| |
| |||||||
Log-Analyse und Auswertung: Trojaner - Muss ich mein System neu aufsetzen?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
29.03.2011, 02:31
| #1 |
 |  Trojaner - Muss ich mein System neu aufsetzen? Liebes Team von Trojaner-Board.de, ich wäre dankbar, wenn sich jemand mal meine Malwarebytes-Logfiles angucken könnte, da ich mich selbst nicht so toll damit auskenne... Letztendlich würde ich gerne wissen, ob ich mein System neu aufsetzen muss oder ob es auch ohne Neuinstallation geht (ich habe Windows Vista). Vor ca. einer Woche kam die Meldung von AntiVir, dass Malware gefunden wurde. Seitdem kamen immer neue Meldungen und nun befinden sich ca. 30 Objekte in der AntiVir-Quarantäne. Computerprobleme habe und hatte ich eigentlich keine... Außerdem habe ich mir das Programm "Malwarebytes" heruntergeladen und ausgeführt. Die ersten paar Durchgänge waren ein paar Funde: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6188
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019
28.03.2011 04:34:58
mbam-log-2011-03-28 (04-34-58).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 157678
Laufzeit: 7 Minute(n), 35 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2863E737-DD3F-4280-9AF8-E9E79C16F312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2863E737-DD3F-4280-9AF8-E9E79C16F312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F334C7B0-8774-4D5B-BD7A-4F448D03A1AE} (Adware.SkyLab) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F334C7B0-8774-4D5B-BD7A-4F448D03A1AE} (Adware.SkyLab) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SkyMedia (Adware.SkyMedia) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6188
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019
29.03.2011 01:19:08
mbam-log-2011-03-29 (01-19-08).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 157899
Laufzeit: 3 Minute(n), 58 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Sollte ich trotzdem mein System neu aufsetzen? Ich habe aber gar keine Vista-DVDs, sondern lediglich selbst gebrannte Recovery-DVDs. Kann man damit überhaupt das System komplett neu aufsetzen? Da ich ja nun kein Computerprofi bin, frage ich mich, ob ich das überhaupt kann? Ich gehe zurzeit mit einem LAN-Kabel ins Internet, das mit unserem Router verbunden ist. Brauche ich nach einer Neuinstallation bestimmte Passwörter? Oder erkennt Vista das LAN-Kabel direkt und ich habe sofort wieder Zugriff auf das Internet? Ich bedanke mich schonmal für alle Antworten, liebe Grüße, GreenGirl =) |
|
29.03.2011, 19:33
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner - Muss ich mein System neu aufsetzen? Hallo und
__________________ Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
30.03.2011, 00:03
| #3 |
| | Trojaner - Muss ich mein System neu aufsetzen? Hallo Arne,
__________________danke für Deine Hilfe. :-) Hier nun die fehlenden Logfiles: - Log des Vollscans mit Malwarebytes (ganz neu): Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6188
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019
29.03.2011 23:56:27
mbam-log-2011-03-29 (23-56-27).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 308051
Laufzeit: 1 Stunde(n), 27 Minute(n), 5 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6188
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019
28.03.2011 18:25:32
mbam-log-2011-03-28 (18-25-32).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 307743
Laufzeit: 1 Stunde(n), 7 Minute(n), 58 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6188
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019
29.03.2011 01:19:08
mbam-log-2011-03-29 (01-19-08).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 157899
Laufzeit: 3 Minute(n), 58 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.03.2011 00:26:28 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Martina_2\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 58,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,97 Gb Total Space | 66,67 Gb Free Space | 44,75% Space Free | Partition Type: NTFS
Drive E: | 147,65 Gb Total Space | 142,75 Gb Free Space | 96,68% Space Free | Partition Type: NTFS
Computer Name: LAPTOP_MARTINA | User Name: Martina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{036E52C4-24FB-464D-849C-5BBA6A445F43}" = lport=139 | protocol=6 | dir=in | app=system |
"{0FBFF260-1909-44E9-9AEC-91AA09500D2D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{391ABDB5-0CA9-466A-8A26-3D62D41BF3A2}" = lport=5357 | protocol=6 | dir=in | app=system |
"{3AA9DCE8-60B4-4CF3-BBF0-E016A7B5F97C}" = rport=445 | protocol=6 | dir=out | app=system |
"{402BECEB-0830-4D92-8FA3-2011279213C7}" = lport=5358 | protocol=6 | dir=in | app=system |
"{58C92EA3-2B86-4BD8-ADDD-325D1A4AEC4C}" = rport=5357 | protocol=6 | dir=out | app=system |
"{65EF5950-EF43-4693-87D1-2599C57D30EC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{68DCDAA1-0E73-49EA-86A7-9BC58A378446}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{72E37375-9B9D-40DE-980B-233B2F699D4F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8D36419E-7D08-4649-ACA7-00139D90F025}" = lport=138 | protocol=17 | dir=in | app=system |
"{B7B570D4-1D65-47D8-939F-5E5D137BD0F2}" = rport=137 | protocol=17 | dir=out | app=system |
"{B9408FF5-AD4C-4215-9437-E40798995383}" = lport=137 | protocol=17 | dir=in | app=system |
"{B9E0DA63-D6FD-4E99-B518-4E07A73BA121}" = rport=139 | protocol=6 | dir=out | app=system |
"{C9BCE2C9-5BB1-4962-9765-C8402D7DE9B1}" = lport=445 | protocol=6 | dir=in | app=system |
"{E7601459-DE14-4BAC-A255-DD3F1E18E248}" = rport=138 | protocol=17 | dir=out | app=system |
"{EAFD7209-D5CE-48BE-99B7-E523E4115AF3}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{EE370977-06A0-49A7-85F6-13CC67344FB5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EF936AE4-C784-4750-A863-0B3B0FBB0398}" = rport=5358 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D3B394-8B43-4B46-B0CF-4D5243797B82}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{1BF77BBF-5B51-4331-A620-4AC6ECC3B0C9}" = protocol=6 | dir=in | app=c:\users\martina_2\appdata\roaming\dropbox\bin\dropbox.exe |
"{393F29B4-0F6C-4FE0-9D05-03C2A11BA245}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{422CC3AD-B407-4446-98D0-17FC085E4469}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{660C00EC-DF1C-43AC-B68A-D70E12993EB5}" = protocol=17 | dir=in | app=c:\program files\save tube video company\savetubevideo\downloader.exe |
"{7115A868-DF77-4C74-912F-C88F1D09408D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{77EA3867-ADF6-4B7B-B62A-4E9848B31672}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{79EA30C1-4CBC-41B1-B4EA-06114823D840}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7DB35ED7-BDE7-4DE1-A6EA-B1D660F7E402}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7F6E6179-D1BD-4751-8825-6B2859CEA84B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{86EAC92A-6CF3-4428-9F2E-991EA287930A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8FA5C624-106F-47A7-9928-DD93E5CDF0BC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9215F1E2-107F-4C5D-86B6-0E15D98766C6}" = protocol=17 | dir=in | app=c:\users\martina_2\appdata\roaming\dropbox\bin\dropbox.exe |
"{9B8D0AB5-932C-4619-9B34-EFEE06E04D8B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{D697006D-A322-4958-A0E6-2D2F3AA6866A}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{D7FEC9F3-DB29-45B1-B2E4-0BB659B0AE6D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D8E1F084-6DED-4D18-BED1-12DED132192A}" = protocol=6 | dir=in | app=c:\program files\save tube video company\savetubevideo\downloader.exe |
"{F001F7CE-D238-4D2D-A222-BD4048130F5C}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"TCP Query User{19C1B656-2DC9-4745-BB3D-AFBEB695C06D}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{3527C29B-3B1C-44B8-A7E7-87DF728B29A8}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{9467E784-7FB1-4F83-A5DB-2BA9BB09EBA4}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{D3F83C2A-4FCF-4364-89D7-1DBC9F7430B1}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{DBB665C4-B7B0-48CB-B2D9-E77AAACEEA72}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{F910E7CB-454D-4B60-9DCF-0B246C046CC5}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{22055439-F9A8-44EC-87A3-5B82A86E90BC}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{23BE4166-8DC6-4659-A93B-2D33A942973A}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{51E7D467-E04E-4153-AD9B-D5985B32B0DD}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{9140CA40-206E-4879-B118-6250539711D7}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{BF5F479A-01D9-4904-99C9-B931AFDA3B64}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{FFD2E120-E322-4F06-9008-D124308E29DE}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-195C
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AD824A5-1CCC-4BB7-82C9-E6FB25CC0479}" = VIMICRO USB PC Camera V
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{922D9CCA-4317-425F-9AA5-94829DF8BA6D}" = Motorola Software Update
