| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojandownloader:Win32/Renos.MQWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
08.08.2010, 20:14
| #1 |
 |  Trojandownloader:Win32/Renos.MQ Hallo, ich hab ein riesen Problem. Mein Windows-Defender erzählt mir ständig ich hätte einen "Trojandownloader:Win32/Renos.MQ" auf dem Laptop. Ich hab den CC-Cleaner bereits ausgeführt und dann die Malwarebytes - software. Das hier ist das Ergebnis davon: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4407 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 08.08.2010 21:09:06 mbam-log-2010-08-08 (21-09-06).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 135744 Laufzeit: 6 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 5 Infizierte Speicherprozesse: C:\Users\Sabrina\AppData\Local\Temp\Ymr.exe (Trojan.Downloader) -> Unloaded process successfully. Infizierte Speichermodule: C:\Users\Sabrina\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\metropolis (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ze18mw23gy (Trojan.Downloader) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Sabrina\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. C:\Users\Sabrina\AppData\Local\Temp\Ymr.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\Sabrina\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. Betriebssystem ist Windows Vista mit dem Service Pack 2 Ich hoffe, es kann mir jemand helfen, ich kenne mich kaum aus. Grüße |
|
08.08.2010, 20:33
| #2 |
| /// Selecta Jahrusso   | Trojandownloader:Win32/Renos.MQ Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 Downloade Dir bitte Load.exe
Nach dem Neustart findest Du einen Ordner MFTools auf dem Desktop. Darin befindet sich eine Anleitung.pdf. Diese bitte öffnen und die darin beschriebenen Schritte abarbeiten.
__________________ |
|
08.08.2010, 21:07
| #3 |
| | Trojandownloader:Win32/Renos.MQ GMER Logfile:
__________________Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-08 22:05:54
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Sabrina\AppData\Local\Temp\fwlcqpow.sys
---- Kernel code sections - GMER 1.0.15 ----
? System32\drivers\hnov.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8AF4F480, 0x3C939, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8AF90900, 0x3CA, 0x48000040]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8EE04000, 0x1FB0FA, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2824] kernel32.dll!FindResourceExA 77112575 7 Bytes JMP 2806C4F0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2824] kernel32.dll!FindResourceA 77112653 5 Bytes JMP 2806C460 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2824] kernel32.dll!CreateEventA 771344C0 5 Bytes JMP 2806BFC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2824] kernel32.dll!LockResource 771368DF 5 Bytes JMP 2806C6A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2824] kernel32.dll!FindResourceExW 771369FD 7 Bytes JMP 2806C3E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2824] kernel32.dll!LoadResource 77136ADB 7 Bytes JMP 2806C580 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2824] kernel32.dll!FindResourceW 77137FA1 5 Bytes JMP 2806C360 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2824] kernel32.dll!SizeofResource 77137FBF 7 Bytes JMP 2806C630 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2824] ADVAPI32.dll!CryptDeriveKey 75C3FCAE 7 Bytes JMP 2806BAD0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2824] ADVAPI32.dll!CryptDecrypt 75C3FE91 7 Bytes JMP 2806BB30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2824] USER32.dll!CreateDialogParamW 75E972A2 5 Bytes JMP 2806FC50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2824] USER32.dll!SetWindowPlacement 75E97963 5 Bytes JMP 2806FB00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2824] USER32.dll!SetWindowRgn 75E9A221 7 Bytes JMP 2806FBA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2824] USER32.dll!LoadImageW 75E9C9E5 5 Bytes JMP 280702B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2824] USER32.dll!LoadIconW 75E9DA9F 5 Bytes JMP 28070430 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2824] USER32.dll!CreateWindowExW 75EA1305 5 Bytes JMP 2806DB40 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2824] USER32.dll!GetWindowLongW 75EAF8BF 7 Bytes JMP 28070560 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2824] USER32.dll!PeekMessageW 75EB045A 5 Bytes JMP 2806E560 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2824] USER32.dll!TrackPopupMenuEx 75EC0CE7 5 Bytes JMP 2806EBE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2824] USER32.dll!MessageBoxIndirectW 75EED5D3 5 Bytes JMP 2806FE50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2824] SHELL32.dll!Shell_NotifyIconW 76368642 5 Bytes JMP 2806D230 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2824] ole32.dll!CoRegisterClassObject 76E37DB6 5 Bytes JMP 2806CA00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2824] ole32.dll!CoCreateInstance 76E79EA6 5 Bytes JMP 2806CC80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2824] ole32.dll!CoInitializeEx 76E7AD63 5 Bytes JMP 2806C900 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2824] WININET.dll!HttpOpenRequestA 75A2FBBC 5 Bytes JMP 28073350 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2824] WININET.dll!InternetCloseHandle 75A32DB8 5 Bytes JMP 280735F0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2824] WININET.dll!InternetReadFile 75A374B9 5 Bytes JMP 280734B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2824] WININET.dll!HttpSendRequestA 75A3D3A0 5 Bytes JMP 28073550 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3068] USER32.dll!InSendMessageEx + 4C9 75E9E7C8 7 Bytes JMP 0009BF70 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3068] USER32.dll!CreateIconFromResourceEx + 340 75EA0E45 7 Bytes JMP 0009BE30 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3068] USER32.dll!DdeQueryStringW + 5CE 75EBFA2D 7 Bytes JMP 0009BF50 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3068] USER32.dll!MessageBoxIndirectA + F5 75EED5CE 7 Bytes JMP 0009BFC0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3068] USER32.dll!MessageBoxIndirectW + 61 75EED634 7 Bytes JMP 0009C090 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3068] USER32.dll!MessageBoxExA + 1F 75EED658 7 Bytes JMP 0009C040 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[3108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73427817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7347A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7342BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7341F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [734275E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7341E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73458395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7342DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7341FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7341FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [734171CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [734ACAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7344C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7341D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73416853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7341687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73422AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Das war das Ergebnis bei GMER, ich mache gleich den OTL-Scan |
|
08.08.2010, 21:22
| #4 |
| | Trojandownloader:Win32/Renos.MQ OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.08.2010 22:09:43 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Sabrina\Desktop\MFTools Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,29 Gb Total Space | 22,94 Gb Free Space | 19,72% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 115,13 Gb Total Space | 109,97 Gb Free Space | 95,52% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BINAS-PC Current User Name: Sabrina Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.08.08 21:36:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Sabrina\Desktop\MFTools\OTL.exe PRC - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.12.08 15:51:52 | 000,774,144 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe PRC - [2009.07.27 04:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2009.07.18 05:12:12 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe PRC - [2009.04.11 08:27:39 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.09 20:10:54 | 000,970,240 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Search Settings\SearchSettings.exe PRC - [2009.02.23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe PRC - [2009.02.22 13:10:34 | 000,382,384 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe PRC - [2009.02.06 18:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe PRC - [2008.11.24 15:01:12 | 000,237,693 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe PRC - [2008.04.24 13:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe PRC - [2008.04.24 10:22:10 | 000,103,824 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe PRC - [2008.04.24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe PRC - [2008.04.17 00:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe PRC - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe PRC - [2008.04.17 00:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe PRC - [2008.04.08 15:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.03.19 14:35:42 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe PRC - [2008.01.25 14:33:50 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe PRC - [2008.01.17 17:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe PRC - [2008.01.17 17:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe PRC - [2007.12.03 18:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe PRC - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe PRC - [2007.07.23 16:43:42 | 000,057,344 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe PRC - [2007.05.11 03:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe ========== Modules (SafeList) ========== MOD - [2010.08.08 21:36:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Sabrina\Desktop\MFTools\OTL.exe MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.11.21 14:55:58 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2009.11.14 13:37:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009.09.23 17:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R) SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) SRV - [2009.02.23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2008.04.24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService) SRV - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.17 17:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2007.12.03 18:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service) SRV - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) SRV - [2007.10.30 01:35:40 | 000,937,984 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (igfx) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.10.15 18:14:38 | 000,024,352 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SipIMNDI.sys -- (SipIMNDI) DRV - [2009.09.16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2009.09.16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk) DRV - [2009.05.25 14:35:00 | 000,116,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029unic.sys -- (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM) DRV - [2009.05.25 14:34:56 | 000,122,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdm.sys -- (s1029mdm) DRV - [2009.05.25 14:34:56 | 000,090,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029bus.sys -- (s1029bus) Sony Ericsson Device 1029 driver (WDM) DRV - [2009.05.25 14:34:56 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdfl.sys -- (s1029mdfl) DRV - [2009.05.25 14:34:54 | 000,115,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mgmt.sys -- (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM) DRV - [2009.05.25 14:34:54 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029obex.sys -- (s1029obex) DRV - [2009.05.25 14:34:54 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029nd5.sys -- (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.20 10:41:38 | 000,804,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ksaud.sys -- (ksaud) DRV - [2009.04.11 06:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2008.07.18 19:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32) DRV - [2008.04.18 01:54:16 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.04.15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2008.04.15 10:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.04.09 18:00:04 | 002,095,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008.04.08 02:24:20 | 003,548,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.02.15 18:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007.12.06 18:12:48 | 000,196,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2007.11.09 15:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ) DRV - [2007.08.31 18:43:32 | 000,020,352 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf) DRV - [2007.07.30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.07.30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.11.20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.10.23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec) DRV - [2006.10.18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2005.01.19 11:14:38 | 000,211,712 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Labtec WebCam(PID_0928) DRV - [2005.01.19 11:11:16 | 000,022,016 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA; IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA; IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.07 12:20:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.06 22:11:27 | 000,000,000 | ---D | M] [2010.08.06 22:12:33 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\mozilla\Extensions [2010.08.06 22:15:27 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\mozilla\Profiles\vg0focgc.Standard-Benutzer\extensions [2010.08.06 22:15:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sabrina\AppData\Roaming\mozilla\Profiles\vg0focgc.Standard-Benutzer\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.06 22:11:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009.07.15 22:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.03.29 21:23:03 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2009.04.19 22:04:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com [2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live Germany Toolbar) - {542E4D79-1970-4E95-9862-FDB96F61B280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [cfFncEnabler.exe] File not found O4 - HKLM..\Run: [Creative SB Monitoring Utility] C:\Windows\System32\SBAVMon.dll (Creative Technology Ltd.) O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe File not found O4 - HKLM..\Run: [jswtrayutil] C:\Program Files\Jumpstart\jswtrayutil.exe File not found O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Module Loader] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [NDSTray.exe] File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH) O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found O4 - HKCU..\Run: [EPSON Stylus D78 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB) O4 - HKCU..\Run: [TOSCDSPD] File not found O4 - Startup: C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found O24 - Desktop WallPaper: C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1d1b84c6-0463-11df-8d8f-b089d68b17ce}\Shell - "" = AutoRun O33 - MountPoints2\{1d1b84c6-0463-11df-8d8f-b089d68b17ce}\Shell\AutoRun\command - "" = D:\Startme.exe -- File not found O33 - MountPoints2\{dd2f4e10-01c2-11df-9f9d-001e338a7e55}\Shell - "" = AutoRun O33 - MountPoints2\{dd2f4e10-01c2-11df-9f9d-001e338a7e55}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found O33 - MountPoints2\{dd2f4e31-01c2-11df-9f9d-001e338a7e55}\Shell - "" = AutoRun O33 - MountPoints2\{dd2f4e31-01c2-11df-9f9d-001e338a7e55}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msaudio1 - C:\Windows\System32\msaud32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation) Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.dvsd - C:\Windows\System32\pdvcodec.dll (Matsushita Electric Industrial Co., Ltd.) Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Labtec Inc.) Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation) Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll () Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org) Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 90 Days ========== [2010.08.08 21:39:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.08.08 21:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2010.08.08 21:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2010.08.08 21:36:23 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\Desktop\MFTools [2010.08.08 21:00:47 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Roaming\Malwarebytes [2010.08.08 21:00:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.08.08 21:00:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.08.08 21:00:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.08.08 21:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.07 15:42:25 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Roaming\Avira [2010.08.07 12:22:25 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.08.07 12:22:25 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010.08.07 12:22:24 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.08.07 12:22:24 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010.08.07 12:22:24 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010.08.07 12:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.08.07 12:22:21 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2010.08.06 20:50:54 | 000,000,000 | ---D | C] -- C:\Program Files\Trojancheck 6 [2010.07.03 13:19:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan [2010.07.03 13:18:45 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Roaming\Canon [2010.07.03 12:59:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV [2010.07.02 22:17:51 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Local\Canon Easy-PhotoPrint EX [2010.07.02 22:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON [2010.07.02 22:09:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2010.07.02 22:08:48 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information [2010.07.02 22:07:02 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ [2010.07.02 22:04:55 | 000,000,000 | ---D | C] -- C:\Program Files\Canon [2010.06.26 09:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2010.06.05 19:40:15 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2010.06.05 19:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger_Plus_Live_Germany [2010.05.15 09:43:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010.05.15 09:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010.05.15 09:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010.08.08 22:11:13 | 002,359,296 | -HS- | M] () -- C:\Users\Sabrina\ntuser.dat [2010.08.08 21:38:48 | 000,000,878 | ---- | M] () -- C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2010.08.08 21:38:38 | 000,000,698 | ---- | M] () -- C:\Users\Sabrina\Desktop\NTREGOPT.lnk [2010.08.08 21:38:38 | 000,000,679 | ---- | M] () -- C:\Users\Sabrina\Desktop\ERUNT.lnk [2010.08.08 21:36:32 | 000,284,915 | ---- | M] () -- C:\Users\Sabrina\Desktop\Gmer.zip [2010.08.08 21:35:48 | 000,410,850 | ---- | M] () -- C:\Users\Sabrina\Desktop\Load.exe [2010.08.08 21:19:18 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.08 21:19:18 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.08 21:19:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.08 21:19:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.08 21:17:45 | 000,524,288 | -HS- | M] () -- C:\Users\Sabrina\ntuser.dat{0a43c97a-cf3b-11de-9b5a-001e338a7e55}.TMContainer00000000000000000001.regtrans-ms [2010.08.08 21:17:45 | 000,065,536 | -HS- | M] () -- C:\Users\Sabrina\ntuser.dat{0a43c97a-cf3b-11de-9b5a-001e338a7e55}.TM.blf [2010.08.08 21:17:43 | 004,179,083 | -H-- | M] () -- C:\Users\Sabrina\AppData\Local\IconCache.db [2010.08.08 21:00:42 | 000,000,783 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.08 19:03:31 | 000,238,029 | ---- | M] () -- C:\Users\Sabrina\Desktop\DSC06373.JPG [2010.08.08 02:03:40 | 002,621,638 | ---- | M] () -- C:\Users\Sabrina\Desktop\Yolanda Be Cool & Dcup-We No Spe.mp3 [2010.08.07 12:22:30 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.08.06 22:11:30 | 000,001,689 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.08.02 09:03:47 | 005,404,257 | ---- | M] () -- C:\Users\Sabrina\Desktop\EMC - Jeder Rapper Fickt Seinen Vater (Es ist die Rückkehr des Jahres [Du hast lang genug gewartet]) - WWW.GHETTOWIEN10.AT.mp3 [2010.07.29 10:45:48 | 008,704,819 | ---- | M] () -- C:\Users\Sabrina\Desktop\Fler_Flersguterjunge_021_Fler feat_ Sonny Black_Mit dem BMW.mp3 [2010.07.29 10:45:32 | 007,847,614 | ---- | M] () -- C:\Users\Sabrina\Desktop\Kay One feat_ Sonny Bl_Style & das Geld_001_Kay One feat_ Sonny Bl_Style & das Geld.mp3 [2010.07.29 10:45:12 | 008,669,317 | ---- | M] () -- C:\Users\Sabrina\Desktop\Fler_Flersguterjunge_007_Fler feat_ Bushido_Das alles ist Deutschla.mp3 [2010.07.25 23:25:32 | 000,007,876 | ---- | M] () -- C:\Users\Sabrina\AppData\Roaming\wklnhst.dat [2010.07.22 09:18:45 | 003,533,276 | ---- | M] () -- C:\Users\Sabrina\Desktop\Culcha Candela-Schoene Neue Welt.mp3 [2010.07.22 09:18:45 | 003,250,748 | ---- | M] () -- C:\Users\Sabrina\Desktop\Culcha Candela-Eiskalt.mp3 [2010.07.22 09:13:07 | 003,574,755 | ---- | M] () -- C:\Users\Sabrina\Desktop\Jason Derulo-Whatcha Say.mp3 [2010.07.16 11:08:42 | 007,808,972 | ---- | M] () -- C:\Users\Sabrina\Desktop\Lifehouse_Halfway Gone_001_Lifehouse_Halfway Gone.mp3 [2010.07.16 11:08:24 | 007,442,736 | ---- | M] () -- C:\Users\Sabrina\Desktop\Taio Cruz_Break Your Heart_001_Taio Cruz feat_ Ludacr_Break Your Heart.mp3 [2010.07.16 11:08:12 | 006,168,439 | ---- | M] () -- C:\Users\Sabrina\Desktop\Monrose_Like A Lady_001_Monrose_Like A Lady.mp3 [2010.07.16 11:07:52 | 008,375,767 | ---- | M] () -- C:\Users\Sabrina\Desktop\David Guetta_One Love (Deluxe Ver_004_David Guetta - Kid Cud_Memories (Featuring Kid.mp3 [2010.07.16 11:07:26 | 008,356,533 | ---- | M] () -- C:\Users\Sabrina\Desktop\Rihanna_Rated R - Explicit V_011_Rihanna_Te Amo.mp3 [2010.07.14 11:05:34 | 010,123,157 | ---- | M] () -- C:\Users\Sabrina\Desktop\OneRepublic_Marchin On_002_Timbaland & OneRepubli_Marchin On.mp3 [2010.07.14 11:05:22 | 007,379,073 | ---- | M] () -- C:\Users\Sabrina\Desktop\Edward Maya & Vika Jig_Stereo Love_.mp3 [2010.07.14 11:05:04 | 010,985,337 | ---- | M] () -- C:\Users\Sabrina\Desktop\Lady GaGa_The Fame Monster_002_Lady GaGa_Alejandro.mp3 [2010.07.14 11:04:50 | 009,476,341 | ---- | M] () -- C:\Users\Sabrina\Desktop\Katy Perry featuring S_California Gurls (fe_001_Katy Perry featuring S_California Gurls (feat_.mp3 [2010.07.02 22:45:27 | 000,054,784 | ---- | M] () -- C:\Users\Sabrina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.02 22:16:55 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.07.02 22:16:55 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.07.02 22:16:55 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.07.02 22:16:55 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.07.02 22:16:55 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.06.27 21:09:52 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 3 Traumkarrieren.lnk [2010.06.12 11:42:14 | 000,347,528 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.06.07 04:03:06 | 000,000,680 | ---- | M] () -- C:\Users\Sabrina\AppData\Local\d3d9caps.dat [2010.05.15 09:44:27 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.08 21:40:23 | 000,293,376 | ---- | C] () -- C:\Users\Sabrina\Desktop\gmer.exe [2010.08.08 21:38:48 | 000,000,878 | ---- | C] () -- C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2010.08.08 21:38:38 | 000,000,698 | ---- | C] () -- C:\Users\Sabrina\Desktop\NTREGOPT.lnk [2010.08.08 21:38:38 | 000,000,679 | ---- | C] () -- C:\Users\Sabrina\Desktop\ERUNT.lnk [2010.08.08 21:36:31 | 000,284,915 | ---- | C] () -- C:\Users\Sabrina\Desktop\Gmer.zip [2010.08.08 21:35:44 | 000,410,850 | ---- | C] () -- C:\Users\Sabrina\Desktop\Load.exe [2010.08.08 21:00:42 | 000,000,783 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.08 13:30:45 | 002,621,638 | ---- | C] () -- C:\Users\Sabrina\Desktop\Yolanda Be Cool & Dcup-We No Spe.mp3 [2010.08.07 16:26:15 | 000,238,029 | ---- | C] () -- C:\Users\Sabrina\Desktop\DSC06373.JPG [2010.08.07 12:22:30 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.08.06 22:11:30 | 000,001,689 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.08.02 09:03:16 | 005,404,257 | ---- | C] () -- C:\Users\Sabrina\Desktop\EMC - Jeder Rapper Fickt Seinen Vater (Es ist die Rückkehr des Jahres [Du hast lang genug gewartet]) - WWW.GHETTOWIEN10.AT.mp3 [2010.07.29 10:46:22 | 008,704,819 | ---- | C] () -- C:\Users\Sabrina\Desktop\Fler_Flersguterjunge_021_Fler feat_ Sonny Black_Mit dem BMW.mp3 [2010.07.29 10:46:22 | 008,669,317 | ---- | C] () -- C:\Users\Sabrina\Desktop\Fler_Flersguterjunge_007_Fler feat_ Bushido_Das alles ist Deutschla.mp3 [2010.07.29 10:46:22 | 007,847,614 | ---- | C] () -- C:\Users\Sabrina\Desktop\Kay One feat_ Sonny Bl_Style & das Geld_001_Kay One feat_ Sonny Bl_Style & das Geld.mp3 [2010.07.22 09:18:45 | 003,533,276 | ---- | C] () -- C:\Users\Sabrina\Desktop\Culcha Candela-Schoene Neue Welt.mp3 [2010.07.22 09:13:07 | 003,250,748 | ---- | C] () -- C:\Users\Sabrina\Desktop\Culcha Candela-Eiskalt.mp3 [2010.07.22 09:07:30 | 003,574,755 | ---- | C] () -- C:\Users\Sabrina\Desktop\Jason Derulo-Whatcha Say.mp3 [2010.07.16 11:09:39 | 008,375,767 | ---- | C] () -- C:\Users\Sabrina\Desktop\David Guetta_One Love (Deluxe Ver_004_David Guetta - Kid Cud_Memories (Featuring Kid.mp3 [2010.07.16 11:09:39 | 008,356,533 | ---- | C] () -- C:\Users\Sabrina\Desktop\Rihanna_Rated R - Explicit V_011_Rihanna_Te Amo.mp3 [2010.07.16 11:09:39 | 007,808,972 | ---- | C] () -- C:\Users\Sabrina\Desktop\Lifehouse_Halfway Gone_001_Lifehouse_Halfway Gone.mp3 [2010.07.16 11:09:39 | 007,442,736 | ---- | C] () -- C:\Users\Sabrina\Desktop\Taio Cruz_Break Your Heart_001_Taio Cruz feat_ Ludacr_Break Your Heart.mp3 [2010.07.16 11:09:39 | 006,168,439 | ---- | C] () -- C:\Users\Sabrina\Desktop\Monrose_Like A Lady_001_Monrose_Like A Lady.mp3 [2010.07.14 11:06:17 | 010,985,337 | ---- | C] () -- C:\Users\Sabrina\Desktop\Lady GaGa_The Fame Monster_002_Lady GaGa_Alejandro.mp3 [2010.07.14 11:06:17 | 010,123,157 | ---- | C] () -- C:\Users\Sabrina\Desktop\OneRepublic_Marchin On_002_Timbaland & OneRepubli_Marchin On.mp3 [2010.07.14 11:06:17 | 009,476,341 | ---- | C] () -- C:\Users\Sabrina\Desktop\Katy Perry featuring S_California Gurls (fe_001_Katy Perry featuring S_California Gurls (feat_.mp3 [2010.07.14 11:06:17 | 007,379,073 | ---- | C] () -- C:\Users\Sabrina\Desktop\Edward Maya & Vika Jig_Stereo Love_.mp3 [2010.07.02 22:08:23 | 000,012,544 | ---- | C] () -- C:\Windows\System32\CNC173CD.TBL [2010.06.27 21:09:52 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 3 Traumkarrieren.lnk [2010.05.15 09:44:27 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.03.07 23:13:23 | 000,000,036 | ---- | C] () -- C:\Windows\IniFile1.ini [2009.11.14 14:23:01 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2009.11.14 14:23:01 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2009.11.14 13:48:23 | 000,033,120 | R--- | C] () -- C:\Windows\System32\kschimp.ini [2009.11.14 13:48:23 | 000,000,029 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini [2009.08.10 10:38:48 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll [2009.08.10 10:36:57 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.08.01 11:39:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.05.10 21:08:50 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.04.19 22:04:06 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2009.02.24 14:51:30 | 000,028,635 | ---- | C] () -- C:\Windows\System32\ksaud.ini [2009.02.01 17:36:21 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2008.08.28 14:06:52 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.08.28 14:06:52 | 000,585,728 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.08.04 12:30:01 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll [2008.07.03 11:34:43 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2008.07.03 11:27:11 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.07.03 10:48:03 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.07.03 09:57:12 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.01.19 09:30:54 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini ========== LOP Check ========== [2010.02.14 18:52:23 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Amazon [2009.09.12 21:24:39 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Audacity [2010.07.03 13:19:02 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Canon [2009.04.19 14:25:05 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\gtk-2.0 [2009.02.24 17:18:02 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Inkscape [2009.08.10 13:01:27 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\MAGIX [2009.06.13 09:58:47 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Opera [2010.01.18 22:12:01 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Sony [2010.01.18 21:54:05 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Sony Setup [2009.08.08 14:21:22 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Teleca [2010.07.03 13:10:37 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Template [2009.02.23 12:25:47 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Toshiba [2010.08.08 21:18:00 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2008.07.03 09:37:08 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2010.01.06 22:19:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010.01.06 22:19:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010.08.08 21:18:51 | 3532,910,592 | -HS- | M] () -- C:\pagefile.sys [2009.01.31 17:00:10 | 000,000,651 | ---- | M] () -- C:\RHDSetup.log [2008.07.03 