 
Error - 19.10.2009 14:13:25 | Computer Name = Lavinia-PC | Source = ehRecvr | ID = 3
Description = 
 
Error - 19.10.2009 14:13:58 | Computer Name = Lavinia-PC | Source = ehRecvr | ID = 3
Description = 
 
Error - 19.10.2009 14:13:58 | Computer Name = Lavinia-PC | Source = ehRecvr | ID = 3
Description = 
 
Error - 19.10.2009 14:13:58 | Computer Name = Lavinia-PC | Source = ehRecvr | ID = 3
Description = 
 
Error - 19.10.2009 14:13:58 | Computer Name = Lavinia-PC | Source = ehRecvr | ID = 3
Description = 
 
[ System Events ]
Error - 06.10.2010 15:53:39 | Computer Name = PCSBSlv52 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07.10.2010 08:51:16 | Computer Name = PCSBSlv52 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07.10.2010 12:09:08 | Computer Name = PCSBSlv52 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07.10.2010 12:26:39 | Computer Name = PCSBSlv52 | Source = DCOM | ID = 10010
Description = 
 
Error - 07.10.2010 16:00:40 | Computer Name = PCSBSlv52 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.10.2010 06:31:30 | Computer Name = PCSBSlv52 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.10.2010 07:02:04 | Computer Name = PCSBSlv52 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.10.2010 09:35:23 | Computer Name = PCSBSlv52 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.10.2010 09:41:45 | Computer Name = PCSBSlv52 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.10.2010 11:49:51 | Computer Name = PCSBSlv52 | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
          | 
|  08.10.2010, 17:34 | #5 | 
| /// Malware-holic       |   AntimalwareDoctor - Malwarebytes/Spybot haben nichts gebracht! deinstaliere spybot, stört die reinigung :-) starte neu. • Starte bitte die OTL.exe. • Kopiere nun das Folgende in die Textbox. :OTL PRC - C:\Users\Lavinia\AppData\Roaming\B50BF6989C27D56C2A7E11169008A2D2\v700bin00mod.exe () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found O4 - HKCU..\Run: [v700bin00mod.exe] C:\Users\Lavinia\AppData\Roaming\B50BF6989C27D56C2A7E11169008A2D2\v700bin00mod.exe () [2010.10.07 17:30:42 | 000,000,000 | ---D | C] -- C:\Users\Lavinia\AppData\Roaming\B50BF6989C27D56C2A7E11169008A2D2 :FILES :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument dieses posten öffne mein computer, c:\_OTL rechtsklick auf moved files und zu moved files.rar oder zip hinzufügen. archiv zu uns hochladen. http://www.trojaner-board.de/54791-a...ner-board.html | 
|  08.10.2010, 17:51 | #6 | 
|  |   AntimalwareDoctor - Malwarebytes/Spybot haben nichts gebracht! All processes killed ========== OTL ========== No active process named v700bin00mod.exe was found! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\v700bin00mod.exe deleted successfully. C:\Users\Lavinia\AppData\Roaming\B50BF6989C27D56C2A7E11169008A2D2\v700bin00mod.exe moved successfully. C:\Users\Lavinia\AppData\Roaming\B50BF6989C27D56C2A7E11169008A2D2 folder moved successfully. ========== FILES ========== ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Lavinia ->Flash cache emptied: 86009 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Lavinia ->Temp folder emptied: 2352830 bytes ->Temporary Internet Files folder emptied: 112304003 bytes ->Java cache emptied: 65708821 bytes ->FireFox cache emptied: 115391432 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 1618992 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2693593584 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 2.852,00 mb OTL by OldTimer - Version 3.2.14.1 log created on 10082010_173619 Files\Folders moved on Reboot... File\Folder C:\Users\Lavinia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\794f2bd9-77857a65 not found! C:\Windows\temp\mcafee_zreHU0MfgLfTwba moved successfully. C:\Windows\temp\sqlite_D4d9b6VVuP1zwWg moved successfully. C:\Windows\temp\sqlite_HoHzVPIWK7FQPzs moved successfully. C:\Windows\temp\sqlite_UKvvrSxOi5N8ss5 moved successfully. Registry entries deleted on Reboot... | 
|  08.10.2010, 17:53 | #7 | 
|  |   AntimalwareDoctor - Malwarebytes/Spybot haben nichts gebracht! Hat das uploaden geklappt?  | 
|  08.10.2010, 18:01 | #8 | 
| /// Malware-holic       |   AntimalwareDoctor - Malwarebytes/Spybot haben nichts gebracht! bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix | 
|  08.10.2010, 18:38 | #9 | 
|  |   AntimalwareDoctor - Malwarebytes/Spybot haben nichts gebracht! Combofix Logfile: Code: 
  ATTFilter ComboFix 10-10-07.02 - Lavinia 08.10.2010  18:17:56.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.2015 [GMT 1:00]
ausgeführt von:: c:\users\Lavinia\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
 * Im Speicher befindliches AV aktiv.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\lpcfilter.cat
c:\programdata\xp\LPCFilter.inf
c:\programdata\xp\LPCFilter.sys
c:\users\Lavinia\AppData\Roaming\Microsoft\Windows\Recent\mxfilerelatedcache.mxc2
c:\users\Lavinia\FAVORI~1\mxfilerelatedcache.mxc2
c:\users\Lavinia\Favorites\mxfilerelatedcache.mxc2
.