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A0673E9E-4510-4AA0-B860-58FD5A7212A1}" = Motorola Driver Installation 4.5.0
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC5A36B0-B0A4-6A74-5001-8A1C3C687C47}" = JamBox
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.5 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A81300000003}_814" = KB408682
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{C1CE7EE2-8BCE-4F22-85C0-58331E33621E}" = Motorola Phone Tools
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DE60CAE2-4CA8-4A6A-A557-0668004FE889}" = Moorhuhn Kart Extra XXL
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E24AECDA-101F-11D6-986D-00500443CF9F}" = Sven Bømwøllen
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"D'Fusion @Home Web Plug-In" = Total Immersion D'Fusion @Home Web Plug-In
"Digital Guitar Tuner 2.3_is1" = Digital Guitar Tuner 2.3
"DivX Setup.divx.com" = DivX-Setup
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"GENEUIDE" = USB Storage Driver
"Google Updater" = Google Updater
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"hp deskjet 5550 series" = hp deskjet 5550 series (nur entfernen)
"hp deskjet 5550 series_Driver" = hp deskjet 5550 series
"hp print screen utility" = hp print screen utility
"im8.jambox.069E1A77D893743699A771F55BF895EA567B7255.1" = JamBox
"IncrediMail" = IncrediMail 2.0
"InfraRecorder" = InfraRecorder
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2)
"myphotobook" = myphotobook 3.5
"RealPlayer 6.0" = RealPlayer
"StarBurn_is1" = StarBurn Version 12r10 (Build 0x20091021)
"Steinberg Cubase SX v2.2.0.33" = Steinberg Cubase SX v2.2.0.33
"SVEN SPANNT" = SVEN SPANNT
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"US122 Driver_is1" = US122 Driver 3.40
"VLC media player" = VLC media player 1.1.5
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 29.03.2011 16:32:03 | Computer Name = Laptop_Martina | Source = Windows Search Service | ID = 3013
Description =
Error - 29.03.2011 16:32:03 | Computer Name = Laptop_Martina | Source = Windows Search Service | ID = 3013
Description =
Error - 29.03.2011 16:32:05 | Computer Name = Laptop_Martina | Source = Windows Search Service | ID = 3013
Description =
Error - 29.03.2011 16:32:10 | Computer Name = Laptop_Martina | Source = Windows Search Service | ID = 3013
Description =
Error - 29.03.2011 16:32:10 | Computer Name = Laptop_Martina | Source = Windows Search Service | ID = 3013
Description =
Error - 29.03.2011 16:32:16 | Computer Name = Laptop_Martina | Source = Windows Search Service | ID = 3013
Description =
Error - 29.03.2011 16:32:16 | Computer Name = Laptop_Martina | Source = Windows Search Service | ID = 3013
Description =
Error - 29.03.2011 16:32:22 | Computer Name = Laptop_Martina | Source = Windows Search Service | ID = 3013
Description =
Error - 29.03.2011 16:32:23 | Computer Name = Laptop_Martina | Source = Windows Search Service | ID = 3013
Description =
Error - 29.03.2011 16:32:28 | Computer Name = Laptop_Martina | Source = Windows Search Service | ID = 3013
Description =
[ System Events ]
Error - 27.03.2011 15:51:05 | Computer Name = Laptop_Martina | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 27.03.2011 15:51:07 | Computer Name = Laptop_Martina | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 27.03.2011 15:51:17 | Computer Name = Laptop_Martina | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 27.03.2011 16:45:06 | Computer Name = Laptop_Martina | Source = DCOM | ID = 10010
Description =
Error - 27.03.2011 19:32:50 | Computer Name = Laptop_Martina | Source = DCOM | ID = 10010
Description =
Error - 27.03.2011 19:56:23 | Computer Name = Laptop_Martina | Source = DCOM | ID = 10010
Description =
Error - 27.03.2011 19:58:02 | Computer Name = Laptop_Martina | Source = DCOM | ID = 10010
Description =
Error - 27.03.2011 20:25:39 | Computer Name = Laptop_Martina | Source = DCOM | ID = 10010
Description =
Error - 27.03.2011 23:19:01 | Computer Name = Laptop_Martina | Source = DCOM | ID = 10010
Description =
Error - 29.03.2011 15:17:10 | Computer Name = Laptop_Martina | Source = DCOM | ID = 10010
Description =
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.03.2011 00:26:28 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Martina_2\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 58,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,97 Gb Total Space | 66,67 Gb Free Space | 44,75% Space Free | Partition Type: NTFS Drive E: | 147,65 Gb Total Space | 142,75 Gb Free Space | 96,68% Space Free | Partition Type: NTFS Computer Name: LAPTOP_MARTINA | User Name: Martina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Martina_2\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.) PRC - C:\Programme\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Motorola\MotoConnectService\MotoConnect.exe (Motorola) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.) PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe () PRC - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) PRC - c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA) PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) PRC - C:\Programme\avmwlanstick\FRITZWLANMini.exe (AVM Berlin GmbH) PRC - C:\Windows\VM305_STI.exe (Vimicro) PRC - C:\Windows\System32\spool\drivers\w32x86\3\hpztsb05.exe (HP) ========== Modules (SafeList) ========== MOD - C:\Users\Martina_2\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (MotoConnect Service) -- C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe () SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.) SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TosCoSrv) -- c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (TOSHIBA SMART Log Service) -- c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (StarPortLite) StarPort Storage Controller (Lite) -- C:\Windows\System32\drivers\StarPortLite.sys (Rocket Division Software) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (U3sHlpDr) -- C:\Windows\System32\drivers\U3sHlpDr.sys () DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.) DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation ) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (Us122WdmService) -- C:\Windows\System32\drivers\US122Wdm.sys (Frontier Design Group, LLC) DRV - (US122DL) -- C:\Windows\System32\drivers\US122DL.sys (Frontier Design Group) DRV - (US122) -- C:\Windows\System32\drivers\US122.sys (Frontier Design Group, LLC) DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH) DRV - (ZSMC0305) -- C:\Windows\System32\drivers\usbVM305.sys (Vimicro Corporation) DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.) DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4.1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.09.04 20:48:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.07 01:58:54 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.27 00:37:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.10.27 00:37:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.11.11 01:02:05 | 000,000,000 | ---D | M] [2011.03.28 01:39:23 | 000,002,342 | ---- | M] () -- \Users\Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\q0slhhm7.default\searchplugins\icq-search.xml [2008.03.31 09:52:00 | 000,000,168 | ---- | M] () -- \Users\Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\q0slhhm7.default\searchplugins\icqplugin.gif [2008.03.31 09:52:00 | 000,000,618 | ---- | M] () -- \Users\Dieter\AppData\Roaming\Mozilla\Firefox\Profiles\q0slhhm7.default\searchplugins\icqplugin.src [2010.12.10 11:15:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.06.11 16:08:58 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.03.07 16:10:29 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.06.12 09:44:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2009.06.11 16:08:58 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07} [2011.03.07 16:10:29 | 000,000,000 | ---D | M] (Skype extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1} [2008.09.07 19:01:01 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2010.06.15 16:24:51 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [2010.06.12 09:44:51 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.06.12 09:44:34 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [1999.12.31 17:00:00 | 000,166,168 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll [2008.03.15 15:56:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2008.03.15 15:56:14 | 000,002,642 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2008.02.19 16:40:48 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2006.12.03 17:59:22 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2006.11.17 13:19:24 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.) O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe (AVM Berlin GmbH) O4 - HKLM..