Autorun.inf USB Probleme - Avira

trojana · 10.10.2010, 14:11

Ich Grüsse euch erst mal, hab ein problem mit Avira der ständig warnung zeigt wenn ich usb rein stecke oder SD karte, ich hoffe ihr könnt mir weiter hilfen.

Code:

ATTFilter

ComboFix 10-10-09.04 - Toshiba 10.10.2010  14:42:48.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.2038.1193 [GMT 2:00]
ausgeführt von:: c:\users\Toshiba\Desktop\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Toshiba\AppData\Local\Temp\978B.tmp
c:\users\Toshiba\AppData\Roaming\logs.dat
c:\users\Toshiba\AppData\Roaming\Microsoft\Run.exe
c:\users\Toshiba\AppData\Roaming\Microsoft\taskmgr.exe
c:\users\Toshiba\AppData\Roaming\qghumeaylnlfdxfircvs85.exe
c:\users\Toshiba\AppData\Roaming\taskeng.exe
c:\users\Toshiba\AppData\Roaming\taskmgr.exe

.
(((((((((((((((((((((((   Dateien erstellt von 2010-09-10 bis 2010-10-10  ))))))))))))))))))))))))))))))
.

2010-10-09 20:26 . 2010-10-09 20:26	--------	d-----w-	c:\program files\Boilsoft Video Splitter
2010-10-09 19:59 . 2010-10-09 19:59	--------	d-----w-	c:\users\Toshiba\AppData\Roaming\Boilsoft
2010-10-09 19:42 . 2010-10-09 19:42	--------	d-----w-	c:\program files\Haali
2010-10-08 21:17 . 2010-10-08 21:17	--------	d-----w-	c:\users\Toshiba\AppData\Roaming\Avira
2010-10-08 16:21 . 2010-09-09 22:52	6084944	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D2177659-06D0-468B-95F5-8D1E409B9A8B}\mpengine.dll
2010-10-08 15:52 . 2010-10-08 15:52	--------	d-----w-	c:\programdata\Avira
2010-10-08 15:52 . 2010-10-08 15:52	--------	d-----w-	c:\program files\Avira
2010-10-08 15:52 . 2010-03-01 08:05	124784	----a-w-	c:\windows\system32\drivers\avipbb.sys
2010-10-08 15:52 . 2010-02-16 12:24	60936	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2010-10-08 15:52 . 2009-05-11 10:49	51992	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2010-10-08 15:52 . 2009-05-11 10:49	17016	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2010-10-08 07:49 . 2010-10-08 07:49	--------	d-----w-	c:\program files\Emicsoft Studio
2010-10-08 06:03 . 2010-10-09 20:10	--------	d-----w-	C:\Downloads
2010-10-08 06:03 . 2010-10-08 06:03	--------	d-----w-	c:\users\Toshiba\AppData\Roaming\FlashGet
2010-10-08 06:03 . 2010-10-08 06:03	--------	d-----w-	c:\program files\FlashGet
2010-10-07 01:18 . 2010-10-07 01:18	--------	d-----w-	C:\Neuer Ordner
2010-10-07 00:52 . 2010-09-08 07:09	108032	----a-w-	c:\windows\system32\ff_vfw.dll
2010-10-07 00:52 . 2010-09-08 07:07	50688	----a-w-	c:\windows\system32\ff_acm.acm
2010-10-06 21:49 . 2010-10-07 01:19	--------	d-----w-	c:\programdata\QuickMediaConverter
2010-10-06 21:48 . 2010-10-06 21:48	--------	d-----w-	c:\users\Toshiba\AppData\Roaming\CocoonSoftware
2010-10-06 21:48 . 2010-10-07 01:19	--------	d-----w-	c:\program files\QuickMediaConverter
2010-10-06 21:48 . 2010-10-06 21:48	--------	d-----w-	c:\users\Toshiba\AppData\Local\WDSetup
2010-10-06 16:37 . 2010-10-07 00:54	--------	d-----w-	c:\users\Toshiba\AppData\Roaming\Leawo
2010-10-06 16:37 . 2009-08-16 15:08	178176	----a-w-	c:\windows\system32\unrar.dll
2010-10-06 16:37 . 2010-10-06 16:37	--------	d-----w-	c:\program files\K-Lite Codec Pack
2010-10-06 16:36 . 2010-10-07 00:54	--------	d-----w-	c:\program files\Leawo
2010-10-06 16:28 . 2010-10-06 16:28	--------	d-----w-	c:\program files\Common Files\SWF Studio
2010-10-06 16:27 . 2010-10-06 16:27	--------	d-----w-	c:\program files\Riva
2010-10-06 14:49 . 2010-10-06 14:49	--------	d-----w-	c:\users\Toshiba\AppData\Roaming\Sony Ericsson
2010-10-06 14:43 . 2010-10-06 14:43	--------	d-----w-	c:\program files\Common Files\Adobe