10:59:22 | 000,000,086 | ---- | M] () -- C:\setup.log [2008.09.15 11:06:32 | 000,000,282 | -H-- | M] () -- C:\SWSTAMP.TXT [2008.08.04 11:50:43 | 000,024,328 | ---- | M] () -- C:\_wdsuef.dmp < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2006.11.02 14:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2006.11.02 14:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2006.11.02 14:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2009.10.11 11:20:20 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2006.09.18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2009.03.24 05:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPD9Y.DLL [2009.03.24 05:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPP9Y.DLL [2006.11.02 14:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll [2006.10.26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > [2006.10.28 00:34:00 | 000,862,397 | ---- | M] () -- C:\Windows\ConfigFree.scr [2009.07.10 13:10:44 | 000,307,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > [2008.01.21 04:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008.04.07 21:59:42 | 000,372,736 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll [2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\user32.dll /md5 > [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %systemroot%\system32\ws2_32.dll /md5 > [2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %systemroot%\system32\ws2help.dll /md5 > [2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-05 14:13:44 < End of report > OTL.txt |
|
08.08.2010, 21:23
| #5 |
| | Trojandownloader:Win32/Renos.MQ OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 08.08.2010 22:09:43 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Sabrina\Desktop\MFTools
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,29 Gb Total Space | 22,94 Gb Free Space | 19,72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 115,13 Gb Total Space | 109,97 Gb Free Space | 95,52% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BINAS-PC
Current User Name: Sabrina
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{104237F3-AB93-48E3-A092-18B38ED2786F}" = rport=445 | protocol=6 | dir=out | app=system |
"{160470B3-AD48-4602-A32A-69DCC030EBF6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4D724E3F-6F34-4A5A-AE77-7C2472B601F5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{547F48FD-DFF8-4390-A775-5A8061001C20}" = lport=137 | protocol=17 | dir=in | app=system |
"{56B1E6B2-8558-44BC-A07B-CEFB061E1827}" = lport=138 | protocol=17 | dir=in | app=system |
"{596CD246-E267-402D-B4B6-25D84B0E5210}" = rport=138 | protocol=17 | dir=out | app=system |
"{65F0C2DE-0B91-40D9-89C4-0C030F1E3185}" = rport=137 | protocol=17 | dir=out | app=system |
"{8032A516-D65A-4B51-A8D5-1788CFEDFDFB}" = lport=139 | protocol=6 | dir=in | app=system |
"{83BA94AF-AB65-4188-A477-2CA85BDEE69F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A1CB5E03-8DAC-4AAF-B98D-CB1EDDAEE5C1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C9F60E2C-E098-4317-9BB6-F94A231C4346}" = lport=445 | protocol=6 | dir=in | app=system |
"{D9319571-D976-46E6-BCA0-908E5381D291}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{082F1D9F-D47F-4408-85DC-F48B77BFBD42}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2604B084-0896-410F-B120-301F03807BF2}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{2B28D103-FE48-45E8-A835-50C02635E0D7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{31038B8E-2430-4364-B1C5-38EBA9009367}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4C64CB43-3FB2-4A2D-B286-F87B5D7ADF77}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5E28C244-A7CA-4280-9277-7431E9F10121}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{7FAEEE3E-8DE8-479F-9CFE-40ED84FF83F4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8093F0DE-A1E9-4811-962C-9FCBD1F760DF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8D169EA1-F28A-40A1-A5F1-CB1D379C528C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{984A9F69-82BE-429F-BD4C-8AEC610F9A1E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A40375BB-719D-4E32-A2BE-217A23B5AA3B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E3139214-EF98-43FE-A4FD-3D39A5287F8B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FA2B80B2-367B-4303-9448-9A64C633485A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FD572625-2BC6-4234-8D30-5AC14D6F2BF8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{C0A430F0-6C7C-4BDC-81CF-D5E5587EE2A8}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{C66D0049-1C51-4AB3-9FD4-89DCD5C1C887}C:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=6 | dir=in | app=c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe |
"UDP Query User{6E27A3AF-E601-442A-B367-AFEFCD59ABAA}C:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=17 | dir=in | app=c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe |
"UDP Query User{7EA226C6-C90F-405D-98E9-E6359A2894D3}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E19402-C0E4-B301-17F6-551EA53F7351}" = Catalyst Control Center Localization Japanese
"{03B39295-B637-9491-9A38-90872F42966A}" = Catalyst Control Center Localization Italian
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}" = Search Settings 1.2.1
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0D6D148C-DFE8-C643-C4E7-A7DB84B9031E}" = Catalyst Control Center Localization Swedish
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP490_series" = Canon MP490 series MP Drivers
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{12BEF00E-ECFF-4820-BEDF-CCB9CC06A955}" = Sound Blaster X-Fi Surround 5.1
"{185124C5-8194-4FAC-A0E7-54134BB877C5}" = ConvertMovie 8
"{1A7979D5-9AED-2730-A561-AE28CC747B91}" = Catalyst Control Center Localization Chinese Standard
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1EF7109C-CEC0-45A6-3965-C99FAE0B7A4B}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2C0ADDC5-6FF6-60AC-104F-81C1E7DD1E6E}" = CCC Help Swedish
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3513D67C-9B77-6242-D2B4-8C96D4587B51}" = CCC Help German
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{64A2B0D7-2204-298F-F4ED-B386CAFFA694}" = Catalyst Control Center Localization German
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F04A6FF-7F7B-55E0-C649-C781D27C3515}" = Catalyst Control Center Graphics Full New
"{70455234-B242-88EE-EEC6-5FB8B3C5A68D}" = CCC Help Italian
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{73764932-E12C-1F98-15B9-2B4FAB03C521}" = Skins
"{76E72622-885F-7D3D-D74D-ADFC2D054D4E}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{78FBDFAF-9463-E30B-C19C-DB78ADF7F894}" = CCC Help French
"{7E7AD30F-D34E-1DBB-95F4-6A174127A6A6}" = Catalyst Control Center Graphics Full Existing
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A877662-8051-E928-0CB4-4A6C5FE90EEC}" = CCC Help Dutch
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A050CE7-1EF2-A942-4CAB-7C02E99FFDB0}" = Catalyst Control Center Localization Korean
"{9AE0832C-194D-D1B3-5E93-A45BC14E8D0C}" = Catalyst Control Center Localization Portuguese
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A63769B5-2D2B-518A-55D7-16458D553605}" = CCC Help Portuguese
"{A7965F9D-92AA-5C12-F389-A05339170ACF}" = CCC Help Japanese
"{AB0F54CA-798B-1BF9-AA82-DE78BD3AAE6B}" = Catalyst Control Center Localization Dutch
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B2F3087C-10C9-BAA7-0827-7501AA64588A}" = CCC Help Chinese Standard
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B73F949B-839C-9F5A-2E51-40B2AC3BC779}" = Catalyst Control Center Graphics Previews Vista
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader 1.12
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF98DACA-A3C6-E90C-1FF6-326F7ABF531D}" = ccc-core-static
"{CFE95E33-9B99-9FF5-8051-03E21D955ACF}" = CCC Help English
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D8CF7AE3-1D21-F454-7798-2EA7ED006269}" = CCC Help Chinese Traditional
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E240D2D0-FF54-6B3A-F866-36717C0E068B}" = CCC Help Spanish
"{E257B0A7-3B49-4943-7455-F2E7B09137C8}" = ATI Catalyst Install Manager
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{EA983525-B803-F9C8-9E00-4AD187D597C1}" = ccc-utility
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F08CA874-5735-0EFC-0832-68BDD155A2F3}" = Catalyst Control Center Localization Chinese Traditional
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F273BBCA-68BF-76D7-8666-F8A5B40EA83B}" = Catalyst Control Center Localization French
"{F4A256A6-E670-FEAF-A45A-444DB34CBD5F}" = Catalyst Control Center Graphics Light
"{F73DB365-02E3-1E83-6F55-FDF9596038F5}" = Catalyst Control Center Localization Spanish
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Canon MP490 series Benutzerregistrierung" = Canon MP490 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner (remove only)
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Eigenschaften von Creative Sound Blaster
"EA Download Manager" = EA Download Manager
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"ERUNT_is1" = ERUNT 1.1j
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.8.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live_Germany Toolbar" = Messenger_Plus_Live_Germany Toolbar
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative Systeminformationen
"Uninstall_is1" = Uninstall 1.0.0.1
"Videoload Manager" = Videoload Manager 2.0.2200
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 24.07.2010 16:08:11 | Computer Name = Binas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1465739
Error - 25.07.2010 05:55:26 | Computer Name = Binas-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.07.2010 07:39:42 | Computer Name = Binas-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 25.07.2010 14:54:58 | Computer Name = Binas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 25.07.2010 14:54:58 | Computer Name = Binas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 20981027
Error - 25.07.2010 14:54:58 | Computer Name = Binas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 20981027