\Run: [BigDog305] C:\Windows\VM305_STI.EXE (Vimicro) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\Windows\System32\spool\drivers\w32x86\3\hpztsb05.exe (HP) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NDSTray.exe] File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe () O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.03.29 22:32:11 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.Laptop_Martina.006\Vorlagen [2011.03.29 22:32:11 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.Laptop_Martina.006\Startmenü [2011.03.29 22:32:11 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.Laptop_Martina.006\SendTo [2011.03.29 22:32:11 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.Laptop_Martina.006\Recent [2011.03.29 22:32:11 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.Laptop_Martina.006\Netzwerkumgebung [2011.03.29 22:32:11 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.Laptop_Martina.006\Lokale Einstellungen [2011.03.29 22:32:11 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.Laptop_Martina.006\Eigene Dateien [2011.03.29 22:32:11 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.Laptop_Martina.006\Druckumgebung [2011.03.29 22:32:11 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.Laptop_Martina.006\Cookies [2011.03.29 22:32:11 | 000,000,000 | -HSD | C] -- C:\Users\TEMP.Laptop_Martina.006\Anwendungsdaten [2011.03.29 22:31:48 | 000,000,000 | R--D | C] -- C:\Users\TEMP.Laptop_Martina.006\Videos [2011.03.29 22:31:48 | 000,000,000 | R--D | C] -- C:\Users\TEMP.Laptop_Martina.006\Pictures [2011.03.29 22:31:48 | 000,000,000 | R--D | C] -- C:\Users\TEMP.Laptop_Martina.006\Music [2011.03.29 22:31:48 | 000,000,000 | R--D | C] -- C:\Users\TEMP.Laptop_Martina.006\Links [2011.03.29 22:31:48 | 000,000,000 | R--D | C] -- C:\Users\TEMP.Laptop_Martina.006\Favorites [2011.03.29 22:31:48 | 000,000,000 | R--D | C] -- C:\Users\TEMP.Laptop_Martina.006\Downloads [2011.03.29 22:31:48 | 000,000,000 | R--D | C] -- C:\Users\TEMP.Laptop_Martina.006\Documents [2011.03.29 22:31:48 | 000,000,000 | R--D | C] -- C:\Users\TEMP.Laptop_Martina.006\Desktop [2011.03.29 22:31:48 | 000,000,000 | -H-D | C] -- C:\Users\TEMP.Laptop_Martina.006\AppData [2011.03.29 22:31:48 | 000,000,000 | ---D | C] -- C:\Users\TEMP.Laptop_Martina.006\Saved Games [2011.03.28 03:49:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.03.28 03:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.03.28 03:48:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.03.28 03:48:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.03.28 03:48:56 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.03.23 02:02:14 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.03.23 02:02:13 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.03.10 01:16:53 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.03.10 01:16:53 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011.03.10 01:16:52 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011.03.10 01:16:52 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2011.03.07 16:10:18 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.03.30 00:33:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D76F5839-3BF4-4D8B-AA52-6F2C77505B7C}.job [2011.03.30 00:30:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8A74799D-CBC2-4C1F-80B4-ADFDCB6CFAE5}.job [2011.03.29 23:54:05 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.03.29 23:18:01 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.29 23:18:01 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.29 22:59:56 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.03.29 22:59:56 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.03.29 22:59:56 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.03.29 22:59:56 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.03.29 21:37:20 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.03.29 21:18:09 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C31EE409-8F7F-4F7E-A79D-C409BC74D4ED}.job [2011.03.29 21:17:34 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.03.29 21:17:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.29 13:55:31 | 2136,961,024 | -HS- | M] () -- C:\hiberfil.sys [2011.03.17 21:36:59 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.03.18 00:38:05 | 000,001,022 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job [2010.12.26 16:06:03 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS [2010.12.26 16:06:03 | 000,000,000 | RHS- | C] () -- \IO.SYS [2010.10.09 16:40:07 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.10.09 16:38:49 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat [2010.10.09 16:35:13 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini [2010.07.29 15:38:05 | 000,020,480 | ---- | C] () -- C:\Windows\System32\jesterss.dll [2010.07.24 11:47:26 | 2136,961,024 | -HS- | C] () -- [2010.03.04 00:34:12 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.03.04 00:34:12 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.12.03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.05.27 14:38:05 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.05.27 14:38:04 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2008.11.23 00:58:56 | 000,510,976 | ---- | C] () -- C:\Windows\System32\synsoacc.dll [2008.11.20 19:32:22 | 000,007,551 | ---- | C] () -- C:\Windows\System32\drivers\U3sHlpDr.sys [2008.10.13 23:19:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.10.08 23:38:30 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2 [2008.09.09 00:37:19 | 000,036,864 | R--- | C] () -- C:\Windows\System32\deluidrv.exe [2008.09.09 00:37:19 | 000,032,768 | R--- | C] () -- C:\Windows\System32\delentry.exe [2008.09.09 00:05:11 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.09.08 22:08:51 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.09.03 13:40:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.09.03 11:37:06 | 000,097,312 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin [2008.09.02 22:17:13 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2008.09.02 22:17:13 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2008.09.02 22:17:13 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2008.09.02 22:17:13 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2008.09.02 22:14:28 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll [2008.09.02 21:46:41 | 2450,755,584 | -HS- | C] () -- [2008.02.22 11:34:00 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2008.02.22 11:15:12 | 000,025,976 | ---- | C] () -- \_wdsuef.dmp [2008.02.18 17:58:18 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.02.18 17:44:09 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2008.02.18 17:44:09 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2008.02.18 17:44:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2008.02.18 17:44:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2008.02.18 17:44:09 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2008.02.18 17:44:09 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2008.02.18 16:57:01 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.02.18 16:55:43 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2008.02.18 16:55:43 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2008.02.18 16:55:43 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll [2008.02.18 16:55:43 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2008.02.18 16:42:39 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK [2008.02.18 16:42:38 | 000,333,257 | RHS- | C] () -- \bootmgr [2008.01.21 09:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,357,704 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 12:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.11.02 08:25:08 | 000,000,010 | ---- | C] () -- \config.sys [2005.01.31 09:37:58 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini < End of report > Merci! Liebe Grüße, Martina |
|
30.03.2011, 11:46
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner - Muss ich mein System neu aufsetzen?Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
31.03.2011, 00:03
| #5 |
| | Trojaner - Muss ich mein System neu aufsetzen? Oh, entschuldige..  Bei Malwarebytes unter der Registerkarte "Aktualisierung" kann man auf den "Suche nach Aktualisierungen"-Button bei mir garnicht drücken, daher hab ich darauf geschlossen, dass ich die aktuelle Version habe... Kann ich das Programm noch wo anders aktualisieren?Morgen bin ich nun leider den ganzen Tag nicht da, aber abends oder am Freitag werde ich das sofort machen.  Liebe Grüße, Martina |
|
31.03.2011, 13:29
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner - Muss ich mein System neu aufsetzen?Zitat:
__________________ --> Trojaner - Muss ich mein System neu aufsetzen? |
|
31.03.2011, 22:39
| #7 |
| | Trojaner - Muss ich mein System neu aufsetzen? Soo, jetzt hab ichs.. Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6228
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019
31.03.2011 21:47:05
mbam-log-2011-03-31 (21-47-05).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 374402
Laufzeit: 1 Stunde(n), 43 Minute(n), 32 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
01.04.2011, 13:09
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner - Muss ich mein System neu aufsetzen? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.04.2011, 23:13