2010-10-04 19:40 . 2010-10-04 19:40	--------	d-----w-	c:\programdata\PC Drivers HeadQuarters
2010-10-04 19:38 . 2010-10-04 19:38	--------	d-----w-	C:\Intel
2010-10-04 19:23 . 2010-10-04 19:23	--------	d-----w-	c:\users\Toshiba\AppData\Roaming\Sony Corporation
2010-10-04 15:58 . 2007-07-19 16:14	3727720	----a-w-	c:\windows\system32\d3dx9_35.dll
2010-10-03 22:37 . 2010-10-03 22:37	--------	d-----w-	c:\program files\Microsoft
2010-10-03 22:36 . 2010-10-03 22:36	--------	d-----w-	c:\program files\Windows Live SkyDrive
2010-10-03 22:36 . 2010-10-03 22:36	--------	d-----w-	c:\windows\PCHEALTH
2010-10-02 19:43 . 2010-10-03 20:00	--------	dc----w-	c:\windows\system32\DRVSTORE
2010-10-02 19:40 . 2009-09-04 15:44	69464	----a-w-	c:\windows\system32\XAPOFX1_3.dll
2010-10-02 19:40 . 2009-09-04 15:44	515416	----a-w-	c:\windows\system32\XAudio2_5.dll
2010-10-02 19:40 . 2009-09-04 15:29	453456	----a-w-	c:\windows\system32\d3dx10_42.dll
2010-10-02 19:40 . 2006-11-29 11:06	3426072	----a-w-	c:\windows\system32\d3dx9_32.dll
2010-10-02 19:39 . 2010-10-02 19:39	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-10-02 19:39 . 2010-08-11 04:44	2983424	----a-w-	c:\windows\system32\UIRibbon.dll
2010-10-02 19:39 . 2010-08-11 04:35	1164800	----a-w-	c:\windows\system32\UIRibbonRes.dll
2010-10-02 19:38 . 2010-05-23 10:11	196608	----a-w-	c:\windows\system32\mfreadwrite.dll
2010-10-02 19:38 . 2010-05-23 10:15	1619456	----a-w-	c:\windows\system32\WMVDECOD.DLL
2010-10-02 19:38 . 2010-05-23 10:11	3181568	----a-w-	c:\windows\system32\mf.dll
2010-10-02 19:37 . 2010-10-02 19:37	15712	----a-w-	c:\program files\Common Files\Windows Live\.cache\4167a9321cb626914\MeshBetaRemover.exe
2010-10-02 19:37 . 2010-10-02 19:37	94040	----a-w-	c:\program files\Common Files\Windows Live\.cache\3d10c1f31cb626913\DSETUP.dll
2010-10-02 19:37 . 2010-10-02 19:37	525656	----a-w-	c:\program files\Common Files\Windows Live\.cache\3d10c1f31cb626913\DXSETUP.exe
2010-10-02 19:37 . 2010-10-02 19:37	1691480	----a-w-	c:\program files\Common Files\Windows Live\.cache\3d10c1f31cb626913\dsetup32.dll
2010-10-02 19:37 . 2010-10-02 19:37	94040	----a-w-	c:\program files\Common Files\Windows Live\.cache\397286ee1cb626912\DSETUP.dll
2010-10-02 19:37 . 2010-10-02 19:37	525656	----a-w-	c:\program files\Common Files\Windows Live\.cache\397286ee1cb626912\DXSETUP.exe
2010-10-02 19:37 . 2010-10-02 19:37	1691480	----a-w-	c:\program files\Common Files\Windows Live\.cache\397286ee1cb626912\dsetup32.dll
2010-10-02 19:36 . 2010-10-02 19:36	6260088	----a-w-	c:\program files\Common Files\Windows Live\.cache\170fa9891cb62690e\Silverlight.4.0.exe
2010-10-02 19:34 . 2010-10-02 22:44	--------	d-----w-	c:\users\Toshiba\AppData\Local\Windows Live
2010-09-28 08:33 . 2010-09-28 08:33	--------	d-----w-	c:\users\Toshiba\AppData\Local\Shareaza
2010-09-28 08:33 . 2010-09-28 09:00	--------	d-----w-	c:\users\Toshiba\AppData\Roaming\Shareaza
2010-09-28 08:33 . 2010-09-28 15:27	--------	d-----w-	c:\program files\Shareaza
2010-09-26 20:28 . 2010-10-06 17:31	--------	d-----w-	C:\TEMP
2010-09-26 20:20 . 2010-09-26 20:34	--------	d-----w-	c:\program files\IrfanView
2010-09-26 09:26 . 2010-10-08 16:25	--------	d-----w-	c:\program files\Windows Live Safety Center
2010-09-22 16:10 . 2010-09-22 16:10	103864	----a-w-	c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-09-22 11:11 . 2010-09-22 11:11	825640	----a-w-	c:\program files\Common Files\Windows Live\.cache\474201d31cb626915\OEM\Packages\default\SearchEnhancementPackSetup.EXE
2010-09-22 01:09 . 2010-10-07 19:07	--------	d-----w-	c:\users\Toshiba\AppData\Roaming\vlc