(((((((((((((((((((((((   Dateien erstellt von 2010-09-08 bis 2010-10-08  ))))))))))))))))))))))))))))))
.
2010-10-08 17:27 . 2010-10-08 17:27	--------	d-----w-	c:\users\Lavinia\AppData\Local\temp
2010-10-08 17:27 . 2010-10-08 17:27	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-10-08 16:36 . 2010-10-08 16:49	--------	d-----w-	C:\_OTL
2010-10-08 14:35 . 2010-10-08 15:53	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-10-08 14:35 . 2010-10-08 15:53	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-10-08 11:14 . 2010-10-08 11:14	--------	d-----w-	c:\program files\Common Files\Skype
2010-10-08 10:45 . 2010-10-08 10:45	--------	d-----w-	c:\users\Lavinia\AppData\Roaming\Malwarebytes
2010-10-08 10:45 . 2010-04-29 11:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-08 10:45 . 2010-10-08 10:45	--------	d-----w-	c:\programdata\Malwarebytes
2010-10-08 10:45 . 2010-10-08 10:45	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-10-08 10:45 . 2010-04-29 11:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-10-05 21:14 . 2010-10-05 21:14	680	----a-w-	c:\users\Lavinia\AppData\Local\d3d9caps.dat
2010-10-02 10:25 . 2010-10-02 10:25	--------	d-----w-	c:\program files\iPod
2010-10-02 10:21 . 2010-10-02 10:21	--------	d-----w-	c:\program files\Bonjour
2010-10-02 10:20 . 2010-10-02 10:20	73000	----a-w-	c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.1.22\SetupAdmin.exe
2010-09-29 13:05 . 2010-06-22 13:30	2048	----a-w-	c:\windows\system32\tzres.dll
2010-09-25 09:40 . 2010-08-24 13:57	9344	----a-w-	c:\windows\system32\drivers\mfeclnk.sys
2010-09-25 09:40 . 2010-08-24 13:57	141792	----a-w-	c:\windows\system32\mfevtps.exe
2010-09-25 09:39 . 2010-08-24 13:57	95600	----a-w-	c:\windows\system32\drivers\mfeapfk.sys
2010-09-25 09:39 . 2010-08-24 13:57	84264	----a-w-	c:\windows\system32\drivers\mferkdet.sys
2010-09-25 09:39 . 2010-08-24 13:57	64304	----a-w-	c:\windows\system32\drivers\mfenlfk.sys
2010-09-25 09:39 . 2010-08-24 13:57	55840	----a-w-	c:\windows\system32\drivers\cfwids.sys
2010-09-25 09:39 . 2010-08-24 13:57	52104	----a-w-	c:\windows\system32\drivers\mfebopk.sys
2010-09-25 09:39 . 2010-08-24 13:57	386712	----a-w-	c:\windows\system32\drivers\mfehidk.sys
2010-09-25 09:39 . 2010-08-24 13:57	312904	----a-w-	c:\windows\system32\drivers\mfefirek.sys
2010-09-25 09:39 . 2010-08-24 13:57	164808	----a-w-	c:\windows\system32\drivers\mfewfpk.sys
2010-09-25 09:39 . 2010-08-24 13:57	152992	----a-w-	c:\windows\system32\drivers\mfeavfk.sys
2010-09-18 16:48 . 2010-09-18 16:48	--------	d-----w-	c:\programdata\Office Genuine Advantage
2010-09-16 10:05 . 2010-09-16 10:05	--------	d-----w-	c:\program files\QuickTime
2010-09-15 16:29 . 2010-04-16 16:46	502272	----a-w-	c:\windows\system32\usp10.dll
2010-09-15 16:29 . 2010-08-17 14:11	128000	----a-w-	c:\windows\system32\spoolsv.exe
2010-09-15 16:29 . 2010-04-05 17:02	317952	----a-w-	c:\windows\system32\MP4SDECD.DLL
2010-09-15 16:29 . 2010-05-27 20:08	739328	----a-w-	c:\windows\system32\inetcomm.dll
2010-09-09 19:14 . 2010-09-09 19:14	72488	----a-w-	c:\programdata\Apple Computer\Installer Cache\Safari 5.33.18.5\SetupAdmin.exe
2010-09-09 19:12 . 2010-10-02 10:26	--------	d-----w-	c:\program files\iTunes
2010-09-09 18:50 . 2010-06-21 13:37	2037760	----a-w-	c:\windows\system32\win32k.sys
2010-09-09 18:49 . 2010-06-18 17:31	36864	----a-w-	c:\windows\system32\rtutils.dll
2010-09-09 18:48 . 2010-06-08 17:35	3600768	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-09-09 18:48 . 2010-06-08 17:35	3548040	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-09-09 18:47 . 2010-06-11 16:15	1248768	----a-w-	c:\windows\system32\msxml3.dll
2010-09-09 18:47 . 2010-06-18 15:04	302080	----a-w-	c:\windows\system32\drivers\srv.sys
2010-09-09 18:47 . 2010-06-18 15:04	144896	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-09-09 18:45 . 2010-06-16 16:04	905088	----a-w-	c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-08 16:44 . 2008-07-07 05:44	112529	----a-w-	c:\programdata\nvModes.dat
