Trojaner-Board
Seite 1 von 5 1 23 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   unbekannter Virus, blockiert Antivir, MBAM, Otl etc. (https://www.trojaner-board.de/106537-unbekannter-virus-blockiert-antivir-mbam-otl-etc.html)

Larina 19.12.2011 11:08
unbekannter Virus, blockiert Antivir, MBAM, Otl etc.
 
Hallo,

meine Mutter hat sich irgendwas auf ihrem Laptop (OS: Windows Vista Home Basic, 32-bit) eingefangen und ich soll es nun beseitigen. Leider bin ich nicht wirklich gut in diesen Dingen und mit meinem Bemühungen bis jetzt gescheitert.
Angefangen hat alles mit der Fake-Meldung von der Bundespolizei und der 100€ Zahlungsaufforderung per UCash. Diese Erscheinung habe ich offensichtlich wegbekommen, indem ich eine exe-Datei im Temp Ordner gelöscht habe. Allerdings blieb die Begleiterscheinung, dass sämtliche Explorer (Firefox, IE, Chrome) ständig auf merkwürdige Seiten umleiten. Daraufhin wollte ich das System mit Avira Antivir scannen, allerdings stürzte der Scanvorgang schnell ab und ließ sich nicht wieder starten. Daraufhin habe ich MBAM installiert, aber auch das stürzte nach 2 Sekunden ab und jeder weitere Versuch es zu starten ergab die Fehlermeldung:
'Auf das angegebene Gerät, bzw. den Pfad oder die Datei kann nicht zugegriffen werden. Sie verfügen eventuell nicht über ausreichend Berechtigungen, um auf das Element zugreifen zu können.'
Genau dasselbe Verhalten legte der PC an den Tag, als ich es mit HiJackThis versucht habe.
Daraufhin habe ich dieses Forum gefunden und hoffe nun, dass mir hier jemand helfen kann...
Entsprechend der Anweisungen habe ich Defogger.exe ausgeführt, das war unproblematisch. Aber sowohl bei dem Versuch Otl.exe auszuführen als auch bei dem Versuch gmer auszuführen passierte dasselbe wie schon bei MBAM: nach wenigen Sekunden stürzte das jeweilige Programm ab und ließ sich dann mit entsprechender Fehlermeldung nicht mehr öffnen. (Bei MBAM habe ich es auch schon mit Umbenennung in firefox.exe versucht, was ebenfalls nichts gebracht hat...) Dementsprechend habe ich leider auch keine Logs.
Was kann ich noch tun, um Otl und Gmer ans Laufen zu kriegen? Oder welche anderen Analysetools sollte ich verwenden?

Vielen Dank schonmal für die Hilfe!
Grüße
Larina

Edit: Im abgesicherten Modus treten dieselben Fehlermeldungen auf.

Chris4You 19.12.2011 11:13
Hi,

das hört sich nicht gut an...

Probeier opb Du in den abgesicherten Modus (F8 beim Booten) kommt und da OTL ausführen kannst...

chris

Larina 19.12.2011 11:19
Wie bereits im Anfangspost editiert: Es kommt dieselbe Fehlermeldung vonwegen ich hab kein Zugriffsrecht...

Chris4You 19.12.2011 12:00
Hi,

kannst Du über einen anderen Account einsteigen?

Sonst bleibt nur noch von Rettungs-CD booten und den Rechner untrtsuchen lassen. Dazu ist es u. U. notwendig im Bios die Bootreihenfolge umzustellen
Bootreihenfolge ändern: Startreihenfolge im BIOS ändern

Antivir, Rescue-CD
Avira Support
Dort bitte das Rescue System sowie das update
dazu runterladen. Beim Start der Anwendung leere CD in den Brenner,
CD brennen lassen. Zweite CD brennen mit dem ausgepackten Update.
Von CD booten (Einstellung im BIOS vornehmen)...
Wenn nichts mehr geht - Avira bietet Rettungs-CD zum Download an - Antivirus & Antispyware - PC-WELT
oder
Dr. Web-Live-CD
Lade Dir das Abbild (Dr.Web CureIt! —) runter (jeweils die neuste Version, z. Z. http://download.geo.drweb.com/pub/dr...livecd-600.iso) und brenne es auf CD/DVD. Stelle dann im BIOS die Bootreihenfolge um (zuerst von CD booten), boote dann von der erstellten CD und starte Dr. Web Live CD (default). Lass dann alle Festplatten untersuchen...
Bei Funden bitte Name und Pfad notieren, bevor du sie von Dr. Web beseitigen lässt...
Weiter Anweisungen: Dr.Web CureIt! —

chris

Chris4You 19.12.2011 12:39
Hi,

mir ist doch noch was eingefallen, rkill...