2010-09-22 01:08 . 2010-09-22 01:08	--------	d-----w-	c:\program files\VideoLAN
2010-09-21 10:18 . 2010-09-21 10:34	--------	d-----w-	c:\users\Toshiba\AppData\Roaming\PSpad
2010-09-21 10:18 . 2010-09-21 10:18	--------	d-----w-	c:\program files\PSPad editor
2010-09-21 10:09 . 2010-09-21 10:10	--------	d-----w-	c:\users\Toshiba\AppData\Roaming\Paltalk
2010-09-21 10:09 . 2010-09-21 10:09	--------	d-----w-	c:\program files\Paltalk Messenger
2010-09-21 10:09 . 2010-09-21 10:09	--------	d-----w-	c:\windows\PaltalkScene
2010-09-20 21:53 . 2010-10-09 23:51	--------	d-----w-	c:\users\Toshiba\AppData\Roaming\gtk-2.0
2010-09-20 21:48 . 2010-09-20 21:48	--------	d-----w-	c:\users\Toshiba\.thumbnails
2010-09-20 21:47 . 2010-10-10 06:35	--------	d-----w-	c:\users\Toshiba\.gimp-2.6
2010-09-20 21:41 . 2010-09-20 21:41	--------	d-----w-	c:\program files\GIMP-2.0
2010-09-20 20:30 . 2010-10-06 14:43	--------	d-----w-	c:\users\Toshiba\AppData\Local\Adobe
2010-09-20 19:58 . 2010-10-09 21:42	--------	d-----w-	c:\users\Toshiba\AppData\Roaming\FileZilla
2010-09-20 19:57 . 2010-10-05 13:13	--------	d-----w-	c:\program files\FileZilla FTP Client
2010-09-20 10:39 . 2010-09-20 10:39	--------	d-----w-	c:\program files\Common Files\xing shared
2010-09-20 10:39 . 2010-09-20 10:39	569397	----a-w-	c:\program files\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll
2010-09-20 10:39 . 2010-09-20 10:39	499712	----a-w-	c:\windows\system32\msvcp71.dll
2010-09-20 10:39 . 2010-09-20 10:39	348160	----a-w-	c:\windows\system32\msvcr71.dll
2010-09-20 10:39 . 2010-09-20 10:39	--------	d-----w-	c:\program files\Real
2010-09-20 10:39 . 2010-09-20 10:39	--------	d-----w-	c:\program files\Common Files\Real
2010-09-19 20:07 . 2010-10-10 12:07	--------	d-----w-	c:\users\Toshiba\AppData\Roaming\skypePM
2010-09-19 20:05 . 2010-10-10 12:42	--------	d-----w-	c:\users\Toshiba\AppData\Roaming\Skype
2010-09-19 20:05 . 2010-09-19 20:05	--------	d-----r-	c:\program files\Skype
2010-09-19 20:05 . 2010-09-19 20:05	--------	d-----w-	c:\program files\Common Files\Skype
2010-09-19 20:05 . 2010-09-19 20:05	--------	d-----w-	c:\programdata\Skype
2010-09-19 18:45 . 2010-09-22 19:05	--------	d-----w-	c:\users\Toshiba\AppData\Roaming\DivX
2010-09-19 18:45 . 2010-09-19 18:45	--------	d-----w-	c:\program files\Common Files\PX Storage Engine
2010-09-19 18:44 . 2010-09-19 18:44	--------	d-----w-	c:\program files\Common Files\DivX Shared
2010-09-19 18:44 . 2010-09-19 18:45	--------	d-----w-	c:\program files\DivX
2010-09-19 18:43 . 2010-09-19 18:45	--------	d-----w-	c:\programdata\DivX
2010-09-19 17:10 . 2010-09-19 17:11	--------	d-----w-	c:\users\Toshiba\AppData\Local\Microsoft Games
2010-09-19 09:32 . 2010-09-19 09:32	--------	d-----w-	c:\users\Toshiba\AppData\Roaming\OpenOffice.org
2010-09-19 09:30 . 2010-09-19 09:30	--------	d-----w-	c:\program files\JRE
2010-09-19 09:30 . 2010-09-19 09:30	--------	d-----w-	c:\program files\OpenOffice.org 3
2010-09-19 09:30 . 2010-09-19 09:30	--------	d-----w-	c:\program files\Common Files\Java
2010-09-19 09:30 . 2010-09-19 09:30	411368	----a-w-	c:\windows\system32\deployJava1.dll
2010-09-19 09:29 . 2010-09-19 09:29	--------	d-----w-	c:\program files\Java
2010-09-14 16:11 . 2010-09-14 16:11	--------	d-----w-	c:\users\Toshiba\AppData\Local\Diagnostics
2010-09-13 21:32 . 2010-10-08 23:04	--------	d-----w-	c:\users\Toshiba\AppData\Local\Google
2010-09-13 21:32 . 2010-09-29 17:16	--------	d-----w-	c:\program files\Google
2010-09-13 21:32 . 2010-09-13 21:32	--------	d-----w-	c:\windows\system32\Macromed
2010-09-10 13:42 . 2010-10-08 15:10	--------	d-----w-	c:\users\Toshiba\AppData\Roaming\install