| #9 | ||
| | Trojaner - Muss ich mein System neu aufsetzen? Ich habe noch ein paar Fragen zur Ausführung von ComboFix... - Wird dieses Programm mein Trojaner-Problem lösen? Ist es denn überhaupt noch ein Problem? Mein PC läuft im Moment nämlich wieder ganz normal und hat auch keine neuen Trojaner-Meldungen mehr... - Zitat:
- Zitat:
- Wie lange dauert denn ein Scan mit ComboFix? Morgen beginne ich nämlich ein Praktikum und weiß nicht, wie sehr ich auf meinen Laptop angewiesen bin... Es wäre fatal, wenn ich nach dem ComboFix-Scan nicht mehr ins Internet komme etc... Danke für die Hilfe & Geduld... =) Liebe Grüße, Martina ~ |
|
04.04.2011, 11:31
| #10 | |||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner - Muss ich mein System neu aufsetzen?Zitat:
Zitat:
Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.04.2011, 23:10
| #11 |
| | Trojaner - Muss ich mein System neu aufsetzen? Soo - endlich habe ich es geschafft. Wegen den ganzen Warnhinweisen hatte ich ziemlichen Respekt vor dem Programm... Vorhin habe ich mir jetzt 10x die Anleitung durchgelesen und habe nun hier das Logfile: Combofix Logfile: Code:
ATTFilter ComboFix 11-04-06.01 - Martina 06.04.2011 23:42:33.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2037.973 [GMT 2:00]
ausgeführt von:: c:\users\Martina_2\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Martina\AppData\Roaming\Microsoft\Windows\Recent\mxfilerelatedcache.mxc2
c:\users\Martina\FAVORI~1\mxfilerelatedcache.mxc2
c:\users\Martina\Favorites\mxfilerelatedcache.mxc2
c:\users\Martina_2\AppData\Local\{1A01BA1D-CAAD-43E0-9A9B-FCBEF35AA517}
c:\users\Martina_2\AppData\Local\{1A01BA1D-CAAD-43E0-9A9B-FCBEF35AA517}\chrome.manifest
c:\users\Martina_2\AppData\Local\{1A01BA1D-CAAD-43E0-9A9B-FCBEF35AA517}\chrome\content\_cfg.js
c:\users\Martina_2\AppData\Local\{1A01BA1D-CAAD-43E0-9A9B-FCBEF35AA517}\chrome\content\overlay.xul
c:\users\Martina_2\AppData\Local\{1A01BA1D-CAAD-43E0-9A9B-FCBEF35AA517}\install.rdf
c:\users\Martina_2\Favorites\Lesezeichen 2008-11-27.json
c:\users\Martina_2\Favorites\mxfilerelatedcache.mxc2
E:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-06 bis 2011-04-06 ))))))))))))))))))))))))))))))
.
.
2011-04-06 21:53 . 2011-04-06 21:53 -------- d-----w- c:\users\Martina\AppData\Local\temp
2011-04-06 21:53 . 2011-04-06 21:53 -------- d-----w- c:\users\Presentation\AppData\Local\temp
2011-04-06 21:53 . 2011-04-06 21:53 -------- d-----w- c:\users\Dieter\AppData\Local\temp
2011-04-05 19:46 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D2E5BC19-B7CC-4D13-9925-B3CAD1598C91}\mpengine.dll
2011-04-04 23:56 . 2011-04-04 23:59 -------- d-----w- c:\users\Martina\AppData\Roaming\LG Electronics
2011-04-04 23:55 . 2011-04-05 23:44 -------- d-----w- c:\program files\LG Electronics
2011-04-04 23:02 . 2011-04-04 23:02 -------- d-----w- c:\program files\CCleaner
2011-03-28 02:24 . 2011-03-28 02:24 -------- d-----w- c:\users\Martina_2\AppData\Roaming\Malwarebytes
2011-03-28 01:49 . 2011-03-28 01:49 -------- d-----w- c:\users\Martina\AppData\Roaming\Malwarebytes
2011-03-28 01:49 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-28 01:48 . 2011-03-28 01:48 -------- d-----w- c:\programdata\Malwarebytes
2011-03-28 01:48 . 2011-03-28 01:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-28 01:48 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-27 23:37 . 2011-03-27 23:37 -------- d-----w- c:\users\Dieter\AppData\Local\Scansoft
2011-03-23 00:02 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 00:02 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-23 00:02 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-21 02:31 . 2011-03-26 00:17 0 ----a-w- c:\users\Martina_2\AppData\Local\Lmatikodure.bin
2011-03-09 23:16 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 23:16 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 23:16 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 23:16 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 23:16 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 23:16 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 19:36 . 2009-03-19 18:09 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-17 19:33 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-02 17:11 . 2009-10-03 16:16 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-08 18:31 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-08 18:31 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-08 18:31 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-08 18:31 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08 . 2011-02-08 18:31 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-08 18:31 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07 . 2011-02-08 18:31 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-08 18:31 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-08 18:31 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-08 18:31 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-08 18:31 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-08 18:31 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-08 18:31 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-08 18:31 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-08 18:31 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-08 18:31 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-08 18:31 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-08 18:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-08 18:31 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-08 18:31 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-08 18:31 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-08 18:31 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-08 18:31 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-08 18:31 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-08 18:31 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-08 08:47 . 2011-02-08 18:31 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-08 18:31 292352 ----a-w- c:\windows\system32\atmfd.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-01-29 430080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-01 39408]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-11-01 353736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 129560]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"NDSTray.exe"="NDSTray.exe" [BU]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-04 185896]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"AVMWlanClient"="c:\program files\avmwlanstick\FRITZWLANMini.exe" [2006-04-20 323584]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 188416]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2007-7-27 389120]
.
c:\users\Dieter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2007-7-27 389120]
.
c:\users\Presentation\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2007-7-27 389120]
.
c:\users\Martina_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DOGS DIARY.lnk - c:\program files\DOGS DIARY\DOGS DIARY.exe [N/A]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-10 110592]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2007-7-27 389120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-20 136176]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2006-07-31 264704]
R3 US122;US122 Driver;c:\windows\system32\Drivers\US122.sys [2007-08-29 131968]
R3 US122DL;US122 Firmware Downloader;c:\windows\system32\Drivers\US122DL.sys [2007-08-29 18304]
R3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\Drivers\US122Wdm.sys [2007-08-29 39168]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-17 721904]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys [2009-03-02 95592]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [2010-01-27 91392]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54 MBit/s USB 2.0 Netzwerkadapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304]
S3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\Drivers\usbVM305.sys [2006-05-08 391688]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-18 12:39]
.
2011-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-20 12:43]
.
2011-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-20 12:43]
.
2011-04-06 c:\windows\Tasks\User_Feed_Synchronization-{8A74799D-CBC2-4C1F-80B4-ADFDCB6CFAE5}.job
- c:\windows\system32\msfeedssync.exe [2011-04-05 23:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://mystart.incredimail.com/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\djln95o2.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-06 23:53
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????@?@??????????????????????????
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i????????EnS??X???????????????
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-04-06 23:56:52
ComboFix-quarantined-files.txt 2011-04-06 21:56
.
Vor Suchlauf: 12 Verzeichnis(se), 71.486.406.656 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 71.418.023.936 Bytes frei
.