Das killt alles, ev. erhältst Du dann Zugriff und kannst MAM oder OTL ausführen...

Lade Dir RKILL auf den Desktop (http://download.bleepingcomputer.com/grinler/rkill.exe (exe) oder http://download.bleepingcomputer.com/grinler/rkill.scr (scr)
  • Starte durch Doppelklick das Programm, WIN7/Vista-User als Admin ausführen (Rechtsklick und Admin)
  • Es öffnet sich ein Consolenfenster, nicht unternehmen
  • Nach erfolgreichem Lauf öffnet sich ein Fenster mit einem Log, das abkopieren und hier posten
  • Achtung: Falls sich von Scare/Fake-Ware ein Fenster öffnet und die Ausführung verhindern will, das Fenster stehen lassen und RKILL nochmal starten

chris

Larina 19.12.2011 13:58
Hi,

rkill habe ich gestern abend mal versucht, aber nach einer Laufzeit von ca einer Stunde stand da immer noch 'Terminating known malware processes. Please be patient.' (o.ä.), das kam mir verdächtig lang vor, deswegen habe ich es dann erstmal abgebrochen.
Im Moment lasse ich diese DrWebLiveCD laufen (seit 1 3/4 Stunden). Bis jetzt hat er 28 Bedrohungen gefunden. Wenn der Scan durch ist, poste ich die Ergebnisse.

Larina

Chris4You 19.12.2011 14:54
Hi,

Du solltest Dich (und Deine Mutter) wahrscheinlich seelisch und moralisch auf das Neuaufsetzen vorbereiten..
Aber schua-ma-mal...

chris

Larina 19.12.2011 15:18
Hi,

das habe ich zum Glück vorbeugend schonmal getan, ergo die wichtigsten Daten sind bereits auf einen Stick kopiert (wie gut, dass meine Mutter nur so wenig wichtige Dinge auf dem Pc hat ^^)