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-29 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-09-20 202256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-13 136176]
R3 sembbus;SEMC WMC Composite Device driver (WDM);c:\windows\system32\DRIVERS\sembbus.sys [2008-02-06 260992]
R3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM);c:\windows\system32\DRIVERS\sembcard.sys [2008-02-06 337408]
R3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter;c:\windows\system32\DRIVERS\sembmdfl2.sys [2008-02-06 14976]
R3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver;c:\windows\system32\DRIVERS\sembmdm2.sys [2008-02-06 380672]
R3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM);c:\windows\system32\DRIVERS\sembmgmt.sys [2008-02-06 343680]
R3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS);c:\windows\system32\DRIVERS\sembnd5.sys [2008-02-06 24960]
R3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM);c:\windows\system32\DRIVERS\sembunic.sys [2008-02-06 344064]
R3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM);c:\windows\system32\DRIVERS\sembwwan.sys [2008-02-06 337408]
R3 SEMCReserved;SEMC Reserved Interface;c:\windows\system32\DRIVERS\semcreserved.sys [2008-02-15 17408]
R3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;c:\windows\system32\DRIVERS\sesc.sys [2007-08-14 12672]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

.
Inhalt des "geplante Tasks" Ordners

2010-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-13 21:32]

2010-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-13 21:32]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: &Alles mit FlashGet laden - c:\program files\FlashGet\jc_all.htm
IE: &Mit FlashGet laden - c:\program files\FlashGet\jc_link.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Lookup on Merriam Webster
IE: Lookup on Wikipedia
Trusted Zone: campusspeicher.de\server14
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-Windows Update System - c:\users\Toshiba\AppData\Roaming\taskmgr.exe


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-2731685071-1132721656-2652739292-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"

[HKEY_USERS\S-1-5-21-2731685071-1132721656-2652739292-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(3612)
c:\program files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
c:\program files\DivX\DivX Plus Media Foundation Components\DivXMFSource.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\conhost.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-10-10  14:58:01 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-10-10 12:58

Vor Suchlauf: 10 Verzeichnis(se), 33.253.355.520 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 33.963.888.640 Bytes frei

- - End Of File - - 6D984AAF6DC835DD80EF13DEC396404C

trojana · 11.10.2010, 00:22

Hallo bin ich hier richtig?

Chris4You · 11.10.2010, 07:24

Hi,

first of all, das neue Avira gibt immer eine Warnung aus, wenn autostart unterbunden wird (was von windows defaultmässig ebenso wie die Warnung von Avira eingeschaltet ist)...

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe

Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output

Unter Extra Registry, wähle bitte Use SafeList

Klicke nun auf Run Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)

Poste die Logfiles hier in den Thread

Autorun deaktivieren:
Tipparchiv - Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten - WinTotal.de

chris

trojana · 11.10.2010, 07:35

danke, wird ich gleich ausprobieren

trojana · 11.10.2010, 09:42

Code:

ATTFilter

OTL logfile created on: 11.10.2010 09:42:37 - Run 1
OTL by OldTimer - Version 3.2.15.0     Folder = C:\Users\Toshiba\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 33,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 52,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 61,52 Gb Total Space | 27,38 Gb Free Space | 44,50% Space Free | Partition Type: NTFS
Drive D: | 171,36 Gb Total Space | 159,62 Gb Free Space | 93,15% Space Free | Partition Type: NTFS
Drive E: | 702,83 Mb Total Space | 697,19 Mb Free Space | 99,20% Space Free | Partition Type: UDF
Drive G: | 3,68 Gb Total Space | 0,68 Gb Free Space | 18,54% Space Free | Partition Type: FAT32
 