- - End Of File - - 2576B8B9541605A9DF1BFB4A43A7BE5D
--- --- --- |
|
06.04.2011, 23:40
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner - Muss ich mein System neu aufsetzen? Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.04.2011, 23:58
| #13 |
| | Trojaner - Muss ich mein System neu aufsetzen? Ich hoffe, das ist das richtige... Code:
ATTFilter 2011/04/07 00:51:20.0439 2236 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/07 00:51:21.0000 2236 ================================================================================
2011/04/07 00:51:21.0000 2236 SystemInfo:
2011/04/07 00:51:21.0000 2236
2011/04/07 00:51:21.0000 2236 OS Version: 6.0.6002 ServicePack: 2.0
2011/04/07 00:51:21.0000 2236 Product type: Workstation
2011/04/07 00:51:21.0000 2236 ComputerName: LAPTOP_MARTINA
2011/04/07 00:51:21.0000 2236 UserName: Martina
2011/04/07 00:51:21.0000 2236 Windows directory: C:\Windows
2011/04/07 00:51:21.0000 2236 System windows directory: C:\Windows
2011/04/07 00:51:21.0000 2236 Processor architecture: Intel x86
2011/04/07 00:51:21.0000 2236 Number of processors: 2
2011/04/07 00:51:21.0000 2236 Page size: 0x1000
2011/04/07 00:51:21.0000 2236 Boot type: Normal boot
2011/04/07 00:51:21.0000 2236 ================================================================================
2011/04/07 00:51:27.0287 2236 Initialize success
2011/04/07 00:52:12.0714 4040 ================================================================================
2011/04/07 00:52:12.0714 4040 Scan started
2011/04/07 00:52:12.0714 4040 Mode: Manual;
2011/04/07 00:52:12.0714 4040 ================================================================================
2011/04/07 00:52:13.0916 4040 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/07 00:52:14.0181 4040 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/07 00:52:14.0399 4040 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/07 00:52:14.0524 4040 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/07 00:52:14.0664 4040 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/07 00:52:14.0867 4040 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/07 00:52:15.0195 4040 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/07 00:52:15.0351 4040 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/07 00:52:15.0600 4040 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/07 00:52:15.0834 4040 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/04/07 00:52:16.0131 4040 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/04/07 00:52:16.0349 4040 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/04/07 00:52:16.0521 4040 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/04/07 00:52:16.0724 4040 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/04/07 00:52:16.0926 4040 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/04/07 00:52:17.0145 4040 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/07 00:52:17.0223 4040 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/07 00:52:17.0426 4040 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/04/07 00:52:17.0675 4040 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/07 00:52:17.0800 4040 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/07 00:52:17.0894 4040 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/07 00:52:18.0034 4040 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/04/07 00:52:18.0096 4040 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/07 00:52:18.0221 4040 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/07 00:52:18.0268 4040 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/07 00:52:18.0330 4040 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/07 00:52:18.0455 4040 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/07 00:52:18.0502 4040 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/07 00:52:18.0611 4040 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/07 00:52:18.0689 4040 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/07 00:52:19.0079 4040 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/07 00:52:19.0266 4040 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/07 00:52:19.0360 4040 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/04/07 00:52:19.0469 4040 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/07 00:52:19.0625 4040 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/07 00:52:19.0703 4040 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/04/07 00:52:19.0766 4040 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/07 00:52:19.0937 4040 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/04/07 00:52:20.0000 4040 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/04/07 00:52:20.0140 4040 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/07 00:52:20.0296 4040 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/07 00:52:20.0374 4040 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/07 00:52:20.0530 4040 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/07 00:52:20.0608 4040 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/07 00:52:20.0951 4040 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/07 00:52:21.0138 4040 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/04/07 00:52:21.0279 4040 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/04/07 00:52:21.0404 4040 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/07 00:52:21.0513 4040 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/07 00:52:21.0606 4040 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/07 00:52:21.0731 4040 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/07 00:52:21.0794 4040 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/07 00:52:21.0903 4040 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/07 00:52:21.0996 4040 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/07 00:52:22.0184 4040 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/07 00:52:22.0262 4040 FWLANUSB (b45f1df1cce34e2af422f0ed78cd70ef) C:\Windows\system32\DRIVERS\fwlanusb.sys
2011/04/07 00:52:22.0386 4040 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
2011/04/07 00:52:22.0464 4040 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/07 00:52:22.0683 4040 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/07 00:52:22.0745 4040 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/07 00:52:22.0839 4040 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/07 00:52:22.0886 4040 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/07 00:52:22.0979 4040 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/07 00:52:23.0120 4040 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/04/07 00:52:23.0260 4040 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/04/07 00:52:23.0588 4040 HSF_DPV (efed6bd9b9d5f407adca918bbe2d410d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/04/07 00:52:23.0837 4040 HSXHWAZL (c2eb8396c46e13f76037d70eae8820a9) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/04/07 00:52:23.0931 4040 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/07 00:52:24.0087 4040 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/04/07 00:52:24.0165 4040 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/07 00:52:24.0305 4040 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
2011/04/07 00:52:24.0352 4040 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/04/07 00:52:24.0711 4040 igfx (038815297078d236d8cc064c295a74c6) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/04/07 00:52:24.0945 4040 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/07 00:52:25.0116 4040 IntcAzAudAddService (8a4341616976e47712b60f18c7049dcc) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/07 00:52:25.0272 4040 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/07 00:52:25.0319 4040 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/07 00:52:25.0491 4040 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/07 00:52:25.0584 4040 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/07 00:52:25.0662 4040 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/07 00:52:25.0787 4040 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/07 00:52:25.0834 4040 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/04/07 00:52:25.0912 4040 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/07 00:52:26.0021 4040 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/07 00:52:26.0084 4040 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/07 00:52:26.0208 4040 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/07 00:52:26.0255 4040 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/04/07 00:52:26.0380 4040 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/07 00:52:26.0505 4040 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/07 00:52:26.0614 4040 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/07 00:52:26.0676 4040 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/07 00:52:26.0754 4040 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/07 00:52:26.0848 4040 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/07 00:52:26.0926 4040 LVUSBSta (a730fc8671a60666d6e877c544dd7cd4) C:\Windows\system32\drivers\lvusbsta.sys
2011/04/07 00:52:27.0035 4040 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/04/07 00:52:27.0176 4040 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/04/07 00:52:27.0316 4040 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/04/07 00:52:27.0441 4040 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/07 00:52:27.0534 4040 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/07 00:52:27.0597 4040 motmodem (54fee02961c70fd9d4d7e2f87afa23fa) C:\Windows\system32\DRIVERS\motmodem.sys