Larina

Larina 19.12.2011 22:27
Hi,

ich war gerade längere Zeit weg und hatte den Scan weiterlaufen lassen, als ich wiederkam und sehen wollte, ob er nun endlich fertig ist, musste ich feststellen, dass nur noch der grüne Bildschirmhintergrund zu sehen war und von dem Scan nichts mehr. Ist das normal? (Ich dachte nach dem Scan wartet das Programm auf weitere Anweisungen...)
Bis ich weggegangen bin, sah es wie folgt aus: 64 infizierte Dateien und einige (ich weiß nicht mehr wieviele) nicht scannbare Dateien. Hier die einzelnen Ergebnisse:
Code:
File -> details (action)
/win/D:/pagefile.sys -> file too large, skipped (contains an error)
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/011196e2.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/014a961e.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/1104c7cf.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/111def64.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/22cef180.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/354cbf23.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/4008a8be.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/44f5bdf9.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/4bdee396.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/4be9e367.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/5349c999.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/537ef694.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/5910a8b7.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/5da5c687.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/5dbcd021.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/674ad916.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/677de388.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/6d13aaa2.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/6d52bc57.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/Gisela/AppData/Local/fb0c32de/X -> infected with BackDoor.Maxplus.442
/win/D:/Dokumente und Einstellungen/Gisela/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/BBNXHQI8/Installer[1].exe -> archive NSIS (contains an error)
/win/D:/Dokumente und Einstellungen/Gisela/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/QTFCR0MO/2[1].exe -> infected with Backdoor.Maxplus.482
/win/D:/Dokumente und Einstellungen/Gisela/AppData/Local/Mozilla/Firefox/Profiles/cxtagmqf.default/Cache/1/35/024B8d01 -> infected with Exploit.PDF.2645
/win/D:/Dokumente und Einstellungen/Gisela/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/0/47346c40-4775eac5 -> infected with Trojan.Inject.59380
/win/D:/Dokumente und Einstellungen/Gisela/Downloads/avira_antivir_personal_de.exe -> archive RAR (contains an error)
/win/D:/Program Files/Avira/AntiVir Desktop/avguard.exe -> infected with Trojan.Starter.1695
/win/D:/Program Files/Avira/AntiVir Desktop/avshadow.exe -> infected with Trojan.Starter.1695
/win/D:/Program Files/Avira/AntiVir Desktop/update.exe -> infected with Trojan.Starter.1695
/win/D:/Program Files/Avira/AntiVir Desktop/sched.exe -> infected with Trojan.Starter.1695
/win/D:/Program Files/Cyberlink/Shared Files/RichVideo.exe -> infected with Trojan.Starter.1695
/win/D:/Program Files/DivX/DivX Plus Player/DPXPlugins/DPXDeviceManagerPlugin.dll -> packed by PECOMPACT (contains an error)
/win/D:/Program Files/DivX/DivX Plus Player/DPXPlugins/DPXDFXAudioPlugin.dll -> packed by PECOMPACT (contains an error)
/win/D:/Program Files/DivX/DivX Plus Player/DPXPlugins/DPXDownloadManagerPlugin.dll -> packed by PECOMPACT (contains an error)
/win/D:/Program Files/DivX/DivX Plus Player/DSEPlugins/DivXAACDecode.dll -> packed by PECOMPACT (contains an error)
/win/D:/Program Files/DivX/DivX Plus Player/DSEPlugins/DivXASPDecode.dll -> packed by PECOMPACT (contains an error)
/win/D:/Program Files/DivX/DivX Plus Player/DSEPlugins/DivXAVCDecode.dll -> packed by PECOMPACT (contains an error)
/win/D:/Program Files/DivX/DivX Plus Player/DSEPlugins/MP3SurroundDecode.dll -> packed by PECOMPACT (contains an error)
/win/D:/Program Files/DivX/DivX Plus Web Player/Stream Engine/DivXAACDecode.dll -> packed by PECOMPACT (contains an error)
/win/D:/Program Files/DivX/DivX Plus Web Player/Stream Engine/DivXASPDecode.dll -> packed by PECOMPACT (contains an error)
/win/D:/Program Files/DivX/DivX Plus Web Player/Stream Engine/DivXAVCDecode.dll -> packed by PECOMPACT (contains an error)
/win/D:/Program Files/DivX/DivX Plus Web Player/Stream Engine/MP3SurroundDecode.dll -> packed by PECOMPACT (contains an error)
/win/D:/Program Files/MiKTeX 2.7/scripts/pax/pax.jar -> archive ZIP (contains an error)
/win/D:/Program Files/TOSHIBA/ConfigFree/CFsvcs.exe -> infected with Trojan.Starter.1695