2010-10-08 16:35 . 2008-07-07 05:46	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-10-08 14:25 . 2009-07-10 13:38	--------	d-----w-	c:\users\Lavinia\AppData\Roaming\Skype
2010-10-08 14:24 . 2008-01-21 07:15	675450	----a-w-	c:\windows\system32\perfh007.dat
2010-10-08 14:24 . 2008-01-21 07:15	144456	----a-w-	c:\windows\system32\perfc007.dat
2010-10-08 14:12 . 2009-07-11 18:11	--------	d-----w-	c:\users\Lavinia\AppData\Roaming\skypePM
2010-10-04 15:20 . 2010-06-15 16:08	--------	d-----w-	c:\programdata\CanonIJPLM
2010-10-02 10:25 . 2009-07-19 10:41	--------	d-----w-	c:\program files\Common Files\Apple
2010-10-02 09:45 . 2008-07-07 06:34	--------	d-----w-	c:\program files\Google
2010-09-28 17:13 . 2006-11-02 10:25	51200	----a-w-	c:\windows\Inf\infpub.dat
2010-09-28 17:10 . 2006-11-02 10:25	143360	----a-w-	c:\windows\Inf\infstrng.dat
2010-09-26 18:51 . 2009-08-10 19:29	--------	d-----w-	c:\program files\McAfee.com
2010-09-25 20:59 . 2010-08-04 11:46	--------	d-----w-	c:\programdata\FLEXnet
2010-09-25 14:15 . 2009-08-10 19:29	--------	d-----w-	c:\program files\McAfee
2010-09-25 14:15 . 2009-08-10 19:29	--------	d-----w-	c:\program files\Common Files\McAfee
2010-09-25 09:40 . 2006-11-02 10:25	86016	----a-w-	c:\windows\Inf\infstor.dat
2010-09-16 14:49 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-09-16 09:55 . 2008-07-07 09:09	--------	d-----w-	c:\programdata\Microsoft Help
2010-09-10 15:10 . 2008-07-07 09:07	--------	d-----w-	c:\program files\Microsoft Works
2010-09-09 19:17 . 2010-05-03 17:12	--------	d-----w-	c:\program files\Safari
2010-08-04 10:58 . 2009-07-07 18:19	98088	----a-w-	c:\users\Lavinia\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-27 17:44 . 2010-07-27 17:44	91424	----a-w-	c:\windows\system32\dnssd.dll
2010-07-27 17:44 . 2010-07-27 17:44	107808	----a-w-	c:\windows\system32\dns-sd.exe
2010-07-18 13:49 . 2010-04-16 15:27	444952	----a-w-	c:\windows\system32\wrap_oal.dll
2010-07-18 13:49 . 2010-04-16 15:27	109080	----a-w-	c:\windows\system32\OpenAL32.dll
2010-06-19 07:35 . 2009-11-16 18:11	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2010-08-24 13:57 . 2010-09-25 09:40	24376	----a-w-	c:\program files\mozilla firefox\components\Scriptff.dll
2009-08-08 23:11 . 2009-08-08 23:11	10437264	----a-w-	c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-08-08 23:30 . 2009-08-08 23:30	107760	----a-w-	c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
2007-04-20 09:40	118784	----a-w-	c:\program files\TrueSuite Access Manager\IconOvrly.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
\HWSetup.exe hwSetUP [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2008-03-19 11:35	716800	----a-w-	c:\program files\Toshiba\FlashCards\TCrdMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16	39792	----a-w-	c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-12-15 13:29	184320	----a-w-	c:\program files\Apoint2K\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2008-04-29 08:33	417792	----a-w-	c:\program files\Camera Assistant Software for Toshiba\traybar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-11-02 02:30	2508104	----a-w-	c:\program files\Canon\MyPrinter\BJMYPRT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-09-04 01:43	767312	----a-w-	c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25	125952	----a-w-	c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FingerPrintNotifer]
2008-06-04 01:08	688128	----a-w-	c:\program files\TrueSuite Access Manager\FpNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-06-19 07:35	30192	----a-w-	c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-05-28 11:40	20480	----a-w-	c:\program files\Google\Google EULA\GoogleEULALauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDMICtrlMan]