2011/04/07 00:52:27.0800 4040 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/07 00:52:27.0862 4040 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/07 00:52:27.0956 4040 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/07 00:52:28.0049 4040 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/04/07 00:52:28.0190 4040 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/07 00:52:28.0486 4040 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/07 00:52:28.0626 4040 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/07 00:52:28.0736 4040 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/07 00:52:28.0814 4040 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/07 00:52:28.0845 4040 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/07 00:52:28.0985 4040 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/04/07 00:52:29.0063 4040 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/04/07 00:52:29.0188 4040 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/07 00:52:29.0406 4040 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/07 00:52:29.0500 4040 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/07 00:52:29.0578 4040 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/07 00:52:29.0625 4040 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/07 00:52:29.0687 4040 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/07 00:52:29.0796 4040 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/07 00:52:29.0859 4040 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/07 00:52:29.0921 4040 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/07 00:52:30.0093 4040 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/07 00:52:30.0327 4040 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/07 00:52:30.0483 4040 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/07 00:52:30.0514 4040 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/07 00:52:30.0686 4040 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/07 00:52:30.0748 4040 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/07 00:52:30.0857 4040 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/07 00:52:30.0920 4040 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/07 00:52:31.0122 4040 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/04/07 00:52:31.0263 4040 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/07 00:52:31.0341 4040 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/07 00:52:31.0466 4040 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/07 00:52:31.0544 4040 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/07 00:52:31.0684 4040 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/07 00:52:31.0746 4040 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/07 00:52:31.0824 4040 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/04/07 00:52:31.0965 4040 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/04/07 00:52:32.0074 4040 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/04/07 00:52:32.0292 4040 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/04/07 00:52:32.0402 4040 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/07 00:52:32.0526 4040 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/07 00:52:32.0589 4040 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/07 00:52:32.0714 4040 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/07 00:52:32.0745 4040 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/04/07 00:52:32.0823 4040 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/07 00:52:33.0072 4040 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/07 00:52:33.0244 4040 PID_0928 (5bd2c6d982481d548107c602e7ccfbbc) C:\Windows\system32\DRIVERS\LV561AV.SYS
2011/04/07 00:52:33.0353 4040 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/07 00:52:33.0462 4040 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/04/07 00:52:33.0540 4040 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/07 00:52:33.0587 4040 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2011/04/07 00:52:33.0743 4040 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/04/07 00:52:33.0884 4040 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/07 00:52:34.0024 4040 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/07 00:52:34.0086 4040 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/07 00:52:34.0274 4040 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/07 00:52:34.0352 4040 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/07 00:52:34.0461 4040 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/07 00:52:34.0523 4040 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/07 00:52:34.0648 4040 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/07 00:52:34.0726 4040 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/04/07 00:52:34.0866 4040 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/07 00:52:34.0929 4040 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/07 00:52:35.0210 4040 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/07 00:52:35.0397 4040 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/04/07 00:52:35.0522 4040 RTL8187B (b71d269b9ab5417963e986126c12b9fc) C:\Windows\system32\DRIVERS\RTL8187B.sys
2011/04/07 00:52:35.0568 4040 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
2011/04/07 00:52:35.0646 4040 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/07 00:52:35.0756 4040 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/07 00:52:35.0802 4040 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/07 00:52:35.0865 4040 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/07 00:52:35.0974 4040 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/07 00:52:36.0052 4040 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/04/07 00:52:36.0114 4040 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/07 00:52:36.0208 4040 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/07 00:52:36.0270 4040 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/07 00:52:36.0411 4040 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/04/07 00:52:36.0473 4040 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/04/07 00:52:36.0520 4040 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/04/07 00:52:36.0676 4040 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/07 00:52:36.0754 4040 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/07 00:52:36.0926 4040 sptd (1a606a8d611816adc47d2b25dbedcb1f) C:\Windows\system32\Drivers\sptd.sys
2011/04/07 00:52:36.0926 4040 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 1a606a8d611816adc47d2b25dbedcb1f
2011/04/07 00:52:36.0941 4040 sptd - detected Locked file (1)
2011/04/07 00:52:36.0972 4040 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/04/07 00:52:37.0097 4040 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/07 00:52:37.0160 4040 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/07 00:52:37.0300 4040 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/07 00:52:37.0378 4040 StarPortLite (61b8922afc74f1ebb31e34f43320d2cc) C:\Windows\system32\DRIVERS\StarPortLite.sys
2011/04/07 00:52:37.0472 4040 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2011/04/07 00:52:37.0565 4040 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/07 00:52:37.0752 4040 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/07 00:52:37.0815 4040 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/07 00:52:37.0877 4040 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/07 00:52:38.0018 4040 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys
2011/04/07 00:52:38.0158 4040 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/04/07 00:52:38.0298 4040 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/07 00:52:38.0376 4040 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/07 00:52:38.0439 4040 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/04/07 00:52:38.0517 4040 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/07 00:52:38.0564 4040 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/07 00:52:38.0735 4040 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/07 00:52:38.0969 4040 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/07 00:52:39.0172 4040 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
2011/04/07 00:52:39.0250 4040 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/07 00:52:39.0359 4040 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/07 00:52:39.0437 4040 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/07 00:52:39.0546 4040 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/04/07 00:52:39.0640 4040 U3sHlpDr (f32ca4e68a075476f661dd85234cbdb5) C:\Windows\System32\Drivers\U3sHlpDr.sys
2011/04/07 00:52:39.0749 4040 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/04/07 00:52:39.0827 4040 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/07 00:52:39.0968 4040 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/07 00:52:40.0030 4040 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/04/07 00:52:40.0139 4040 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/07 00:52:40.0202 4040 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/07 00:52:40.0264 4040 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/07 00:52:40.0451 4040 US122 (f0022b4a8c803d668dc80251214513af) C:\Windows\system32\Drivers\US122.sys
2011/04/07 00:52:40.0592 4040 US122DL (1d56be893dea1ff488de1495a59f71d5) C:\Windows\system32\Drivers\US122DL.sys
2011/04/07 00:52:40.0654 4040 Us122WdmService (560763d08a54a981a63f7bb6a27ab7b4) C:\Windows\system32\Drivers\US122Wdm.sys
2011/04/07 00:52:40.0763 4040 usbbus (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys
2011/04/07 00:52:40.0888 4040 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/07 00:52:40.0997 4040 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/07 00:52:41.0106 4040 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\Windows\system32\DRIVERS\lgusbdiag.sys
2011/04/07 00:52:41.0200 4040 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/07 00:52:41.0262 4040 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/07 00:52:41.0418 4040 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\Windows\system32\DRIVERS\lgusbmodem.sys