Error - 27.07.2010 04:02:43 | Computer Name = Binas-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.07.2010 14:33:51 | Computer Name = Binas-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.07.2010 04:46:40 | Computer Name = Binas-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.07.2010 01:28:17 | Computer Name = Binas-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 06.08.2010 08:41:23 | Computer Name = Binas-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 06.08.2010 12:27:37 | Computer Name = Binas-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 06.08.2010 12:29:13 | Computer Name = Binas-PC | Source = DCOM | ID = 10000
Description =
Error - 07.08.2010 04:31:33 | Computer Name = Binas-PC | Source = DCOM | ID = 10000
Description =
Error - 07.08.2010 04:31:58 | Computer Name = Binas-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 07.08.2010 06:22:42 | Computer Name = Binas-PC | Source = Service Control Manager | ID = 7006
Description =
Error - 08.08.2010 06:16:23 | Computer Name = Binas-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 08.08.2010 06:16:39 | Computer Name = Binas-PC | Source = DCOM | ID = 10000
Description =
Error - 08.08.2010 15:20:03 | Computer Name = Binas-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 08.08.2010 15:20:21 | Computer Name = Binas-PC | Source = DCOM | ID = 10000
Description =
< End of report >
|
|
08.08.2010, 21:24
| #6 |
| | Trojandownloader:Win32/Renos.MQ Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4407 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 08.08.2010 21:28:03 mbam-log-2010-08-08 (21-28-03).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 134731 Laufzeit: 6 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
08.08.2010, 21:44
| #7 |
| /// Selecta Jahrusso | Trojandownloader:Win32/Renos.MQ Schritt 1
Code:
ATTFilter :OTL
IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
O4 - HKLM..\Run: [jswtrayutil] C:\Program Files\Jumpstart\jswtrayutil.exe File not found
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKCU..\Run: [TOSCDSPD] File not found
O33 - MountPoints2\{1d1b84c6-0463-11df-8d8f-b089d68b17ce}\Shell - "" = AutoRun
O33 - MountPoints2\{1d1b84c6-0463-11df-8d8f-b089d68b17ce}\Shell\AutoRun\command - "" = D:\Startme.exe -- File not found
O33 - MountPoints2\{dd2f4e10-01c2-11df-9f9d-001e338a7e55}\Shell - "" = AutoRun
O33 - MountPoints2\{dd2f4e10-01c2-11df-9f9d-001e338a7e55}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{dd2f4e31-01c2-11df-9f9d-001e338a7e55}\Shell - "" = AutoRun
O33 - MountPoints2\{dd2f4e31-01c2-11df-9f9d-001e338a7e55}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
:services
:files
:reg
:Commands
[purity]
[emptytemp]
[reboot]
Schritt 2 ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Wenn der Scan beendet wurde
Schritt 3 Downloade Dir bitte SecurityCheck
Poste den Inhalt bitte hier. Bitte poste in Deiner nächsten Antwort OTLFix Log ESET Log checkup.txt Berichte wie der Rechner läuft
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
08.08.2010, 21:54
| #8 |
| | Trojandownloader:Win32/Renos.MQ All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{542e4d79-1970-4e95-9862-fdb96f61b280} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{542e4d79-1970-4e95-9862-fdb96f61b280}\ deleted successfully. C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\cfFncEnabler.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jswtrayutil deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NDSTray.exe deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\TOSCDSPD deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d1b84c6-0463-11df-8d8f-b089d68b17ce}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d1b84c6-0463-11df-8d8f-b089d68b17ce}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d1b84c6-0463-11df-8d8f-b089d68b17ce}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d1b84c6-0463-11df-8d8f-b089d68b17ce}\ not found. File D:\Startme.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd2f4e10-01c2-11df-9f9d-001e338a7e55}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd2f4e10-01c2-11df-9f9d-001e338a7e55}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd2f4e10-01c2-11df-9f9d-001e338a7e55}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd2f4e10-01c2-11df-9f9d-001e338a7e55}\ not found. File D:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd2f4e31-01c2-11df-9f9d-001e338a7e55}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd2f4e31-01c2-11df-9f9d-001e338a7e55}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd2f4e31-01c2-11df-9f9d-001e338a7e55}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd2f4e31-01c2-11df-9f9d-001e338a7e55}\ not found. File D:\AutoRun.exe not found. ========== SERVICES/DRIVERS ========== ========== FILES ========== ========== REGISTRY ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Sabrina ->Temp folder emptied: 1574564 bytes ->Temporary Internet Files folder emptied: 15023582 bytes ->Java cache emptied: 28463301 bytes ->Opera cache emptied: 28496804 bytes ->Flash cache emptied: 405 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 1564672 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 343840 bytes RecycleBin emptied: 410850 bytes Total Files Cleaned = 72,00 mb OTL by OldTimer - Version 3.2.9.1 log created on 08082010_224833 Files\Folders moved on Reboot... C:\Users\Sabrina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. Registry entries deleted on Reboot... |
|
09.08.2010, 17:56
| #9 |
| | Trojandownloader:Win32/Renos.MQ OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.08.2010 18:53:38 - Run 3 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Sabrina\Desktop\MFTools Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,29 Gb Total Space | 36,88 Gb Free Space | 31,72% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 115,13 Gb Total Space | 109,97 Gb Free Space | 95,52% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BINAS-PC Current User Name: Sabrina Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.08.08 21:36:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Sabrina\Desktop\MFTools\OTL.exe PRC - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.12.08 15:51:52 | 000,774,144 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe PRC - [2009.07.27 04:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.02.23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe PRC - [2008.11.24 15:01:12 | 000,237,693 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe PRC - [2008.04.24 10:22:10 | 000,103,824 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe PRC - [2008.04.24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe PRC - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe PRC - [2008.04.08 15:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.03.19 14:35:42 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe PRC - [2008.01.25 14:33:50 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe PRC - [2008.01.17 17:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe PRC - [2008.01.17 17:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe PRC - [2007.12.03 18:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe PRC - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe PRC - [2007.07.23 16:43:42 | 000,057,344 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe ========== Modules (SafeList) ========== MOD - [2010.08.08 21:36:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Sabrina\Desktop\MFTools\OTL.exe MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.11.21 14:55:58 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2009.11.14 13:37:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009.09.23 17:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R) SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) SRV - [2009.02.23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2008.04.24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService) SRV - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.17 17:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2007.12.03 18:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service) SRV - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) SRV - [2007.10.30 01:35:40 | 000,937,984 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (igfx) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.10.15 18:14:38 | 000,024,352 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SipIMNDI.sys -- (SipIMNDI) DRV - [2009.09.16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2009.09.16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk) DRV - [2009.05.25 14:35:00 | 000,116,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029unic.sys -- (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM) DRV - [2009.05.25 14:34:56 | 000,122,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdm.sys -- (s1029mdm) DRV - [2009.05.25 14:34:56 | 000,090,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029bus.sys -- (s1029bus) Sony Ericsson Device 1029 driver (WDM) DRV - [2009.05.25 14:34:56 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdfl.sys -- (s1029mdfl) DRV - [2009.05.25 14:34:54 | 000,115,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mgmt.sys -- (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM) DRV - [2009.05.25 14:34:54 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029obex.sys -- (s1029obex) DRV - [2009.05.25 14:34:54 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029nd5.sys -- (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.20 10:41:38 | 000,804,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ksaud.sys -- (ksaud) DRV - [2009.04.11 06:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2008.07.18 19:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32) DRV - [2008.04.18 01:54:16 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.04.15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2008.04.15 10:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.04.09 18:00:04 | 002,095,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008.04.08 02:24:20 | 003,548,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.02.15 18:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007.12.06 18:12:48 | 000,196,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2007.11.09 15:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ) DRV - [2007.08.31 18:43:32 | 000,020,352 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf) DRV - [2007.07.30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.07.30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.11.20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.10.23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec) DRV - [2006.10.18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2005.01.19 11:14:38 | 000,211,712 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Labtec WebCam(PID_0928) DRV - [2005.01.19 11:11:16 | 000,022,016 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA; IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA; IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.07 12:20:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.09 18:05:56 | 000,000,000 | ---D | M] [2010.08.06 22:12:33 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\mozilla\Extensions [2010.08.09 18:53:15 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\mozilla\Profiles\vg0focgc.Standard-Benutzer\extensions [2010.08.09 18:53:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sabrina\AppData\Roaming\mozilla\Profiles\vg0focgc.Standard-Benutzer\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.09 18:53:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sabrina\AppData\Roaming\mozilla\Profiles\vg0focgc.Standard-Benutzer\extensions\{20a82645-c095-46ed-80e3-08825760534b}-trash [2010.08.09 18:53:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sabrina\AppData\Roaming\mozilla\Profiles\vg0focgc.Standard-Benutzer\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.08.09 18:53:15 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Sabrina\AppData\Roaming\mozilla\Profiles\vg0focgc.Standard-Benutzer\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}-trash [2010.08.09 18:42:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009.07.15 22:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.03.29 21:23:03 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.08.09 17:36:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.08.09 17:36:09 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.08.09 18:05:30 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (no name) - {542e4d79-1970-4e95-9862-fdb96f61b280} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {542e4d79-1970-4e95-9862-fdb96f61b280} - No CLSID value found. O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {542E4D79-1970-4E95-9862-FDB96F61B280} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [Creative SB Monitoring Utility] C:\Windows\System32\SBAVMon.dll (Creative Technology Ltd.) O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe File not found O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Module Loader] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH) O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found O4 - HKCU..\Run: [EPSON Stylus D78 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB) O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found O24 - Desktop WallPaper: C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010.08.09 18:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group [2010.08.09 18:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software [2010.08.09 17:55:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.08.09 17:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010.08.09 17:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010.08.08 22:48:33 | 000,000,000 | ---D | C] -- C:\_OTL [2010.08.08 22:24:39 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\Desktop\Musik [2010.08.08 21:39:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.08.08 21:36:23 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\Desktop\MFTools [2010.08.08 21:00:47 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Roaming\Malwarebytes [2010.08.08 21:00:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.08.08 21:00:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.08.08 21:00:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.08.08 21:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.07 15:42:25 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Roaming\Avira [2010.08.07 12:22:25 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.08.07 12:22:25 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010.08.07 12:22:24 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.08.07 12:22:24 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010.08.07 12:22:24 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010.08.07 12:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.08.07 12:22:21 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2010.07.03 13:19:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan [2010.07.03 13:18:45 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Roaming\Canon [2010.07.03 12:59:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV [2010.07.02 22:17:51 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Local\Canon Easy-PhotoPrint EX [2010.07.02 22:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON [2010.07.02 22:09:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2010.07.02 22:08:48 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information [2010.07.02 22:07:02 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ [2010.07.02 22:04:55 | 000,000,000 | ---D | C] -- C:\Program Files\Canon [2010.06.26 09:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2010.06.05 19:40:15 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2010.05.15 09:43:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010.05.15 09:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010.05.15 09:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour ========== Files - Modified Within 90 Days ========== [2010.08.09 18:53:23 | 002,359,296 | -HS- | M] () -- C:\Users\Sabrina\ntuser.dat [2010.08.09 18:41:10 | 000,001,022 | ---- | M] () -- C:\Users\Sabrina\Desktop\Revo Uninstaller.lnk [2010.08.09 18:06:07 | 000,000,988 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2010.08.09 17:49:54 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.09 17:49:54 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.09 17:49:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.09 17:49:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.09 17:45:03 | 000,524,288 | -HS- | M] () -- C:\Users\Sabrina\ntuser.dat{0a43c97a-cf3b-11de-9b5a-001e338a7e55}.TMContainer00000000000000000001.regtrans-ms [2010.08.09 17:45:03 | 000,065,536 | -HS- | M] () -- C:\Users\Sabrina\ntuser.dat{0a43c97a-cf3b-11de-9b5a-001e338a7e55}.TM.blf [2010.08.09 17:45:02 | 004,368,769 | -H-- | M] () -- C:\Users\Sabrina\AppData\Local\IconCache.db [2010.08.08 21:00:42 | 000,000,783 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.07 12:22:30 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.08.06 22:11:30 | 000,001,689 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.07.25 23:25:32 | 000,007,876 | ---- | M] () -- C:\Users\Sabrina\AppData\Roaming\wklnhst.dat [2010.07.02 22:45:27 | 000,054,784 | ---- | M] () -- C:\Users\Sabrina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.02 22:16:55 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.07.02 22:16:55 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.07.02 22:16:55 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.07.02 22:16:55 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.07.02 22:16:55 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.06.27 21:09:52 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 3 Traumkarrieren.lnk [2010.06.12 11:42:14 | 000,347,528 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.06.07 04:03:06 | 000,000,680 | ---- | M] () -- C:\Users\Sabrina\AppData\Local\d3d9caps.dat [2010.05.15 09:44:27 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk ========== Files Created - No Company Name ========== [2010.08.09 18:41:10 | 000,001,022 | ---- | C] () -- C:\Users\Sabrina\Desktop\Revo Uninstaller.lnk [2010.08.09 18:06:07 | 000,000,988 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2010.08.09 17:41:54 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2010.08.08 21:00:42 | 000,000,783 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.07 12:22:30 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.08.06 22:11:30 | 000,001,689 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.07.02 22:08:23 | 000,012,544 | ---- | C] () -- C:\Windows\System32\CNC173CD.TBL [2010.06.27 21:09:52 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 3 Traumkarrieren.lnk [2010.05.15 09:44:27 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2009.11.14 14:23:01 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2009.11.14 14:23:01 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2009.11.14 13:48:23 | 000,033,120 | R--- | C] () -- C:\Windows\System32\kschimp.ini [2009.11.14 13:48:23 | 000,000,029 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini [2009.08.10 10:38:48 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll [2009.08.10 10:36:57 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.08.01 11:39:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.05.10 21:08:50 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.02.24 14:51:30 | 000,028,635 | ---- | C] () -- C:\Windows\System32\ksaud.ini [2009.02.01 17:36:21 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2008.08.28 14:06:52 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.08.28 14:06:52 | 000,585,728 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.08.04 12:30:01 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll [2008.07.03 11:34:43 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2008.07.03 11:27:11 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.07.03 10:48:03 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.07.03 09:57:12 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.01.19 09:30:54 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini ========== LOP Check ========== [2010.02.14 18:52:23 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Amazon [2009.09.12 21:24:39 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Audacity [2010.07.03 13:19:02 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Canon [2009.04.19 14:25:05 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\gtk-2.0 [2009.02.24 17:18:02 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Inkscape [2009.08.10 13:01:27 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\MAGIX [2009.06.13 09:58:47 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Opera [2010.01.18 22:12:01 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Sony [2010.01.18 21:54:05 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Sony Setup [2009.08.08 14:21:22 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Teleca [2010.07.03 13:10:37 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Template [2009.02.23 12:25:47 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Toshiba [2010.08.09 17:45:29 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Edit: sorry, war vor dem Neustart.. |