2008-04-26 13:57	716800	----a-w-	c:\program files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2007-10-31 20:01	54608	----a-w-	c:\program files\Toshiba\TBS\HSON.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
2007-09-28 14:03	75136	----a-w-	c:\program files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 01:10	421160	----a-w-	c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
2006-11-06 15:14	34352	----a-w-	c:\program files\Toshiba\Utilities\KeNotify.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Malwarebytes Anti-Malware  (reboot)]
2010-04-29 11:19	1090952	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
2010-06-30 23:07	1193848	----a-w-	c:\program files\McAfee.com\Agent\mcagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44	3883840	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-29 05:11	13543968	----a-w-	c:\windows\System32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-29 05:11	92704	----a-w-	c:\windows\System32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PwdBank]
2008-06-17 16:17	3151360	----a-w-	c:\program files\TrueSuite Access Manager\PwdBank.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-08-24 09:27	7719456	----a-w-	c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28	1233920	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2009-08-24 09:28	1833504	----a-w-	c:\program files\Realtek\Audio\HDA\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2008-01-25 11:33	509816	----a-w-	c:\program files\Toshiba\SmoothView\SmoothView.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17	149280	----a-w-	c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
2007-09-19 09:08	438272	----a-w-	c:\program files\Toshiba\Utilities\SVPWUTIL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-07-07 06:34	68856	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
2007-07-10 07:24	581632	----a-w-	c:\program files\Toshiba\Toshiba Online Product Information\TOPI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2008-01-11 02:07	574864	----a-w-	c:\program files\Toshiba\Registration\ToshibaRegistration.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPO]
2008-04-24 08:22	103824	----a-w-	c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2008-01-17 14:27	431456	----a-w-	c:\program files\Toshiba\Power Saver\TPwrMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TRCMan]
2008-04-30 17:24	692224	----a-w-	c:\program files\Toshiba\TRCMan\TRCMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UsbMonitor]
2007-06-05 14:42	94208	----a-w-	c:\program files\TrueSuite Access Manager\usbnotify.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23	1008184	----a-w-	c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28	2153472	----a-w-	c:\windows\System32\oobefldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25	202240	----a-w-	c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-17 133104]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-19 30192]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-08-24 84264]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\Drivers\AlfaFF.sys [2008-02-29 42608]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-08-24 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-08-24 164808]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
S2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [2008-03-31 49152]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-07-23 206112]
S2 McMPFSvc;McAfee Personal Firewall-Dienst;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-08-24 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-08-24 141792]
S2 MSSQL$QOSMIOAVINDEXING;SQL Server (QOSMIOAVINDEXING);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-08-24 55840]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-04-28 54784]
S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [2008-04-28 11264]