Computer Name: TOSHIBA-PC | User Name: Toshiba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.10.11 08:34:05 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Toshiba\Desktop\OTL.exe
PRC - [2010.09.29 19:16:43 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010.09.29 19:16:35 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010.09.20 12:39:10 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe
PRC - [2010.09.13 00:18:13 | 000,975,928 | ---- | M] (Google Inc.) -- C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010.09.01 08:39:18 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.08.27 01:34:22 | 000,107,008 | ---- | M] () -- C:\Programme\VideoLAN\VLC\vlc.exe
PRC - [2010.05.21 00:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.21 00:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.04.29 12:19:18 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010.04.16 22:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe
PRC - [2010.04.16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Contacts\wlcomm.exe
PRC - [2010.04.01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.07.14 03:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.10.11 08:34:05 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Toshiba\Desktop\OTL.exe
MOD - [2009.07.14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009.07.14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009.07.14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.04.01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.02.24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.07.14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV)
SRV - [2009.07.14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Toshiba\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Toshiba\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010.03.01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.10.07 08:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 5000(UVC)
DRV - [2009.10.07 08:47:56 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009.10.07 08:46:14 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009.07.14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009.07.14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009.07.14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009.07.14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009.07.14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009.07.14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009.07.14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009.07.14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009.07.14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009.07.14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009.07.14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009.07.14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009.07.14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009.07.14 03:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.07.14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009.07.14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009.07.14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009.07.14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009.07.14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009.07.14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009.07.14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009.07.14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009.07.14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009.07.14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009.07.14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009.07.14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009.07.14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009.07.14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009.07.14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009.07.14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009.07.14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009.07.14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009.07.14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009.07.14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009.07.14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009.07.14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009.07.14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009.07.14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009.07.14 01:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009.07.14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009.07.14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009.07.14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009.07.14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009.07.14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009.07.14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009.07.14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009.07.14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009.07.14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.07.14 00:02:52 | 000,139,776 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009.07.14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009.07.14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009.06.10 23:19:30 | 004,756,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.02.15 19:04:42 | 000,017,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\semcreserved.sys -- (SEMCReserved)
DRV - [2008.02.06 16:16:32 | 000,337,408 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sembwwan.sys -- (sembwwan) Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM)
DRV - [2008.02.06 16:16:10 | 000,344,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sembunic.sys -- (sembunic) Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM)
DRV - [2008.02.06 16:16:02 | 000,024,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sembnd5.sys -- (sembnd5) Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS)
DRV - [2008.02.06 16:15:56 | 000,343,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sembmgmt.sys -- (sembmgmt) Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM)
DRV - [2008.02.06 16:15:48 | 000,380,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sembmdm2.sys -- (sembmdm2)
DRV - [2008.02.06 16:15:34 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sembmdfl2.sys -- (sembmdfl2)
DRV - [2008.02.06 16:14:52 | 000,337,408 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sembcard.sys -- (sembcard) Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM)
DRV - [2008.02.06 16:14:44 | 000,260,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sembbus.sys -- (sembbus) SEMC WMC Composite Device driver (WDM)
DRV - [2007.11.09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.08.14 10:15:18 | 000,012,672 | ---- | M] (Sony Ericsson) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sesc.sys -- (Sony_EricssonWWSC)
DRV - [2006.11.14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005.04.27 22:24:20 | 000,120,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAV191.SYS -- (USBAV191)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.09.20 12:39:31 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2010.10.10 14:55:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programme\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com)
O15 - HKCU\..Trusted Domains: campusspeicher.de ([server14] https in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUpldde-de.cab (Windows Live Hotmail Photo Upload Tool)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.11 08:33:58 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Users\Toshiba\Desktop\OTL.exe
[2010.10.11 08:29:09 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Malwarebytes
[2010.10.11 08:28:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.10.11 08:28:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.11 08:27:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.10.11 08:27:59 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.10.10 23:30:48 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\vlc
[2010.10.10 20:14:58 | 038,163,432 | ---- | C] (Logitech, Inc.) -- C:\Users\Toshiba\Desktop\qc1110_x64.exe
[2010.10.10 19:39:09 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\logishrd
[2010.10.10 17:38:22 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Desktop\Scheikh Abd assalam
[2010.10.10 16:17:25 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Desktop\Desktop2
[2010.10.10 14:55:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.10.10 14:47:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.10.10 14:41:23 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.10.10 14:41:23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.10.10 14:41:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.10.10 14:41:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.10.10 14:41:15 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010.10.10 14:40:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.10.10 14:39:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.10.09 22:26:01 | 000,000,000 | ---D | C] -- C:\Programme\Boilsoft Video Splitter
[2010.10.09 21:59:38 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Boilsoft
[2010.10.09 21:42:21 | 000,000,000 | ---D | C] -- C:\Programme\Haali
[2010.10.09 17:53:16 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Desktop\Piere Vogel
[2010.10.08 23:17:13 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Avira
[2010.10.08 17:52:17 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.10.08 17:52:16 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.10.08 17:52:16 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.10.08 17:52:16 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.10.08 17:52:16 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.10.08 17:52:16 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.10.08 17:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.10.08 09:49:53 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Documents\Emicsoft Studio
[2010.10.08 09:49:42 | 000,000,000 | ---D | C] -- C:\Programme\Emicsoft Studio
[2010.10.08 08:03:58 | 000,000,000 | ---D | C] -- C:\Downloads
[2010.10.08 08:03:27 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\FlashGet
[2010.10.08 08:03:22 | 000,000,000 | ---D | C] -- C:\Programme\FlashGet
[2010.10.07 03:18:47 | 000,000,000 | ---D | C] -- C:\Neuer Ordner
[2010.10.06 23:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\QuickMediaConverter
[2010.10.06 23:48:38 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\CocoonSoftware
[2010.10.06 23:48:32 | 000,000,000 | ---D | C] -- C:\Programme\QuickMediaConverter
[2010.10.06 23:48:27 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\WDSetup
[2010.10.06 18:37:12 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Leawo
[2010.10.06 18:37:08 | 000,000,000 | ---D | C] -- C:\Programme\K-Lite Codec Pack
[2010.10.06 18:36:40 | 000,000,000 | ---D | C] -- C:\Programme\Leawo
[2010.10.06 18:28:03 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\SWF Studio
[2010.10.06 18:27:59 | 000,000,000 | ---D | C] -- C:\Programme\Riva
[2010.10.06 16:50:22 | 000,260,992 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sembbus.sys
[2010.10.06 16:50:22 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sembwhnt.sys