/win/D:/Program Files/TOSHIBA/TOSHIBA DVD PLAYER/TNaviSrv.exe -> infected with Trojan.Starter.1695
/win/D:/Program Files/Vodafone/Vodafone Mobile Connect/Bin/VMCService.exe -> infected with Trojan.Starter.1695
/win/D:/Program Files/ICQ6.5/Zip.dll -> archive CHM (contains an error)
/win/D:/Program Files/ICQ6.5/ConfigFiles/TopSearches.7z -> archive 7-ZIP (contains an error)
/win/D:/Program Files/ICQ6.5/ConfigFiles/TopSearchesDe.7z -> archive 7-ZIP (contains an error)
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/011196e2.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/014a961e.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/1104c7cf.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/111def64.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/All Users/Avira/AntiVir Desktop/INFECTED/22cef180.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/354cbf23.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/4008a8be.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/44f5bdf9.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/4bdee396.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/4be9e367.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/5349c999.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/537ef694.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/5910a8b7.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/5da5c687.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/5dbcd021.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/674ad916.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/677de388.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/6d13aaa2.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/6d52bc57.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Programme/Avira/AntiVir Desktop/avguard.exe -> infected with Trojan.Starter.1695
/win/D:/Programme/Avira/AntiVir Desktop/avshadow.exe -> infected with Trojan.Starter.1695
/win/D:/Programme/Avira/AntiVir Desktop/update.exe -> infected with Trojan.Starter.1695
/win/D:/Programme/Avira/AntiVir Desktop/sched.exe -> infected with Trojan.Starter.1695
/win/D:/Programme/Cyberlink/Shared Files/RichVideo.exe -> infected with Trojan.Starter.1695
/win/D:/Programme/DivX/DivX Plus Player/DPXPlugins/DPXDeviceManagerPlugin.dll -> packed by PECOMPACT (contains an error)
/win/D:/Programme/DivX/DivX Plus Player/DPXPlugins/DPXDFXAudioPlugin.dll -> packed by PECOMPACT (contains an error)
/win/D:/Programme/DivX/DivX Plus Player/DPXPlugins/DPXDownloadManagerPlugin.dll -> packed by PECOMPACT (contains an error)
/win/D:/Programme/DivX/DivX Plus Player/DSEPlugins/DivXAACDecode.dll -> packed by PECOMPACT (contains an error)
/win/D:/Programme/DivX/DivX Plus Player/DSEPlugins/DivXASPDecode.dll -> packed by PECOMPACT (contains an error)
/win/D:/Programme/DivX/DivX Plus Player/DSEPlugins/DivXAVCDecode.dll -> packed by PECOMPACT (contains an error)
/win/D:/Programme/DivX/DivX Plus Player/DSEPlugins/MP3SurroundDecode.dll -> packed by PECOMPACT (contains an error)
/win/D:/Programme/DivX/DivX Plus Web Player/Stream Engine/DivXAACDecode.dll -> packed by PECOMPACT (contains an error)
/win/D:/Programme/DivX/DivX Plus Web Player/Stream Engine/DivXASPDecode.dll -> packed by PECOMPACT (contains an error)
/win/D:/Programme/DivX/DivX Plus Web Player/Stream Engine/DivXAVCDecode.dll -> packed by PECOMPACT (contains an error)
/win/D:/Programme/DivX/DivX Plus Web Player/Stream Engine/MP3SurroundDecode.dll -> packed by PECOMPACT (contains an error)
/win/D:/Programme/MiKTeX 2.7/scripts/pax/pax.jar -> archive ZIP (contains an error)
/win/D:/Programme/TOSHIBA/ConfigFree/CFsvcs.exe -> infected with Trojan.Starter.1695
/win/D:/Programme/TOSHIBA/TOSHIBA DVD PLAYER/TNaviSrv.exe -> infected with Trojan.Starter.1695
/win/D:/Programme/Vodafone/Vodafone Mobile Connect/Bin/VMCService.exe -> infected with Trojan.Starter.1695
/win/D:/Programme/ICQ6.5/Zip.dll -> archive CHM (contains an error)
/win/D:/Programme/ICQ6.5/ConfigFiles/TopSearches.7z -> archive 7-ZIP (contains an error)
/win/D:/Programme/ICQ6.5/ConfigFiles/TopSearchesDe.7z -> archive 7-ZIP (contains an error)
/win/D:/Users/Gisela/AppData/Local/fb0c32de/X -> infected with BackDoor.Maxplus.442
/win/D:/Users/Gisela/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/BBNXHQI8/Installer[1].exe -> archive NSIS (contains an error)
/win/D:/Users/Gisela/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/QTFCR0MO/2[1].exe -> infected with Backdoor.Maxplus.482
/win/D:/Users/Gisela/AppData/Local/Mozilla/Firefox/Profiles/cxtagmqf.default/Cache/1/35/024B8d01 -> infected with Exploit.PDF.2645
/win/D:/Users/Gisela/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/0/47346c40-4775eac5 -> infected with Trojan.Inject.59380
Larina