S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [2008-04-25 5632]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-05-21 86672]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-08-24 312904]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-29 43040]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-24 73728]
S3 SPURS;TOSHIBA Quad Core HD Processor;c:\windows\system32\DRIVERS\spurs.sys [2008-05-07 106496]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - mfeavfk01
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
2010-10-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-07 18:08]
2010-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-17 18:16]
2010-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-17 18:16]
2010-10-08 c:\windows\Tasks\User_Feed_Synchronization-{0D0209DB-2CC4-48DF-A011-0FEF7EF20051}.job
- c:\windows\system32\msfeedssync.exe [2010-09-09 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to Mp3 Converter - c:\users\Lavinia\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home
FF - ProfilePath - c:\users\Lavinia\AppData\Roaming\Mozilla\Firefox\Profiles\32scw1z0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.imdb.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\users\Lavinia\AppData\Roaming\Move Networks\plugins\071803000001\npqmp071803000001.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
MSConfigStartUp-cfFncEnabler - cfFncEnabler.exe
MSConfigStartUp-NDSTray - NDSTray.exe
MSConfigStartUp-nrexmscaow - c:\users\Lavinia\AppData\Local\Temp\nrexmscaow.exe
MSConfigStartUp-v700bin00mod - c:\users\Lavinia\AppData\Roaming\B50BF6989C27D56C2A7E11169008A2D2\v700bin00mod.exe
"ImagePath"="system32\DRIVERS\spurs.sys"
"fwImagePath"="c:\program files\TOSHIBA\SpursEngine\\libexec\spurs_fw.img"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-10-08  18:30:37
ComboFix-quarantined-files.txt  2010-10-08 17:30
Vor Suchlauf: 10 Verzeichnis(se), 16.141.512.704 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 16.093.270.016 Bytes frei
- - End Of File - - 5FD9ED805F5E75218C56337671828DDA
          | 
|  08.10.2010, 18:46 | #10 | 
| /// Malware-holic       |   AntimalwareDoctor - Malwarebytes/Spybot haben nichts gebracht! download den CCleaner Slim Piriform - Builds instaliere ihn. klicke dann auf extras, liste der instalierten programme. diese als txt speichern. die txt öffnest du dann hinter jedes benötigte programm schreibe notwendig hinter unnötige unnötig und hinter unbekannte, unbekannt diese liste posten. | 
|  08.10.2010, 19:01 | #11 | 
|  |   AntimalwareDoctor - Malwarebytes/Spybot haben nichts gebracht! Activation Assistant for the 2007 Microsoft Office suites	Microsoft Corporation	06.07.2009	14,0MB	notwendig Adobe Flash Player 10 Plugin Adobe Systems Incorporated 23.09.2010 10.1.85.3 unbekannt Adobe Flash Player ActiveX Adobe Systems Incorporated 06.07.2009 9.0.124.0 unbekannt Adobe Photoshop Elements 8.0 Adobe Systems Incorporated 03.08.2010 943,2MB 8.0 notwendig Adobe Reader 8.1.2 - Deutsch Adobe Systems Incorporated 06.07.2008 99,6MB 8.1.2 notwendig ALPS Touch Pad Driver ALPS ELECTRIC CO., LTD 06.07.2009 7.2.302.101 unbekannt Amazon MP3-Downloader 1.0.5 06.01.2010 1,67MB notwendig Apple Application Support Apple Inc. 08.09.2010 42,8MB 1.3.2 unbekannt Apple Mobile Device Support Apple Inc. 08.09.2010 20,1MB 3.2.0.47 unnötig Apple Software Update Apple Inc. 18.07.2009 2,16MB 2.1.1.116 notwendig Big Fish Games Client 04.07.2010 4,65MB 1.4.1.1 notwendig Bluetooth Stack for Windows by Toshiba TOSHIBA CORPORATION 06.07.2008 57,8MB v6.10.07.2(T) notwendig Bonjour Apple Inc. 01.10.2010 0,76MB 2.0.3.0 unnötig Camera Assistant Software for Toshiba Chicony Electronics Co.,Ltd. 06.07.2008 62,7MB 1.7.193.0508 notwendig CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Inc. 14.07.2010 107,2MB 1.7.0.4 notwendig Canon Inkjet Printer/Scanner/Fax Extended Survey Program 14.06.2010 1,31MB notwendig Canon Internet Library for ZoomBrowser EX Canon