[2010.10.06 16:50:22 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sembwh.sys
[2010.10.06 16:50:20 | 000,344,064 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sembunic.sys
[2010.10.06 16:50:20 | 000,010,752 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sembcr.sys
[2010.10.06 16:50:19 | 000,380,672 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sembmdm2.sys
[2010.10.06 16:50:19 | 000,014,976 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sembmdfl2.sys
[2010.10.06 16:50:18 | 000,012,672 | ---- | C] (Sony Ericsson) -- C:\Windows\System32\drivers\sesc.sys
[2010.10.06 16:50:17 | 000,337,408 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sembwwan.sys
[2010.10.06 16:50:16 | 000,337,408 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sembcard.sys
[2010.10.06 16:50:14 | 000,343,680 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sembmgmt.sys
[2010.10.06 16:50:14 | 000,084,992 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\sembir32.dll
[2010.10.06 16:50:14 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sembcmnt.sys
[2010.10.06 16:50:14 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sembcm.sys
[2010.10.06 16:49:37 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Sony Ericsson
[2010.10.06 16:49:37 | 000,000,000 | ---D | C] -- C:\Programme\Sony Ericsson
[2010.10.06 16:43:14 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2010.10.06 16:43:14 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2010.10.04 22:27:28 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Desktop\Videos
[2010.10.04 21:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2010.10.04 21:38:29 | 000,000,000 | ---D | C] -- C:\Intel
[2010.10.04 21:28:04 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Documents\Sony PMB
[2010.10.04 21:23:13 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Sony Corporation
[2010.10.04 17:58:04 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2010.10.04 17:58:04 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2010.10.04 00:37:05 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft
[2010.10.04 00:36:46 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live SkyDrive
[2010.10.04 00:36:12 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.10.02 21:43:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010.10.02 21:40:33 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010.10.02 21:40:33 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010.10.02 21:40:33 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010.10.02 21:40:15 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2010.10.02 21:39:28 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight
[2010.10.02 21:39:08 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2010.10.02 21:39:07 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2010.10.02 21:38:24 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2010.10.02 21:38:23 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010.10.02 21:38:23 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2010.10.02 21:34:33 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\Windows Live
[2010.09.29 19:25:07 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Google
[2010.09.29 19:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010.09.29 18:17:28 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Desktop\Moschee
[2010.09.28 11:02:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010.09.28 10:33:49 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\Shareaza
[2010.09.28 10:33:12 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Shareaza
[2010.09.28 10:33:10 | 000,000,000 | ---D | C] -- C:\Programme\Shareaza
[2010.09.26 22:28:50 | 000,000,000 | ---D | C] -- C:\TEMP
[2010.09.26 22:20:15 | 000,000,000 | ---D | C] -- C:\Programme\IrfanView
[2010.09.26 11:26:16 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live Safety Center
[2010.09.26 11:25:18 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Documents\Meine empfangenen Dateien
[2010.09.22 03:08:38 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN
[2010.09.21 21:41:40 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\WinRAR
[2010.09.21 21:41:08 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2010.09.21 12:18:58 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\PSpad
[2010.09.21 12:18:49 | 000,000,000 | ---D | C] -- C:\Programme\PSPad editor
[2010.09.21 12:09:07 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Paltalk
[2010.09.21 12:09:04 | 000,000,000 | ---D | C] -- C:\Windows\PaltalkScene
[2010.09.21 12:09:04 | 000,000,000 | ---D | C] -- C:\Programme\Paltalk Messenger
[2010.09.20 23:53:49 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\gtk-2.0
[2010.09.20 23:48:31 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\.thumbnails
[2010.09.20 23:47:19 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Documents\gegl-0.0
[2010.09.20 23:47:19 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\.gimp-2.6
[2010.09.20 23:41:52 | 000,000,000 | ---D | C] -- C:\Programme\GIMP-2.0
[2010.09.20 22:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.09.20 22:30:40 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\Adobe
[2010.09.20 21:58:14 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\FileZilla
[2010.09.20 21:57:54 | 000,000,000 | ---D | C] -- C:\Programme\FileZilla FTP Client
[2010.09.20 12:39:29 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2010.09.20 12:39:27 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2010.09.20 12:39:27 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2010.09.20 12:39:22 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\xing shared
[2010.09.20 12:39:13 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp71.dll
[2010.09.20 12:39:13 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll
[2010.09.20 12:39:13 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010.09.20 12:39:11 | 000,000,000 | ---D | C] -- C:\Programme\Real
[2010.09.20 12:39:09 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Real
[2010.09.20 12:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010.09.20 12:39:08 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Real
[2010.09.19 22:07:55 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\skypePM
[2010.09.19 22:05:51 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Skype
[2010.09.19 22:05:33 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010.09.19 22:05:33 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.09.19 22:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.09.19 20:45:10 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\DivX
[2010.09.19 20:45:02 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine
[2010.09.19 20:44:41 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared
[2010.09.19 20:44:02 | 000,000,000 | ---D | C] -- C:\Programme\DivX
[2010.09.19 20:43:47 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.09.19 19:10:40 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\Microsoft Games
[2010.09.19 11:32:42 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\OpenOffice.org
[2010.09.19 11:30:39 | 000,000,000 | ---D | C] -- C:\Programme\JRE
[2010.09.19 11:30:36 | 000,000,000 | ---D | C] -- C:\Programme\OpenOffice.org 3
[2010.09.19 11:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.09.19 11:30:13 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.09.19 11:30:06 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.09.19 11:30:06 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.09.19 11:30:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.09.19 11:30:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.09.19 11:29:58 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2010.09.14 18:11:39 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\Diagnostics
[2010.09.13 23:32:52 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Macromedia
[2010.09.13 23:32:52 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Adobe
[2010.09.13 23:32:39 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\Google
[2010.09.13 23:32:32 | 000,000,000 | ---D | C] -- C:\Programme\Google
[2010.09.13 23:32:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.11 09:43:50 | 002,883,584 | -HS- | M] () -- C:\Users\Toshiba\NTUSER.DAT
[2010.10.11 09:41:53 | 000,016,208 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.11 09:41:53 | 000,016,208 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.11 09:37:04 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\daao.sys
[2010.10.11 09:30:49 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.10.11 09:30:49 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.11 09:30:49 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.11 09:30:49 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.11 09:30:49 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.11 09:24:29 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\ujlan.sys
[2010.10.11 09:05:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.11 08:34:05 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Toshiba\Desktop\OTL.exe
[2010.10.11 08:28:05 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.10 23:30:42 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.10.10 20:15:02 | 038,163,432 | ---- | M] (Logitech, Inc.) -- C:\Users\Toshiba\Desktop\qc1110_x64.exe
[2010.10.10 19:41:39 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.10 19:41:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.10.10 19:41:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.10 19:41:21 | 1603,084,288 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.10 18:27:50 | 002,584,161 | -H-- | M] () -- C:\Users\Toshiba\AppData\Local\IconCache.db
[2010.10.10 14:55:12 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.10.10 14:55:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.10.10 08:04:04 | 000,031,211 | ---- | M] () -- C:\Users\Toshiba\.recently-used.xbel
[2010.10.09 22:26:05 | 000,001,017 | ---- | M] () -- C:\Users\Toshiba\Desktop\Boilsoft Video Splitter.lnk
[2010.10.06 17:37:22 | 000,141,104 | ---- | M] () -- C:\Users\Toshiba\Documents\heimnetzwerk.xps
[2010.09.28 17:27:20 | 000,289,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.09.28 02:15:31 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.09.20 12:39:29 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2010.09.20 12:39:27 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2010.09.20 12:39:27 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2010.09.20 12:39:13 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp71.dll
[2010.09.20 12:39:13 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll
[2010.09.20 12:39:13 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010.09.19 22:07:57 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010.09.19 18:38:25 | 000,062,952 | ---- | M] () -- C:\Users\Toshiba\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.09.19 11:33:58 | 000,002,299 | ---- | M] () -- C:\Users\Toshiba\Documents\Neue Datenbank.odb
[2010.09.19 11:33:14 | 000,001,197 | ---- | M] () -- C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010.09.19 11:30:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.09.19 11:30:01 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.09.19 11:30:01 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.09.19 11:30:01 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.09.14 16:56:54 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
 