|
09.08.2010, 18:06
| #10 |
| | Trojandownloader:Win32/Renos.MQ OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.08.2010 19:01:40 - Run 4 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Sabrina\Desktop\MFTools Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 75,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,29 Gb Total Space | 36,90 Gb Free Space | 31,73% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 115,13 Gb Total Space | 109,97 Gb Free Space | 95,52% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BINAS-PC Current User Name: Sabrina Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.08.08 21:36:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Sabrina\Desktop\MFTools\OTL.exe PRC - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.12.08 15:51:52 | 000,774,144 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe PRC - [2009.07.27 04:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.03.18 03:40:00 | 000,767,312 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE PRC - [2009.02.23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe PRC - [2008.11.24 15:01:12 | 000,237,693 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe PRC - [2008.04.24 10:22:10 | 000,103,824 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe PRC - [2008.04.24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe PRC - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe PRC - [2008.04.08 15:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.03.19 14:35:42 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe PRC - [2008.01.25 14:33:50 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe PRC - [2008.01.17 17:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe PRC - [2008.01.17 17:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe PRC - [2008.01.11 04:07:52 | 000,574,864 | ---- | M] (Toshiba) -- C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe PRC - [2007.12.03 18:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe PRC - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe PRC - [2007.07.23 16:43:42 | 000,057,344 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe ========== Modules (SafeList) ========== MOD - [2010.08.08 21:36:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Sabrina\Desktop\MFTools\OTL.exe MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.11.21 14:55:58 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2009.11.14 13:37:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009.09.23 17:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R) SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) SRV - [2009.02.23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2008.04.24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService) SRV - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.17 17:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2007.12.03 18:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service) SRV - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) SRV - [2007.10.30 01:35:40 | 000,937,984 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (igfx) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.10.15 18:14:38 | 000,024,352 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SipIMNDI.sys -- (SipIMNDI) DRV - [2009.09.16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2009.09.16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk) DRV - [2009.05.25 14:35:00 | 000,116,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029unic.sys -- (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM) DRV - [2009.05.25 14:34:56 | 000,122,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdm.sys -- (s1029mdm) DRV - [2009.05.25 14:34:56 | 000,090,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029bus.sys -- (s1029bus) Sony Ericsson Device 1029 driver (WDM) DRV - [2009.05.25 14:34:56 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdfl.sys -- (s1029mdfl) DRV - [2009.05.25 14:34:54 | 000,115,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mgmt.sys -- (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM) DRV - [2009.05.25 14:34:54 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029obex.sys -- (s1029obex) DRV - [2009.05.25 14:34:54 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029nd5.sys -- (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.20 10:41:38 | 000,804,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ksaud.sys -- (ksaud) DRV - [2009.04.11 06:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2008.07.18 19:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32) DRV - [2008.04.18 01:54:16 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.04.15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2008.04.15 10:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.04.09 18:00:04 | 002,095,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008.04.08 02:24:20 | 003,548,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.02.15 18:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007.12.06 18:12:48 | 000,196,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2007.11.09 15:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ) DRV - [2007.08.31 18:43:32 | 000,020,352 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf) DRV - [2007.07.30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.07.30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.11.20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.10.23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec) DRV - [2006.10.18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2005.01.19 11:14:38 | 000,211,712 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Labtec WebCam(PID_0928) DRV - [2005.01.19 11:11:16 | 000,022,016 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA; IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA; IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.07 12:20:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.09 18:05:56 | 000,000,000 | ---D | M] [2010.08.06 22:12:33 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\mozilla\Extensions [2010.08.09 18:53:15 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\mozilla\Profiles\vg0focgc.Standard-Benutzer\extensions [2010.08.09 18:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sabrina\AppData\Roaming\mozilla\Profiles\vg0focgc.Standard-Benutzer\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.09 18:53:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sabrina\AppData\Roaming\mozilla\Profiles\vg0focgc.Standard-Benutzer\extensions\{20a82645-c095-46ed-80e3-08825760534b}-trash [2010.08.09 18:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sabrina\AppData\Roaming\mozilla\Profiles\vg0focgc.Standard-Benutzer\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.08.09 18:53:15 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Sabrina\AppData\Roaming\mozilla\Profiles\vg0focgc.Standard-Benutzer\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}-trash [2010.08.09 18:42:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009.07.15 22:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.03.29 21:23:03 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.08.09 17:36:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.08.09 17:36:09 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.08.09 18:05:30 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (no name) - {542e4d79-1970-4e95-9862-fdb96f61b280} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {542e4d79-1970-4e95-9862-fdb96f61b280} - No CLSID value found. O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {542E4D79-1970-4E95-9862-FDB96F61B280} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [Creative SB Monitoring Utility] C:\Windows\System32\SBAVMon.dll (Creative Technology Ltd.) O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe File not found O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Module Loader] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH) O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found O4 - HKCU..