Inc. 14.07.2010 107,2MB 1.6.3.9 notwendig Canon iP2700 series Benutzerregistrierung 14.06.2010 1,09MB notwendig Canon iP2700 series Printer Driver 14.06.2010 435,1MB notwendig Canon MOV Decoder Canon Inc. 14.07.2010 4,79MB 1.3.0.14 notwendig Canon MOV Encoder Canon Inc. 14.07.2010 2,50MB 1.1.0.18 notwendig Canon MovieEdit Task for ZoomBrowser EX Canon Inc. 14.07.2010 107,2MB 3.1.0.27 notwendig Canon Utilities CameraWindow Canon Inc. 14.07.2010 2,31MB 7.2.0.2 notwendig Canon Utilities CameraWindow DC Canon Inc. 14.07.2010 5,22MB 7.4.0.9 notwendig Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX Canon Inc. 14.07.2010 11,5MB 6.5.0.3 notwendig Canon Utilities Easy-PhotoPrint EX 14.06.2010 222,0MB notwendig Canon Utilities My Printer 14.06.2010 5,23MB notwendig Canon Utilities MyCamera Canon Inc. 14.07.2010 8,54MB 7.2.0.4 notwendig Canon Utilities MyCamera DC Canon Inc. 14.07.2010 8,45MB 7.2.0.5 notwendig Canon Utilities PhotoStitch Canon Inc. 14.07.2010 6,14MB 3.1.22.46 notwendig Canon Utilities RemoteCapture Task for ZoomBrowser EX Canon Inc. 14.07.2010 9,29MB 1.8.0.1 notwendig Canon Utilities Solution Menu 14.06.2010 3,05MB notwendig Canon Utilities ZoomBrowser EX Canon Inc. 14.07.2010 107,2MB 6.3.0.7 notwendig Canon ZoomBrowser EX Memory Card Utility Canon Inc. 14.07.2010 12,7MB 1.2.2.11 notwendig CCleaner Piriform 07.10.2010 2,96MB 2.36 notwendig CD/DVD Drive Acoustic Silencer TOSHIBA 06.07.2008 0,59MB 2.02.03 notwendig Compatibility Pack für 2007 Office System Microsoft Corporation 09.09.2010 64,0MB 12.0.6425.1000 notwendig Die Sims™ 3 Electronic Arts 16.09.2010 5.617,7MB 1.15.34 notwendig Dolby Control Center Dolby 06.07.2008 45,2MB 1.1.0402 notwendig DVD MovieFactory for TOSHIBA Ulead Systems, Inc. 06.07.2009 257,8MB 5.58 notwendig EA Download Manager Electronic Arts, Inc. 10.07.2009 7,97MB 5.0.0.288 notwendig ffdshow [rev 497] [2006-11-04] 21.12.2009 8,70MB 1.0 unbekannt Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) MAGIX AG 06.07.2008 6,34MB 2.0.0.1 unbekannt Free Audio CD Burner version 1.3 DVDVideoSoft Limited. 01.07.2010 3,09MB unbekannt Free YouTube to iPod Converter version 3.5 DVDVideoSoft Limited. 01.07.2010 3,23MB notwendig Free YouTube to MP3 Converter version 3.5 DVDVideoSoft Limited. 01.07.2010 2,68MB notwendig Geheimnisse von London 18.12.2009 121,0MB notwendig GIMP 2.6.9 The GIMP Team 06.07.2010 100,3MB 2.6.9 unbekannt Google Desktop Google 18.06.2010 6,97MB 5.9.1005.12335 unnötig Google Earth Google 01.10.2010 85,4MB 5.2.1.1588 notwendig Google Toolbar for Internet Explorer Google Inc. 14.07.2010 8,14MB unnötig Google Updater Google Inc. 16.09.2009 3,91MB 2.4.1698.5652 unnötig HDMI Control Manager TOSHIBA 06.07.2008 2,68MB 1.7 notwendig ICQ6.5 ICQ 12.08.2009 49,9MB 6.5 notwendig Intel® Matrix Storage Manager Intel Corporation 06.07.2009 37,3MB unbekannt iPhone-Konfigurationsprogramm Apple Inc. 14.09.2009 22,4MB 2.1.0.163 unnötig iTunes Apple Inc. 01.10.2010 138,8MB 10.0.1.22 notwendig Java(TM) 6 Update 17 Sun Microsystems, Inc. 18.07.2009 94,5MB 6.0.170 notwendig Java(TM) 6 Update 6 Sun Microsystems, Inc. 06.07.2008 171,1MB 1.6.0.60 unnötig JMicron JMB38X Flash Media Controller JMicron Technology Corp. 06.07.2008 3,66MB 1.00.13.03 unbekannt MAGIX Digital Foto Maker SE 4.1.0.835 (D) MAGIX AG 06.07.2008 239,7MB 4.1.0.835 notwendig MAGIX Foto Suite 1.12.0.89 (D) MAGIX AG 06.07.2008 122,4MB 1.12.0.89 notwendig MAGIX Online Druck Service 2.3.2.0 (D) MAGIX AG 06.07.2008 9,35MB 2.3.2.0 unnötig Malwarebytes' Anti-Malware Malwarebytes Corporation 07.10.2010 3,90MB unnötig McAfee Internet Security McAfee, Inc. 24.09.2010 132,2MB 10.5.195 notwendig Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 07.08.2009 37,0MB notwendig Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 05.08.2009 37,0MB notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 26.06.2010 120,3MB 4.0.30319 