Chris4You 20.12.2011 07:27
Hi,

das sieht nicht gut aus, Du solltet Neuaufsetzen...
Über eine Exploit hat sich ein Backdoor eingeschlichen...
/win/D:/Dokumente und Einstellungen/Gisela/AppData/Local/fb0c32de/X -> infected with BackDoor.Maxplus.442

Wir können och versuchen über OTLPE was rauszubekommen...
System mit OTL-PE scannen

Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop.
Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
Lege eine leere CD in Deinen Brenner.
ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
Du kannst nun die Fenster des Brennprogramms schließen.

Starte das unbootbare System neu und boote von der CD, die Du gerade erstellt hast.
Anmerkung: Wenn Du nicht weißt, wie Du Deinen Computer dazu bringst, von CD zu booten, dann folge diesen Schritten hierInstallation: Wie boote ich Windows von der CD?.
Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
Mache einen Doppelklick auf das OTLPE Icon.
Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
OTLpe sollte nun starten.



http://image.hijackthis.de/upload/hjt1-034.jpg

Drücke Run Scan, um den Scan zu starten.
Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt gesichert und mit Notepad++ geöffnet.
Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt in diesen Thread.



chris

Larina 20.12.2011 09:01
Hi,

ich habe inzwischen die Ergebnisse des Scans doch gefunden und die Bedrohungen beheben lassen (DrWeb sagte: Alle behoben). Daraufhin habe ich das System neu gestartet und versucht Otl.exe auszuführen, was allerdings erneut nicht ging. Dann habe ich mit DrWeb neu gescannt und nach kurzer Zeit die Ergebnisse
/win/D:/Dokumente und Einstellungen/Gisela/AppData/Local/fb0c32de/X.# -> infected with BackDoor.Maxplus.442
/win/D:/Dokumente und Einstellungen/Gisela/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/QTFCR0MO/2[1].#xe -> infected with Backdoor.Maxplus.482
/win/D:/Dokumente und Einstellungen/Gisela/AppData/Local/Mozilla/Firefox/Profiles/cxtagmqf.default/Cache/1/35/024B8d01.# -> infected with Exploit.PDF.2645
erhalten. Daraufhin habe ich das abgebrochen.
Entsprechend deinem letzten Post habe ich jetzt Otl Network gestartet. Er hat mich nicht nach der remote registry gefragt, dafür aber nach dem Windows-Ordner (Ich hab C:\Windows angegeben).
Hier also die Ergebnisse:
OTL.txt
OTL Logfile:
Code:
OTL logfile created on: 12/20/2011 8:47:00 AM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Basic Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.37 Gb Total Space | 35.39 Gb Free Space | 47.59% Space Free | Partition Type: NTFS
Drive D: | 73.21 Gb Total Space | 68.06 Gb Free Space | 92.95% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (VMCService)
SRV - File not found [Auto] --  -- (TNaviSrv)
SRV - File not found [Auto] --  -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - File not found [Auto] --  -- (ConfigFree Service)
SRV - File not found [Auto] --  -- (AntiVirService)
SRV - File not found [Auto] --  -- (AntiVirSchedulerService)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/04/16 08:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2011/12/20 01:56:30 | 000,000,000 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\3727822075 -- (fb0c32de)
DRV - [2011/07/01 02:57:35 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/01 02:57:35 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/11/08 17:29:17 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/05/11 04:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/10 23:39:17 | 000,067,072 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\cdrom.sys -- (cdrom)
DRV - [2009/02/13 04:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/09/02 08:03:54 | 000,168,704 | ---- | M] (10moons Technologies Co.,Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tridvid.sys -- (TridVid)
DRV - [2008/07/18 11:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/05/19 13:42:56 | 000,912,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/28 09:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/04/15 03:05:08 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/03/17 04:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/11/09 07:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/17 15:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/20 07:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/02 02:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/10/18 04:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Gisela_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKU\Gisela_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/skins/
IE - HKU\Gisela_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Gisela_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\Gisela_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\Gisela_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http:gmx.de"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.1
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: 
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/02 13:50:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/24 05:42:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/31 14:26:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\web@veoh.com: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009/06/05 07:41:37 | 000,000,000 | ---D | M]
 