\Run: [EPSON Stylus D78 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB) O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found O24 - Desktop WallPaper: C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010.08.09 18:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group [2010.08.09 18:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software [2010.08.09 17:55:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.08.09 17:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010.08.09 17:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010.08.08 22:48:33 | 000,000,000 | ---D | C] -- C:\_OTL [2010.08.08 22:24:39 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\Desktop\Musik [2010.08.08 21:39:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.08.08 21:36:23 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\Desktop\MFTools [2010.08.08 21:00:47 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Roaming\Malwarebytes [2010.08.08 21:00:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.08.08 21:00:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.08.08 21:00:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.08.08 21:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.07 15:42:25 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Roaming\Avira [2010.08.07 12:22:25 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.08.07 12:22:25 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010.08.07 12:22:24 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.08.07 12:22:24 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010.08.07 12:22:24 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010.08.07 12:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.08.07 12:22:21 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2010.07.03 13:19:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan [2010.07.03 13:18:45 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Roaming\Canon [2010.07.03 12:59:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV [2010.07.02 22:17:51 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Local\Canon Easy-PhotoPrint EX [2010.07.02 22:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON [2010.07.02 22:09:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2010.07.02 22:08:48 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information [2010.07.02 22:07:02 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ [2010.07.02 22:04:55 | 000,000,000 | ---D | C] -- C:\Program Files\Canon [2010.06.26 09:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2010.06.05 19:40:15 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2010.05.15 09:43:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010.05.15 09:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010.05.15 09:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour ========== Files - Modified Within 90 Days ========== [2010.08.09 19:02:43 | 002,359,296 | -HS- | M] () -- C:\Users\Sabrina\ntuser.dat [2010.08.09 18:59:56 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.09 18:59:55 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.09 18:59:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.09 18:59:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.09 18:58:23 | 000,524,288 | -HS- | M] () -- C:\Users\Sabrina\ntuser.dat{0a43c97a-cf3b-11de-9b5a-001e338a7e55}.TMContainer00000000000000000001.regtrans-ms [2010.08.09 18:58:23 | 000,065,536 | -HS- | M] () -- C:\Users\Sabrina\ntuser.dat{0a43c97a-cf3b-11de-9b5a-001e338a7e55}.TM.blf [2010.08.09 18:58:16 | 004,348,388 | -H-- | M] () -- C:\Users\Sabrina\AppData\Local\IconCache.db [2010.08.09 18:41:10 | 000,001,022 | ---- | M] () -- C:\Users\Sabrina\Desktop\Revo Uninstaller.lnk [2010.08.09 18:06:07 | 000,000,988 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2010.08.08 21:00:42 | 000,000,783 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.07 12:22:30 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.08.06 22:11:30 | 000,001,689 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.07.25 23:25:32 | 000,007,876 | ---- | M] () -- C:\Users\Sabrina\AppData\Roaming\wklnhst.dat [2010.07.02 22:45:27 | 000,054,784 | ---- | M] () -- C:\Users\Sabrina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.02 22:16:55 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.07.02 22:16:55 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.07.02 22:16:55 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.07.02 22:16:55 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.07.02 22:16:55 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.06.27 21:09:52 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 3 Traumkarrieren.lnk [2010.06.12 11:42:14 | 000,347,528 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.06.07 04:03:06 | 000,000,680 | ---- | M] () -- C:\Users\Sabrina\AppData\Local\d3d9caps.dat [2010.05.15 09:44:27 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk ========== Files Created - No Company Name ========== [2010.08.09 18:41:10 | 000,001,022 | ---- | C] () -- C:\Users\Sabrina\Desktop\Revo Uninstaller.lnk [2010.08.09 18:06:07 | 000,000,988 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2010.08.09 17:41:54 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2010.08.08 21:00:42 | 000,000,783 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.07 12:22:30 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.08.06 22:11:30 | 000,001,689 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.07.02 22:08:23 | 000,012,544 | ---- | C] () -- C:\Windows\System32\CNC173CD.TBL [2010.06.27 21:09:52 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 3 Traumkarrieren.lnk [2010.05.15 09:44:27 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2009.11.14 14:23:01 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2009.11.14 14:23:01 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2009.11.14 13:48:23 | 000,033,120 | R--- | C] () -- C:\Windows\System32\kschimp.ini [2009.11.14 13:48:23 | 000,000,029 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini [2009.08.10 10:38:48 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll [2009.08.10 10:36:57 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.08.01 11:39:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.05.10 21:08:50 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.02.24 14:51:30 | 000,028,635 | ---- | C] () -- C:\Windows\System32\ksaud.ini [2009.02.01 17:36:21 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2008.08.28 14:06:52 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.08.28 14:06:52 | 000,585,728 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.08.04 12:30:01 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll [2008.07.03 11:34:43 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2008.07.03 11:27:11 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.07.03 10:48:03 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.07.03 09:57:12 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.01.19 09:30:54 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini ========== LOP Check ========== [2010.02.14 18:52:23 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Amazon [2009.09.12 21:24:39 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Audacity [2010.07.03 13:19:02 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Canon [2009.04.19 14:25:05 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\gtk-2.0 [2009.02.24 17:18:02 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Inkscape [2009.08.10 13:01:27 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\MAGIX [2009.06.13 09:58:47 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Opera [2010.01.18 22:12:01 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Sony [2010.01.18 21:54:05 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Sony Setup [2009.08.08 14:21:22 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Teleca [2010.07.03 13:10:37 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Template [2009.02.23 12:25:47 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Toshiba [2010.08.09 18:58:24 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Jetzt aber richtig  |
|
09.08.2010, 18:58
| #11 |
| /// Selecta Jahrusso | Trojandownloader:Win32/Renos.MQ Logfile ist sauber  Hier noch die letzten paar Schritte zur Säuberung Deines Rechners. Schritt 1
Code:
ATTFilter :OTL
[2010.08.09 18:53:15 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Sabrina\AppData\Roaming\mozilla\Profiles\vg0focgc.Standard-Benutzer\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}-trash
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
[2010.06.05 19:40:15 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
:services
:files
:reg
:Commands
[purity]
[emptytemp]
[reboot]
Schritt 2 Systemwiederherstellungpunkte leeren Windows +E Taste drücken --> Rechtsklick über Laufwerk C --> Eigenschaften --> Bereinigen --> weitere Optionen --> Systemwiederherstellung und Schattenkopien bereinigen. Schritt 3 Tool CleanUp Starte bitte die OTL.exe. Klicke nun auf den Bereinigung Button. Dies wird die meisten Tools und Logfiles entfernen. Sollte denoch etwas bestehen bleiben, bitte manuell entfernen sowie den Papierkorb leeren. Schritt 4 Automatische Updates Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten. Windows + R Taste drücken. Kopiere nun folgenden Text in die Kommandozeile RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl und klicke auf OK. Stelle sicher das die automatischen Updates aktiviert sind. Schritt 5 Um Dich für die Zukunft vor weiteren Infizierungen zu schützen empfehle ich Dir noch ein paar Programme.
Schritt 6 Tipps für sicheres Surfen Das sind meine Vorschläge. Verwende einen alternativen Browser statt den IE. Ich empfehle Mozilla Firefox. Für Firefox gibt es verschiedenste AddOns um sicher durch das WWW zu kommen.
Don'ts
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
09.08.2010, 19:37
| #12 |
| | Trojandownloader:Win32/Renos.MQ Hab mir jetzt alles besorgt und denke es ist alles erledigt. Habe allerdings noch ein paar Fragen: Muss ich alle Passwörter ändern und wird mir jetzt noch etwas passieren? Reicht Antivir zusätzlich aus? Vielen, vielen Dank für die Hilfe!!! |
|
09.08.2010, 20:38
| #13 |
| /// Selecta Jahrusso | Trojandownloader:Win32/Renos.MQ Passwörter sollte man sowieso in regelmäßigen Abständen ändern Ja, Nur ein VirenScanner. Die Tools von mir machen was anderes. Froh das wir helfen konnten.  Dieses Thema scheint erledigt und wird aus den Abos gelöscht. Solltest Du das Thema erneut benötigen, bitte eine PN an mich. Jeder andere möge bitte einen eigenen Thread starten.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
| Themen zu Trojandownloader:Win32/Renos.MQ |
| .dll, anti-malware, appdata, bösartige, dateien, downloader, ergebnis, explorer, handle, hoffe, local\temp, malwarebytes, microsoft, minute, process, riesen, roaming, service, tasks, temp, trojan.fakealert, trojandownloader, version, vista, win, windows vista, windows-defender |
Textbox.
.
Button.
Hybrid-Darstellung