2011/04/07 00:52:41.0559 4040 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/07 00:52:41.0637 4040 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/07 00:52:41.0762 4040 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/07 00:52:41.0840 4040 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/07 00:52:41.0933 4040 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/07 00:52:42.0027 4040 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/04/07 00:52:42.0120 4040 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/07 00:52:42.0245 4040 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/07 00:52:42.0308 4040 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/04/07 00:52:42.0464 4040 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/04/07 00:52:42.0666 4040 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/07 00:52:42.0729 4040 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/07 00:52:42.0838 4040 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/07 00:52:43.0010 4040 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/07 00:52:43.0119 4040 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/04/07 00:52:43.0228 4040 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/07 00:52:43.0275 4040 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/07 00:52:43.0337 4040 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/07 00:52:43.0462 4040 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/07 00:52:43.0524 4040 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/07 00:52:43.0665 4040 winachsf (d0116c473ef3c381a42bb55036a1adb1) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/04/07 00:52:43.0852 4040 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/07 00:52:43.0977 4040 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/07 00:52:44.0102 4040 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/07 00:52:44.0211 4040 XAudio (22a08b9faecd6a306868f59b7f03f188) C:\Windows\system32\DRIVERS\XAudio32.sys
2011/04/07 00:52:44.0304 4040 ZSMC0305 (c53cb6b30e8d7fe6d950707508aacfb9) C:\Windows\system32\Drivers\usbVM305.sys
2011/04/07 00:52:44.0429 4040 ================================================================================
2011/04/07 00:52:44.0429 4040 Scan finished
2011/04/07 00:52:44.0429 4040 ================================================================================
2011/04/07 00:52:44.0445 1660 Detected object count: 1
2011/04/07 00:53:16.0877 1660 Locked file(sptd) - User select action: Skip
|
|
07.04.2011, 09:28
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner - Muss ich mein System neu aufsetzen? Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.04.2011, 22:10
| #15 |
| | Trojaner - Muss ich mein System neu aufsetzen? Hier das GMER-Log: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-10 23:07:17
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LV01
Running: ohrq306y.exe; Driver: C:\Users\TEMPLA~1.006\AppData\Local\Temp\axrcquod.sys
---- System - GMER 1.0.15 ----
INT 0x62 ? 86FC0BF8
INT 0x62 ? 86FC0BF8
INT 0x72 ? 86FC0BF8
INT 0x82 ? 86FC0BF8
INT 0x92 ? 8560BBF8
INT 0xA2 ? 84C7ABF8
INT 0xB2 ? 84C7ABF8
INT 0xB3 ? 86FC0BF8
---- Kernel code sections - GMER 1.0.15 ----
? System32\Drivers\spfr.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x88751000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8879A000, 0x510, 0x40000040]
.text USBPORT.SYS!DllUnload 8C32441B 5 Bytes JMP 86FC01D8
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068F6D6] \SystemRoot\System32\Drivers\spfr.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068F042] \SystemRoot\System32\Drivers\spfr.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068F800] \SystemRoot\System32\Drivers\spfr.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068F0C0] \SystemRoot\System32\Drivers\spfr.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068F13E] \SystemRoot\System32\Drivers\spfr.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8069EE9C] \SystemRoot\System32\Drivers\spfr.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8560E1F8
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
Device \Driver\netbt \Device\NetBT_Tcpip_{88596B77-9A1E-4661-BF4D-E89189BE81B1} 876E2500
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
Device \Driver\volmgr \Device\VolMgrControl 856091F8
Device \Driver\usbuhci \Device\USBPDO-0 86FEB500
Device \Driver\usbuhci \Device\USBPDO-1 86FEB500
Device \Driver\usbehci \Device\USBPDO-2 86FE51F8
Device \Driver\usbuhci \Device\USBPDO-3 86FEB500
Device \Driver\usbuhci \Device\USBPDO-4 86FEB500
Device \Driver\usbuhci \Device\USBPDO-5 86FEB500
Device \Driver\usbehci \Device\USBPDO-6 86FE51F8
Device \Driver\volmgr \Device\HarddiskVolume1 856091F8
Device \Driver\volmgr \Device\HarddiskVolume2 856091F8
Device \Driver\cdrom \Device\CdRom0 870A81F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8560C1F8
Device \Driver\iaStor \Device\Ide\iaStor0 [834D3580] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 8560C1F8
Device \Driver\atapi \Device\Ide\IdePort1 8560C1F8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [834D3580] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\volmgr \Device\HarddiskVolume3 856091F8
Device \Driver\netbt \Device\NetBT_Tcpip_{3BC9191F-B51C-4C5B-AEA6-495030A3294E} 876E2500
Device \Driver\netbt \Device\NetBt_Wins_Export 876E2500
Device \Driver\Smb \Device\NetbiosSmb 878D31F8
Device \Driver\iScsiPrt \Device\RaidPort0 870391F8
Device \Driver\usbuhci \Device\USBFDO-0 86FEB500
Device \Driver\usbuhci \Device\USBFDO-1 86FEB500
Device \Driver\usbehci \Device\USBFDO-2 86FE51F8
Device \Driver\usbuhci \Device\USBFDO-3 86FEB500
Device \Driver\usbuhci \Device\USBFDO-4 86FEB500
Device \Driver\usbuhci \Device\USBFDO-5 86FEB500
Device \Driver\usbehci \Device\USBFDO-6 86FE51F8
Device \FileSystem\cdfs \Cdfs 882021F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
---- EOF - GMER 1.0.15 ----
...und das OSAM-Logfile: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 23:34:54 on 10.04.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 3.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "TOSCDSPD.cpl" - "TOSHIBA" - C:\Windows\system32\TOSCDSPD.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\Martina\AppData\Local\Temp\catchme.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "U3sHlpDr" (U3sHlpDr) - ? - C:\Windows\System32\Drivers\U3sHlpDr.sys (File found, but it contains no detailed information) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll {67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll {EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll (File found, but it contains no detailed information) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe XCShInfo "{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A}" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\Windows\Downloaded Program Files\OberonGameHost.dll / hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10b.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} "@C:\Program Files\Windows Live\Companion\companionlang.dll,-600" - "Microsoft Corporation" - C:\Program Files\Windows Live\Companion\companioncore.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll "Amazon.de" - ? - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home (HTTP value) {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll "eBay - Der weltweite Online Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 (HTTP value) {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {9FDDE16B-836F-4806-AB1F-1455CBEFF289} "Windows Live Messenger Companion Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Companion\companioncore.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "IncrediMail" - "IncrediMail, Ltd." - C:\Program Files\IncrediMail\bin\IncMail.exe /c "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "TOSCDSPD" - "TOSHIBA" - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "AVMWlanClient" - "AVM Berlin GmbH" - C:\Program Files\avmwlanstick\FRITZWLANMini.exe "BrMfcWnd" - "Brother Industries, Ltd." - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN "ControlCenter3" - "Brother Industries, Ltd." - C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun "DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "HPDJ Taskbar Utility" - "HP" - C:\Windows\system32\spool\drivers\w32x86\3\hpztsb05.exe "IndexSearch" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "NDSTray.exe" - ? - NDSTray.exe (File not found) "PaperPort PTD" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" "PPort11reminder" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot "topi" - "TOSHIBA" - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup "Toshiba Registration" - "Toshiba" - C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "hpzlnt05" - "HP" - C:\Windows\system32\hpzlnt05.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "ConfigFree Service" (ConfigFree Service) - "TOSHIBA CORPORATION" - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "MotoConnect Service" (MotoConnect Service) - ? - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe (File found, but it contains no detailed information) "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "TOSHIBA Navi Support Service" (TNaviSrv) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe "TOSHIBA Optical Disc Drive Service" (TODDSrv) - "TOSHIBA Corporation" - C:\Windows\system32\TODDSrv.exe "TOSHIBA Power Saver" (TosCoSrv) - "TOSHIBA Corporation" - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe "TOSHIBA SMART Log Service" (TOSHIBA SMART Log Service) - "TOSHIBA Corporation" - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe "Ulead Burning Helper" (UleadBurningHelper) - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - ? - C:\Windows\system32\SVENSP~1.SCR (File found, but it contains no detailed information) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Schließlich hier der MBRCheck: Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Intel Corp.