[2010/10/06 03:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gisela\AppData\Roaming\Mozilla\Extensions
[2010/10/06 03:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gisela\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/12/14 17:15:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\extensions
[2010/08/20 12:22:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/13 14:23:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/21 13:51:55 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/01/08 14:18:42 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\extensions\searchrecs@veoh.com
[2011/12/16 13:48:39 | 000,000,950 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-1.xml
[2010/09/18 09:28:47 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-10.xml
[2010/10/25 07:25:07 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-11.xml
[2010/11/03 05:45:10 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-12.xml
[2010/12/11 11:12:37 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-13.xml
[2011/03/28 03:35:32 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-14.xml
[2011/04/24 05:42:27 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-15.xml
[2010/01/11 15:37:52 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-2.xml
[2010/02/20 03:26:43 | 000,000,954 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-3.xml
[2010/03/15 14:28:39 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-4.xml
[2010/03/24 15:12:49 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-5.xml
[2010/04/03 14:41:47 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-6.xml
[2010/07/01 03:19:36 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-7.xml
[2010/07/26 16:47:08 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-8.xml
[2010/09/09 14:30:39 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-9.xml
[2009/12/16 15:52:45 | 000,000,944 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin.xml
[2011/12/17 04:06:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/10 13:46:49 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011/12/17 04:06:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\GISELA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CXTAGMQF.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\GISELA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CXTAGMQF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/12/02 13:50:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/09 23:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/02 13:50:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/12/02 13:50:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/02 13:50:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/12/02 13:50:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/12/02 13:50:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/12/02 13:50:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [cfFncEnabler.exe]  File not found
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [jswtrayutil]  File not found
O4 - HKLM..\Run: [NDSTray.exe]  File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\Gisela_ON_C..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -  File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{001a1a62-8b4b-11de-a467-001e339f7ce2}\Shell - "" = AutoRun
O33 - MountPoints2\{001a1a62-8b4b-11de-a467-001e339f7ce2}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{1e061b24-8e80-11de-9ff2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1e061b24-8e80-11de-9ff2-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{2cf454e6-8c22-11de-a058-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2cf454e6-8c22-11de-a058-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{5cbd67fb-ccb6-11de-bba6-85b1694fd61f}\Shell - "" = AutoRun
O33 - MountPoints2\{5cbd67fb-ccb6-11de-bba6-85b1694fd61f}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{787d7a76-8b49-11de-a3d8-001e339f7ce2}\Shell - "" = AutoRun
O33 - MountPoints2\{787d7a76-8b49-11de-a3d8-001e339f7ce2}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\Windows\System32\drivers\
File not found -- C:\Windows\System32\
[2011/12/17 04:41:11 | 000,000,000 | ---D | C] -- C:\Users\Gisela\AppData\Roaming\QuickScan
[2011/12/17 04:20:18 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/12/17 04:20:09 | 000,000,000 | ---D | C] -- C:\Users\Gisela\AppData\Roaming\Malwarebytes
[2011/12/17 04:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/17 04:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/17 04:20:02 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/17 04:20:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/17 04:06:46 | 000,000,000 | ---D | C] -- C:\Users\Gisela\AppData\Roaming\Avira
[2011/12/17 04:06:30 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/12/17 04:06:30 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/12/17 04:06:29 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/12/17 02:59:57 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/12/17 02:56:30 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/12/16 16:53:24 | 000,000,000 | -HSD | C] -- C:\Users\Gisela\AppData\Local\fb0c32de
[2011/12/16 13:47:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/16 13:47:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/16 13:47:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/16 13:47:01 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/16 13:47:01 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/12/16 13:47:00 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/16 13:46:56 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/15 06:07:00 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/15 06:06:59 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/15 06:06:58 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/15 06:06:56 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/15 06:06:55 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/15 06:06:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/09 13:23:51 | 000,000,000 | ---D | C] -- C:\Users\Gisela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GeoGebra 4
[2011/12/04 15:18:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/12/02 14:36:47 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/12/02 14:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011/12/02 14:36:26 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\System32\drivers\
File not found -- C:\Windows\System32\
[2011/12/20 02:03:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/20 02:02:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/20 02:02:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/20 02:02:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011/12/20 02:02:51 | 001,694,194 | -H-- | M] () -- C:\Users\Gisela\AppData\Local\IconCache.db
[2011/12/20 02:00:47 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2011/12/20 02:00:47 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/12/20 02:00:47 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/20 02:00:47 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/12/20 02:00:47 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/20 01:56:50 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/20 01:56:30 | 000,000,000 | ---- | M] () -- C:\Windows\3727822075
[2011/12/20 01:56:26 | 2009,075,712 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/19 04:37:58 | 000,302,592 | ---- | M] () -- C:\Users\Gisela\Desktop\4oxrfg5s.exe
[2011/12/19 04:36:38 | 000,584,192 | ---- | M] () -- C:\Users\Gisela\Desktop\OTL.exe
[2011/12/19 04:36:38 | 000,584,192 | ---- | M] () -- C:\Users\Gisela\Desktop\OTL (2).exe
[2011/12/19 04:36:20 | 000,050,477 | ---- | M] () -- C:\Users\Gisela\Desktop\Defogger.exe
[2011/12/18 16:31:22 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/18 16:02:48 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/12/18 15:57:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/18 15:32:53 | 000,020,992 | ---- | M] () -- C:\Users\Gisela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/18 09:53:26 | 000,001,356 | ---- | M] () -- C:\Users\Gisela\AppData\Local\d3d9caps.dat
[2011/12/18 09:01:17 | 195,131,308 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/17 05:57:16 | 000,388,608 | ---- | M] () -- C:\Users\Gisela\Desktop\HiJackThis204.exe
[2011/12/17 03:57:52 | 000,048,016 | -HS- | M] () -- C:\Windows\System32\c_16283.nl_
[2011/12/17 03:20:07 | 307,472,120 | ---- | M] () -- C:\Users\Gisela\Documents\17122011.reg