========== Files Created - No Company Name ==========
 
[2010.10.11 09:37:04 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\daao.sys
[2010.10.11 09:24:29 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\ujlan.sys
[2010.10.11 08:28:05 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.10 23:30:42 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.10.10 14:41:23 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.10.10 14:41:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.10.10 14:41:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.10.10 14:41:23 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.10.10 14:41:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.10.10 08:04:04 | 000,031,211 | ---- | C] () -- C:\Users\Toshiba\.recently-used.xbel
[2010.10.09 22:26:05 | 000,001,017 | ---- | C] () -- C:\Users\Toshiba\Desktop\Boilsoft Video Splitter.lnk
[2010.10.07 02:52:02 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.10.07 02:52:02 | 000,050,688 | ---- | C] () -- C:\Windows\System32\ff_acm.acm
[2010.10.06 18:37:09 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.10.06 17:37:21 | 000,141,104 | ---- | C] () -- C:\Users\Toshiba\Documents\heimnetzwerk.xps
[2010.10.06 16:50:21 | 000,017,408 | ---- | C] () -- C:\Windows\System32\drivers\semcreserved.sys
[2010.09.28 02:15:31 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.09.19 22:07:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.09.19 11:33:30 | 000,002,299 | ---- | C] () -- C:\Users\Toshiba\Documents\Neue Datenbank.odb
[2010.09.19 11:33:14 | 000,001,197 | ---- | C] () -- C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010.09.14 16:56:54 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.09.13 23:32:43 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.13 23:32:42 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009.10.07 08:24:22 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2005.05.06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2005.04.27 22:24:20 | 000,120,128 | ---- | C] () -- C:\Windows\System32\drivers\USBAV191.SYS
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 16 bytes -> C:\Users\Toshiba\Downloads:Shareaza.GUID

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 11.10.2010 09:42:37 - Run 1
OTL by OldTimer - Version 3.2.15.0     Folder = C:\Users\Toshiba\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 33,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 52,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 61,52 Gb Total Space | 27,38 Gb Free Space | 44,50% Space Free | Partition Type: NTFS
Drive D: | 171,36 Gb Total Space | 159,62 Gb Free Space | 93,15% Space Free | Partition Type: NTFS
Drive E: | 702,83 Mb Total Space | 697,19 Mb Free Space | 99,20% Space Free | Partition Type: UDF
Drive G: | 3,68 Gb Total Space | 0,68 Gb Free Space | 18,54% Space Free | Partition Type: FAT32
 
Computer Name: TOSHIBA-PC | User Name: Toshiba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Toshiba\AppData\Local\Temp\tat.exe" = C:\Users\Toshiba\AppData\Local\Temp\tat.exe:*:Enabled:Windows Messanger -- File not found
"C:\Users\Toshiba\AppData\Roaming\Microsoft\svcchost.exe" = C:\Users\Toshiba\AppData\Roaming\Microsoft\svcchost.exe:*:Enabled:Windows Messanger -- File not found
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{253AD5C7-94ED-44BF-AA0C-890A80817A87}_is1" = Boilsoft Video Splitter 6.01
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{37964A88-DAA1-488B-AE88-A5B6DDC6E9A6}" = Sony Ericsson Wireless Manager 5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time  Lib Setup
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{EF4E0DA6-02E0-47BF-9BB6-DC0E83CC6F4C}" = Sony Ericsson MD300 Wireless Modem
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Setup.divx.com" = DivX-Setup
"ffdshow_is1" = ffdshow v1.1.3562 [2010-09-07]
"FlashGet" = FlashGet 1.9.6.1073
"HaaliMkx" = Haali Media Splitter
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"PalTalk8.2" = PaltalkScene
"PSPad editor_is1" = PSPad editor
"RealPlayer 12.0" = RealPlayer
"VLC media player" = VLC media player 1.1.4
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.3.4.1
"Google Chrome" = Google Chrome
"QUICKMEDIACONVERTER" = QMC
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 10.10.2010 08:54:48 | Computer Name = Toshiba-PC | Source = Software Protection Platform Service | ID = 8211
Description = Fehler bei der Aktualisierung der Windows-Lizenz- und Product Key-Tokens:
 0xC004F050.   
 
Error - 10.10.2010 08:59:41 | Computer Name = Toshiba-PC | Source = Application Hang | ID = 1002
Description = Programm gimp-2.6.exe, Version 0.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: ce8    Startzeit: 
01cb687ae47619bf    Endzeit: 16    Anwendungspfad: C:\Program Files\GIMP-2.0\bin\gimp-2.6.exe

Berichts-ID:
 3c88874a-d46e-11df-b192-001b24ee3896  
 
Error - 10.10.2010 12:31:07 | Computer Name = Toshiba-PC | Source = Software Protection Platform Service | ID = 8211
Description = Fehler bei der Aktualisierung der Windows-Lizenz- und Product Key-Tokens:
 0xC004F025.   
 