BIOS Manufacturer: INSYDE
System Manufacturer: TOSHIBA
System Product Name: Satellite L300
Logical Drives Mask: 0x00000034
Kernel Drivers (total 153):
0x82214000 \SystemRoot\system32\ntkrnlpa.exe
0x825CE000 \SystemRoot\system32\hal.dll
0x8040C000 \SystemRoot\system32\kdcom.dll
0x80413000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80483000 \SystemRoot\system32\PSHED.dll
0x80494000 \SystemRoot\system32\BOOTVID.dll
0x8049C000 \SystemRoot\system32\CLFS.SYS
0x804DD000 \SystemRoot\system32\CI.dll
0x80605000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80681000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068E000 \SystemRoot\System32\Drivers\spsw.sys
0x8078F000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x80798000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8340C000 \SystemRoot\system32\drivers\acpi.sys
0x83452000 \SystemRoot\system32\drivers\msisadrv.sys
0x8345A000 \SystemRoot\system32\drivers\pci.sys
0x83481000 \SystemRoot\System32\drivers\partmgr.sys
0x83490000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x83493000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8349D000 \SystemRoot\system32\drivers\volmgr.sys
0x834AC000 \SystemRoot\System32\drivers\volmgrx.sys
0x834F6000 \SystemRoot\system32\drivers\intelide.sys
0x834FD000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8350B000 \SystemRoot\System32\drivers\mountmgr.sys
0x8351B000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x835E3000 \SystemRoot\system32\drivers\atapi.sys
0x807BE000 \SystemRoot\system32\drivers\ataport.SYS
0x835EB000 \SystemRoot\system32\drivers\msahci.sys
0x805BD000 \SystemRoot\system32\drivers\fltmgr.sys
0x807DC000 \SystemRoot\system32\drivers\fileinfo.sys
0x835F5000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x83602000 \SystemRoot\System32\Drivers\ksecdd.sys
0x83673000 \SystemRoot\system32\drivers\ndis.sys
0x8377E000 \SystemRoot\system32\drivers\msrpc.sys
0x837A9000 \SystemRoot\system32\drivers\NETIO.SYS
0x88400000 \SystemRoot\System32\drivers\tcpip.sys
0x884EA000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88602000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88712000 \SystemRoot\system32\drivers\volsnap.sys
0x8874B000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x88750000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
0x8879B000 \SystemRoot\System32\Drivers\spldr.sys
0x887A3000 \SystemRoot\System32\Drivers\mup.sys
0x887B2000 \SystemRoot\System32\drivers\ecache.sys
0x887D9000 \SystemRoot\system32\drivers\disk.sys
0x88505000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x887EA000 \SystemRoot\system32\drivers\crcdisk.sys
0x885EE000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x837E4000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x837ED000 \SystemRoot\system32\DRIVERS\FwLnk.sys
0x807EC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x885F9000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8C20E000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8C845000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C8E5000 \SystemRoot\System32\drivers\watchdog.sys
0x8C8F1000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8C8FC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8C93A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C949000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8CA0D000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8CA4E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8CA61000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8CA6C000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8CA9C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8CA9E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8CAA9000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x8CAAD000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8CAD0000 \SystemRoot\system32\DRIVERS\serscan.sys
0x8CAD8000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8CB07000 \SystemRoot\system32\DRIVERS\storport.sys
0x8CB48000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8CB53000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8CB6A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8CB75000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8CB98000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8CBA7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8CBBB000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8CBD0000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CBE0000 \SystemRoot\system32\DRIVERS\StarPortLite.sys
0x8CBF6000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C9D6000 \SystemRoot\system32\DRIVERS\ks.sys
0x8CA00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C200000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8D00F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8D044000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D200000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8D060000 \SystemRoot\system32\drivers\portcls.sys
0x8D08D000 \SystemRoot\system32\drivers\drmk.sys
0x8D0B2000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8D0EF000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8D607000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8D6BC000 \SystemRoot\system32\drivers\modem.sys
0x8D6C9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D6D2000 \SystemRoot\System32\Drivers\Null.SYS
0x8D6D9000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D6E0000 \SystemRoot\System32\drivers\vga.sys
0x8D6EC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D70D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D715000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D71D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D728000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D736000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D73F000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D755000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D769000 \SystemRoot\system32\drivers\afd.sys
0x8D7B1000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D7E3000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D3F5000 \SystemRoot\system32\DRIVERS\rtlprot.sys
0x8D1F1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D409000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D41C000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8D422000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D45E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D468000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D47F000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8D4A5000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8D4A7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8D4B0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8D4C0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8D4C7000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8D4CF000 \SystemRoot\system32\DRIVERS\RTL8187B.sys
0x8D51F000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8D52C000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x93860000 \SystemRoot\System32\win32k.sys
0x8D5F4000 \SystemRoot\System32\drivers\Dxapi.sys
0x8D000000 \SystemRoot\system32\DRIVERS\monitor.sys
0x93A80000 \SystemRoot\System32\TSDDD.dll
0x93AA0000 \SystemRoot\System32\cdd.dll
0x88526000 \SystemRoot\system32\drivers\luafv.sys
0x88541000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA9C01000 \SystemRoot\system32\drivers\spsys.sys
0xA9CB1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA9CC1000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA9CEB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9CF5000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA9D08000 \SystemRoot\system32\drivers\HTTP.sys
0xA9D75000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA9D92000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA9DAB000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA9DC0000 \SystemRoot\system32\drivers\mrxdav.sys
0xA9DE1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x88556000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8858F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x885A7000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAAE04000 \SystemRoot\System32\DRIVERS\srv.sys
0xAAE52000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAAE56000 \SystemRoot\system32\drivers\peauth.sys
0xAAF34000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAAF3E000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAAF4A000 \??\C:\Windows\System32\Drivers\U3sHlpDr.sys
0xAAF4C000 \SystemRoot\system32\DRIVERS\XAudio32.sys
0xAAF54000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77580000 \Windows\System32\ntdll.dll
Processes (total 88):
0 System Idle Process
4 System
520 C:\Windows\System32\smss.exe
588 csrss.exe
632 C:\Windows\System32\wininit.exe
644 csrss.exe
676 C:\Windows\System32\services.exe
688 C:\Windows\System32\lsass.exe
696 C:\Windows\System32\lsm.exe
784 C:\Windows\System32\winlogon.exe
892 C:\Windows\System32\svchost.exe
956 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
1000 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1160 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\svchost.exe
1304 C:\Windows\System32\audiodg.exe
1328 C:\Windows\System32\svchost.exe
1348 C:\Windows\System32\SLsvc.exe
1392 C:\Windows\System32\svchost.exe
1528 C:\Windows\System32\svchost.exe
1796 C:\Windows\System32\spoolsv.exe
1820 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1832 C:\Windows\System32\svchost.exe
348 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
404 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
528 C:\Windows\System32\svchost.exe
552 C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
512 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
900 C:\Windows\System32\svchost.exe
1548 C:\Windows\System32\svchost.exe
1656 C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
2040 C:\Windows\System32\TODDSrv.exe
1676 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
1364 C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
2072 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
2124 C:\Windows\System32\svchost.exe
2148 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2236 C:\Windows\System32\SearchIndexer.exe
2280 C:\Windows\System32\drivers\XAudio.exe
2292 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2992 C:\Windows\System32\taskeng.exe
3764 C:\Windows\System32\svchost.exe
3356 C:\Windows\System32\dwm.exe
3376 C:\Windows\System32\taskeng.exe
3432 C:\Windows\explorer.exe
1320 C:\Windows\System32\igfxtray.exe
1440 C:\Windows\System32\hkcmd.exe
3952 C:\Windows\System32\igfxpers.exe
3904 C:\Windows\RtHDVCpl.exe
4012 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3976 C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
4064 igfxsrvc.exe
3760 C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
3912 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
3876 C:\Windows\VM305_STI.exe
2856 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3604 C:\Program Files\avmwlanstick\FRITZWLANMini.exe
3696 C:\Windows\System32\spool\drivers\w32x86\3\hpztsb05.exe
3076 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1236 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
3804 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
2140 C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
1672 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
1652 C:\Program Files\Windows Sidebar\sidebar.exe
2004 C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
2800 C:\Windows\ehome\ehtray.exe
2208 C:\Program Files\IncrediMail\Bin\IncMail.exe
2764 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2780 C:\Program Files\Skype\Phone\Skype.exe
3320 C:\Program Files\Windows Media Player\wmpnscfg.exe
1324 C:\Program Files\OpenOffice.org 3\program\soffice.exe
2900 C:\Program Files\Windows Media Player\wmpnetwk.exe
3896 ehmsas.exe
3324 C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
3852 C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
864 C:\Program Files\OpenOffice.org 3\program\soffice.bin
4196 C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
4300 ImApp.exe
5232 C:\Program Files\Skype\Plugin Manager\skypePM.exe
6060 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2968 C:\Windows\System32\SearchProtocolHost.exe
4796 C:\Windows\System32\SearchFilterHost.exe
4048 dllhost.exe
3296 dllhost.exe
320 C:\Users\Martina_2\Desktop\MBRCheck.exe
5428 C:\Windows\System32\conime.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000025`9bf00000 (NTFS)
PhysicalDrive0 Model Number: TOSHIBAMK3252GSX, Rev: LV010M
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done!
Liebe Grüße, Martina Geändert von GreenGirl (10.04.2011 um 22:45 Uhr) |
|
| Themen zu Trojaner - Muss ich mein System neu aufsetzen? |
| adware.skymediapack, anti-malware, antivir, antworten, aufsetzen, code, dateien, explorer, frage, gen, girl, lan-kabel, malware gefunden, meldung, microsoft, neu, neu aufsetzen, neue, neuinstallation, passwörter, programm, router, software, system, system neu, system neu aufsetzen, trojaner, vista, windows, windows vista, zugriff |
Hybrid-Darstellung