[2011/12/16 17:28:11 | 000,366,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/12 03:18:11 | 000,013,033 | ---- | M] () -- C:\Users\Gisela\Documents\Kopischke.odt
[2011/12/09 13:23:51 | 000,001,891 | ---- | M] () -- C:\Users\Gisela\Desktop\GeoGebra 4.lnk
[2011/12/04 15:18:42 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/12/04 15:18:42 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2011/12/04 15:18:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/12/02 14:36:47 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/26 17:31:01 | 000,041,395 | ---- | M] () -- C:\Users\Gisela\Documents\Wendy Gutachter.odt
[2011/11/23 08:37:27 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/12/20 02:02:51 | 001,694,194 | -H-- | C] () -- C:\Users\Gisela\AppData\Local\IconCache.db
[2011/12/20 02:01:43 | 000,584,192 | ---- | C] () -- C:\Users\Gisela\Desktop\OTL (2).exe
[2011/12/20 01:56:26 | 2009,075,712 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/19 04:49:45 | 000,302,592 | ---- | C] () -- C:\Users\Gisela\Desktop\4oxrfg5s.exe
[2011/12/19 04:43:12 | 000,584,192 | ---- | C] () -- C:\Users\Gisela\Desktop\OTL.exe
[2011/12/19 04:39:15 | 000,050,477 | ---- | C] () -- C:\Users\Gisela\Desktop\Defogger.exe
[2011/12/18 08:52:14 | 000,388,608 | ---- | C] () -- C:\Users\Gisela\Desktop\HiJackThis204.exe
[2011/12/17 03:58:38 | 000,000,000 | ---- | C] () -- C:\Windows\3727822075
[2011/12/17 03:57:52 | 000,048,016 | -HS- | C] () -- C:\Windows\System32\c_16283.nl_
[2011/12/17 03:19:38 | 307,472,120 | ---- | C] () -- C:\Users\Gisela\Documents\17122011.reg
[2011/12/16 17:25:14 | 195,131,308 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/09 13:23:51 | 000,001,891 | ---- | C] () -- C:\Users\Gisela\Desktop\GeoGebra 4.lnk
[2011/12/02 14:36:28 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/09/02 13:07:58 | 000,000,229 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010/09/02 13:07:58 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010/09/02 13:07:35 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/09/02 13:07:35 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010/09/02 13:07:13 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2010/09/02 13:06:46 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2010/09/02 13:02:41 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2010/01/14 16:17:27 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/01/14 16:17:27 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/01/14 16:17:27 | 000,008,704 | ---- | C] () -- C:\Windows\System32\vidccleaner.exe
[2009/10/30 16:15:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/09/11 14:20:36 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/11 14:20:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/11 14:19:56 | 000,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll
[2009/09/11 14:19:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/09/11 14:18:53 | 000,067,072 | ---- | C] () -- C:\Windows\System32\drivers\cdrom.sys
[2009/08/28 10:28:14 | 000,001,356 | ---- | C] () -- C:\Users\Gisela\AppData\Local\d3d9caps.dat
[2009/06/11 04:46:44 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll
[2009/06/11 04:46:43 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll
[2009/06/11 04:46:43 | 000,040,960 | ---- | C] () -- C:\Windows\System32\maplec.dll
[2009/05/06 12:03:37 | 000,020,992 | ---- | C] () -- C:\Users\Gisela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/09 06:00:58 | 000,028,672 | ---- | C] () -- C:\Windows\System32\VendorCmdRW.dll
[2009/03/30 06:22:41 | 000,102,776 | ---- | C] () -- C:\Users\Gisela\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/03/30 05:17:26 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009/03/30 05:17:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009/03/30 05:17:26 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009/03/30 05:17:26 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/08/13 06:59:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/08/13 06:59:34 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/08/13 06:59:34 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/08/13 06:59:34 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/08/13 06:59:34 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/08/13 06:59:34 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/08/13 06:51:12 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/13 06:36:31 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/08/13 06:36:30 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/08/13 06:36:29 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/08/13 06:36:27 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/08/13 05:51:33 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/06/23 06:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008/05/23 10:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
[2008/04/21 18:46:28 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/04/21 18:45:02 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/01/21 03:21:48 | 001,418,806 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2008/01/21 03:21:25 | 000,618,442 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 03:21:25 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 03:21:25 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 03:21:25 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/01/20 21:34:22 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 000,366,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:51 | 000,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 07:35:51 | 000,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:35:51 | 000,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:35:51 | 000,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:33:57 | 000,197,632 | ---- | C] () -- C:\Windows\System32\ir32_32.dll
[2006/11/02 05:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:24:31 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2006/11/02 05:23:31 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 05:23:31 | 000,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 02:10:37 | 000,053,536 | ---- | C] () -- C:\Windows\System32\dosx.exe
[2006/11/02 02:10:02 | 000,000,718 | ---- | C] () -- C:\Windows\System32\mscdexnt.exe
[2006/11/02 02:10:00 | 000,002,842 | ---- | C] () -- C:\Windows\System32\redir.exe
[2006/11/02 02:09:59 | 000,069,886 | ---- | C] () -- C:\Windows\System32\edit.com
[2006/11/02 02:09:59 | 000,019,694 | ---- | C] () -- C:\Windows\System32\GRAPHICS.COM
[2006/11/02 02:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\share.exe
[2006/11/02 02:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\fastopen.exe
[2006/11/02 02:09:57 | 000,014,710 | ---- | C] () -- C:\Windows\System32\KB16.COM
[2006/11/02 02:09:56 | 000,007,052 | ---- | C] () -- C:\Windows\System32\nlsfunc.exe
[2006/11/02 02:09:55 | 000,039,274 | ---- | C] () -- C:\Windows\System32\mem.exe
[2006/11/02 02:09:55 | 000,001,131 | ---- | C] () -- C:\Windows\System32\LOADFIX.COM
[2006/11/02 02:09:53 | 000,011,753 | ---- | C] () -- C:\Windows\System32\setver.exe
[2006/11/02 02:09:52 | 000,020,634 | ---- | C] () -- C:\Windows\System32\debug.exe
[2006/11/02 02:09:51 | 000,008,424 | ---- | C] () -- C:\Windows\System32\exe2bin.exe
[2006/11/02 02:09:50 | 000,012,642 | ---- | C] () -- C:\Windows\System32\edlin.exe
[2006/11/02 02:09:49 | 000,050,648 | ---- | C] () -- C:\Windows\System32\COMMAND.COM
[2006/11/02 02:09:49 | 000,012,498 | ---- | C] () -- C:\Windows\System32\append.exe
[2006/11/02 02:09:45 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys
[2006/11/02 02:09:44 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 02:09:44 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 02:09:42 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS
[2006/11/02 02:09:41 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 02:09:40 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 02:09:38 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 02:09:35 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 02:09:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 02:09:29 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 02:09:26 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 02:09:24 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 02:09:23 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 02:09:22 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS
[2006/11/02 02:09:20 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 01:25:08 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll
 