notwendig Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 26.06.2010 24,5MB 4.0.30319 notwendig Microsoft Office Home and Student 2007 Microsoft Corporation 06.08.2009 307,9MB 12.0.6425.1000 notwendig Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 11.06.2010 89,0MB 12.0.6425.1000 notwendig Microsoft SQL Server 2005 Microsoft Corporation 06.07.2009 63,0MB notwendig Microsoft SQL Server Native Client Microsoft Corporation 09.07.2009 2,61MB 9.00.4035.00 notwendig Microsoft SQL Server Setup Support Files (English) Microsoft Corporation 09.07.2009 24,6MB 9.00.4035.00 notwendig Microsoft SQL Server VSS Writer Microsoft Corporation 09.07.2009 0,66MB 9.00.4035.00 notwendig Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 05.08.2009 0,25MB 8.0.50727.4053 notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 21.12.2009 2,37MB 8.0.56336 notwendig Microsoft Works Microsoft Corporation 09.09.2010 545,2MB 9.7.0621 notwendig Microsoft WSE 3.0 Runtime Microsoft Corp. 06.07.2009 0,92MB 3.0.5305.0 notwendig Move Media Player Move Networks 23.05.2010 unbekannt Mozilla Firefox (3.5.7) Mozilla 05.01.2010 47,6MB 3.5.7 (de) notwendig MSXML 4.0 SP2 (KB941833) Microsoft Corporation 06.07.2008 1,28MB 4.20.9849.0 notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 09.07.2009 1,29MB 4.20.9870.0 notwendig MSXML 4.0 SP2 (KB973688) Microsoft Corporation 25.11.2009 1,35MB 4.20.9876.0 notwendig myphotobook 3.6 myphotobook 06.07.2009 18,7MB 3.6 unbekannt NVIDIA Drivers 12.09.2009 notwendig OpenAL 09.07.2010 0,77MB unbekannt Picasa 3 Google, Inc. 20.11.2009 74,3MB 3.1 unnötig QuickTime Apple Inc. 15.09.2010 73,7MB 7.68.75.0 notwendig Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek 06.07.2008 1,54MB 1.00.0000 notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 06.07.2008 21,8MB 6.0.1.5923 notwendig Safari Apple Inc. 08.09.2010 41,3MB 5.33.18.5 unbekannt Sibelius Scorch (Firefox, Opera, Netscape only) Sibelius Software 29.09.2009 38,4MB 6.0.7 unbekannt Skype Toolbars Skype Technologies S.A. 07.10.2010 5,25MB 1.0.4051 unnötig Skype™ 4.2 Skype Technologies S.A. 07.10.2010 31,1MB 4.2.187 notwendig TOSHIBA Assist TOSHIBA 06.07.2008 1,18MB 2.01.06 notwendig TOSHIBA Benutzerhandbücher TOSHIBA 06.07.2008 6,75MB 7.40 notwendig TOSHIBA ConfigFree TOSHIBA Corporation 06.07.2008 74,3MB 7.2.13 notwendig TOSHIBA Disc Creator TOSHIBA Corporation 06.07.2008 9,71MB 2.0.1.3 notwendig TOSHIBA DVD PLAYER TOSHIBA Corporation 06.07.2008 24,8MB 2.00.14 notwendig TOSHIBA Extended Tiles for Windows Mobility Center Toshiba 06.07.2008 1,28MB 1.01.00 notwendig TOSHIBA Face Recognition TOSHIBA Corporation 06.07.2008 672,8MB 2.0.2.32 notwendig TOSHIBA Flash Cards Support Utility TOSHIBA 06.07.2008 1.54.0.3C notwendig TOSHIBA Gesture Controller TOSHIBA 06.07.2009 672,8MB 1.2.1849.80602 notwendig TOSHIBA Graphical Video Library TOSHIBA 06.07.2009 11,2MB 1.0.1.0 notwendig TOSHIBA Hardware Setup TOSHIBA 06.07.2008 1.54.0.2C notwendig TOSHIBA HD Console TOSHIBA 06.07.2009 0,22MB 1.0.3.0 notwendig Toshiba Online Product Information TOSHIBA 06.07.2008 5,51MB 1.00.0012 notwendig TOSHIBA Quad Core HD Processor Driver 1.0.2.14 Ihr Firmenname 06.07.2009 2,34MB 1.00.0214 notwendig TOSHIBA Recovery Disc Creator TOSHIBA 06.07.2008 2,54MB 2.0.0.1b notwendig TOSHIBA Remote Control Manager TOSHIBA 06.07.2009 0,93MB 2.4.0 notwendig TOSHIBA Software Modem Agere Systems 06.07.2009 2.1.77 (SM2177ALD04) notwendig TOSHIBA Supervisorkennwort TOSHIBA 06.07.2008 1.54.0.3C notwendig Toshiba TEMPRO Toshiba Europe GmbH 06.07.2008 8,25MB 1.1 notwendig TOSHIBA Value Added Package TOSHIBA Corporation 06.07.2008 64,00KB 1.1.19 notwendig TOSHIBA_Quad_Core_HD_Processor_Demo TOSHIBA Corporation 06.07.2009 136,3MB 1.00.0000 notwendig TRDCReminder TOSHIBA 06.07.2008 0,38MB 1.00.0015 notwendig TRORDCLauncher TOSHIBA 06.07.2008 3,35MB 1.0.0.1 notwendig TrueSuite Access Manager ABIG 06.07.2009 21,1MB 2.01.13.00 notwendig Uninstall 