Error - 10.10.2010 13:36:18 | Computer Name = Toshiba-PC | Source = Application Hang | ID = 1002
Description = Programm msnmsgr.exe, Version 14.0.8117.416 kann nicht mehr unter 
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
 der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem 
zu suchen.    Prozess-ID: db0    Startzeit: 01cb6898bc094d03    Endzeit: 59    Anwendungspfad: C:\Program
 Files\Windows Live\Messenger\msnmsgr.exe    Berichts-ID: e14e6000-d494-11df-83b6-001b24ee3896

 
Error - 10.10.2010 13:41:52 | Computer Name = Toshiba-PC | Source = Software Protection Platform Service | ID = 1017
Description = Fehler bei der Installation des Kaufnachweises. 0xC004F015  Teil-Pkey=FCGFR
ACID=bfb30674-7c9a-4624-9309-9914cfd5b05c
Genauer
 Fehler[?]  
 
Error - 10.10.2010 13:41:54 | Computer Name = Toshiba-PC | Source = Software Protection Platform Service | ID = 1017
Description = Fehler bei der Installation des Kaufnachweises. 0xC004F015  Teil-Pkey=FCGFR
ACID=bfb30674-7c9a-4624-9309-9914cfd5b05c
Genauer
 Fehler[?]  
 
Error - 10.10.2010 13:42:26 | Computer Name = Toshiba-PC | Source = Software Protection Platform Service | ID = 1017
Description = Fehler bei der Installation des Kaufnachweises. 0xC004F050  Teil-Pkey=3MBMV
ACID=?
Genauer
 Fehler[?]  
 
Error - 10.10.2010 13:42:26 | Computer Name = Toshiba-PC | Source = Software Protection Platform Service | ID = 8211
Description = Fehler bei der Aktualisierung der Windows-Lizenz- und Product Key-Tokens:
 0xC004F050.   
 
Error - 10.10.2010 14:33:27 | Computer Name = Toshiba-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385,
 Zeitstempel: 0x4a5bc69e  Name des fehlerhaften Moduls: mshtml.dll, Version: 8.0.7600.16385,
 Zeitstempel: 0x4a5bda8a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001cc03a  ID des fehlerhaften
 Prozesses: 0x434  Startzeit der fehlerhaften Anwendung: 0x01cb68a98cf12d82  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\System32\mshtml.dll  Berichtskennung: decd167d-d49c-11df-861e-001b24ee3896
 
Error - 10.10.2010 20:18:08 | Computer Name = Toshiba-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 0.0.0.0, Zeitstempel:
 0x4c8d33ea  Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.4927, Zeitstempel:
 0x4a2752ff  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000173e8  ID des fehlerhaften Prozesses:
 0x10ac  Startzeit der fehlerhaften Anwendung: 0x01cb68d9c63d87e1  Pfad der fehlerhaften
 Anwendung: C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
Berichtskennung:
 05c9e5f1-d4cd-11df-861e-001b24ee3896
 
[ System Events ]
Error - 10.10.2010 02:04:20 | Computer Name = Toshiba-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 10.10.2010 02:47:14 | Computer Name = Toshiba-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 10.10.2010 08:42:36 | Computer Name = Toshiba-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 10.10.2010 08:53:35 | Computer Name = Toshiba-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?10.?10.?2010 um 14:47:11 unerwartet heruntergefahren.
 
Error - 10.10.2010 10:21:03 | Computer Name = Toshiba-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 10.10.2010 13:41:22 | Computer Name = Toshiba-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?10.?10.?2010 um 19:39:14 unerwartet heruntergefahren.
 
Error - 10.10.2010 14:28:01 | Computer Name = Toshiba-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 10.10.2010 14:55:21 | Computer Name = Toshiba-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 10.10.2010 15:02:21 | Computer Name = Toshiba-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 10.10.2010 15:06:20 | Computer Name = Toshiba-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
 
< End of report >

Chris4You · 11.10.2010, 11:20

Hi,

was hat MAM ausgespuckt?

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:

Als erstes versteckte Dateien anzeigen lassen! (nur Punkt 1 durchführen!)

Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:

Code:

ATTFilter

C:\Windows\System32\drivers\daao.sys
C:\Windows\System32\drivers\ujlan.sys
C:\Users\Toshiba\AppData\Roaming\Microsoft\svcchost.exe
C:\Users\Toshiba\AppData\Local\Temp\tat.exe

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Die Files die nicht erkannt wurden unten aus dem OTL-Script rausnehmen.
Falls das File nicht gefunden wurde, drinn lassen!

Fix für OTL:

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:

ATTFilter

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Toshiba\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
[2010.10.11 09:37:04 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\daao.sys
[2010.10.11 09:24:29 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\ujlan.sys


:Files
C:\Users\Toshiba\AppData\Roaming\Microsoft\svcchost.exe
C:\Users\Toshiba\AppData\Local\Temp\tat.exe

:Commands
[emptytemp]
[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

chris

trojana · 11.10.2010, 12:33

Ávira gibt keine warnung mehr durch, wars das oder müss ich die anweisung oben noch weiter durchführen

Chris4You · 11.10.2010, 15:00

Hi,

prüfe bitte umgehend die Fieles die Avira nicht in Quarantäne hat!
Dann wie beschrieben vorgehen...
(Die Zeile kannst du bei dem OTL-Script weglassen: C:\Users\Toshiba\AppData\Roaming\Microsoft\svcchost.exe)

chris

Autorun.inf USB Probleme - Avira

Plagegeister aller Art und deren Bekämpfung: Autorun.inf USB Probleme - Avira