1.0.0.1 01.07.2010 16,3MB unbekannt Windows Live Anmelde-Assistent Microsoft Corporation 09.07.2009 1,93MB 5.000.818.5 notwendig Windows Live Essentials Microsoft Corporation 24.11.2009 44,0MB 14.0.8089.0726 notwendig Windows Live-Uploadtool Microsoft Corporation 09.07.2009 0,22MB 14.0.8014.1029 notwendig Windows Media Encoder 9 Series 06.07.2009 13,6MB notwendig Windows Media Player Firefox Plugin Microsoft Corp 09.03.2010 0,29MB 1.0.0.8 notwendig Windows-Treiberpaket - TOSHIBA (mod7700) Media (04/21/2007 2.3.3.21) TOSHIBA 06.07.2009 13,6MB 04/21/2007 2.3.3.21 notwendig WinRAR 09.07.2009 3,73MB notwendig | 
|  08.10.2010, 19:06 | #12 | 
|  |   AntimalwareDoctor - Malwarebytes/Spybot haben nichts gebracht! Ich habe mal bei allen Microsoft-Toshiba-Sachen notwendig geschrieben, schienen mir wichtig zu sein   EDIT: Argh... ich muss jetzt leider gehen, bin spät dran... :S ... aber ich komme wieder !  Vielen vielen Dank für deine Hilfe und Zeit!!!!!!!!!!! Geändert von Win52 (08.10.2010 um 19:18 Uhr) | 
|  08.10.2010, 19:27 | #13 | 
| /// Malware-holic       |   AntimalwareDoctor - Malwarebytes/Spybot haben nichts gebracht! ok los gehts. Adobe Reader 8.1.2 deinstalieren und ersetzen durch: Adobe - Adobe Reader herunterladen - Alle Versionen öffne dann den reader, bearbeiten, voreinstellungen, javascript, dort den haken raus, internet, ebenfalls alle haken raus. so werden keine pdfs mehr automatisch geladen und es kann dir kein schadcode mehr auf diese weise untergeschoben werden. bitte noch unnötige plugins verschieben: http://computer.t-online.de/adobe-re...15363164/index behalte aber: EScript.api Escript.deu Search.api Search.DEU deinstaliere: Apple Application Support Apple Mobile Device Support Bonjour ffdshow Firebird SQL Server Free Audio CD Burner GIMP 2.6.9 Google Desktop Google Toolbar Google Updater ICQ6.5 ist 1. veraltet und sollte lieber durch ne werbefreie alternative ersetzt werden. Miranda Fusion du kannst damit viele weitere messenger nutzen. wenn es aber unbedingt icq sein muss dann wenigstens die neueste version. ICQ Download - ICQ.com deinstalieren: iPhone-Konfigurationsprogramm beide java versionen. das update gibts hier: Download der kostenlosen Java-Software weiter gehts. MAGIX Online Druck Service Microsoft SQL Server 2005 (außer du betreibst nen server) Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files Microsoft SQL Server VSS Writer Move Media Player Mozilla Firefox (3.5.7) upgraden: Webbrowser Firefox | Schneller, sicherer & anpassbar | Mozilla Europe myphotobook OpenAL Picasa 3 Safari Apple Inc Sibelius Scorch Skype Toolbars jetzt zu den TOSHIBA sachen, ich schreib dir was alles weg kann, falls du davon was brauchst dann deinstaliere es nicht. TOSHIBA Benutzerhandbücher TOSHIBA DVD PLAYER TOSHIBA Face Recognition TOSHIBA Flash Cards Support Toshiba Online Product Information TOSHIBA Remote Control Manager Toshiba TEMPRO berichte danach wie der laptop läuft | 
|  09.10.2010, 14:35 | #14 | 
|  |   AntimalwareDoctor - Malwarebytes/Spybot haben nichts gebracht! Wow, da war jetzt einiges zu tun... aber jetzt läuft alles super! Und ich bekomme auf jeden Fall keine "Antimalware Doctor" Seite mehr bei jedem Start. Was soll ich jetzt eigentlich von den "Säuberungsprogrammen" behalten? Also ich habe ja normal McAfee, jetzt noch den CCleaner, Combofix, Malwarebytes Antimalware und OTL. Vielen, vielen, vielen, vielen Dank!!! Du bist super!!   | 
|  09.10.2010, 14:37 | #15 | 
| /// Malware-holic       |   AntimalwareDoctor - Malwarebytes/Spybot haben nichts gebracht! keine eile. welche mcafee version nutzt du?  | 
|  | 
| Themen zu AntimalwareDoctor - Malwarebytes/Spybot haben nichts gebracht! | 
| ahnung, antimalware doctor, antimalwaredoctor, ausland, ausprobiert, erfolg, erfolglos, gestern, google, malwarebytes, mcafee, nichts, poste, posten, programm, relativ, spybot, threads, verzweifel, wenig, zugriff |