========== LOP Check ==========
 
[2009/11/08 17:29:02 | 000,000,000 | ---D | M] -- C:\Users\Gisela\AppData\Roaming\DAEMON Tools Pro
[2010/01/30 17:07:27 | 000,000,000 | ---D | M] -- C:\Users\Gisela\AppData\Roaming\DynaGeo
[2011/07/12 16:20:18 | 000,000,000 | ---D | M] -- C:\Users\Gisela\AppData\Roaming\ICQ
[2009/06/13 11:56:21 | 000,000,000 | ---D | M] -- C:\Users\Gisela\AppData\Roaming\OpenOffice.org
[2010/07/04 10:50:26 | 000,000,000 | ---D | M] -- C:\Users\Gisela\AppData\Roaming\PhotoScape
[2011/12/17 04:48:44 | 000,000,000 | ---D | M] -- C:\Users\Gisela\AppData\Roaming\QuickScan
[2011/10/07 13:23:17 | 000,000,000 | ---D | M] -- C:\Users\Gisela\AppData\Roaming\ScanSoft
[2010/10/06 03:18:30 | 000,000,000 | ---D | M] -- C:\Users\Gisela\AppData\Roaming\Thunderbird
[2009/03/30 08:09:58 | 000,000,000 | ---D | M] -- C:\Users\Gisela\AppData\Roaming\Toshiba
[2009/08/17 11:36:56 | 000,000,000 | ---D | M] -- C:\Users\Gisela\AppData\Roaming\Vodafone
[2009/03/30 06:19:07 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 07:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2009/11/08 17:33:15 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Pro
[2006/11/02 07:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 07:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/03/30 06:19:07 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2009/03/30 06:19:07 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 07:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009/11/10 13:46:50 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2010/09/02 13:02:39 | 000,000,000 | ---D | M] -- C:\ProgramData\ScanSoft
[2006/11/02 07:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/03/30 06:19:07 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/04/09 06:19:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2006/11/02 07:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2009/03/30 05:17:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Toshiba
[2009/03/30 06:22:44 | 000,000,000 | ---D | M] -- C:\ProgramData\ToshibaEurope
[2008/08/13 06:58:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2009/08/17 11:36:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Vodafone
[2009/03/30 06:19:07 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011/12/20 02:02:55 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 816 bytes -> C:\Windows\3727822075:83086625.exe
< End of report >
--- --- ---

Extra.txt
OTL Logfile:
Code:
OTL Extras logfile created on: 12/20/2011 8:47:00 AM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Basic Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.37 Gb Total Space | 35.39 Gb Free Space | 47.59% Space Free | Partition Type: NTFS
Drive D: | 73.21 Gb Total Space | 68.06 Gb Free Space | 92.95% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome ()
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 ()
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 ()
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" ()
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 30
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite MFC-250C
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{5782EFD2-603D-4AFA-87EF-7CB54044839C}" = Winfunktion Mathematik plus 17
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A80AC620-12FA-11D5-B287-0050DA4BBA2C}" = Riding Star
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow!
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX-Setup
"DynaGeo_is1" = DynaGeo 3.1f
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ICQToolbar" = ICQ Toolbar
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Maple 12" = Maple 12
"Maxima-5.19.2_is1" = Maxima 5.19.2
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiKTeX 2.7" = MiKTeX 2.7
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"myphotobook" = myphotobook 3.6
"NSS" = Norton Security Scan
"PhotoScape" = PhotoScape
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeXnicCenter_is1" = TeXnicCenter Version 1 Beta 7.50
"Uninstall_is1" = Uninstall 1.0.0.1
"Veoh Web Player Beta" = Veoh Web Player
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 0.9.9
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR
"YTdetect" = Yahoo! Detect
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Gisela_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GeoGebra 4" = GeoGebra 4
 
< End of report >
--- --- ---


Larina

Chris4You 20.12.2011 09:26
Hi,

folgendes file auf usb-stick kopieren und wiedermit OLTPE starten und dann fixen lassen:

Script auf CD oder USB-Stick kopieren, OTL starten und wie folgt vorgehen...
(abgesicherter Modus mit Eingabeaufforderung OTL starten dann notepad aufrufen, Script laden und Inhalt der Codebox wie u. beschrieben in OTL kopieren)
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:

:OTL
DRV - [2011/12/20 01:56:30 | 000,000,000 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\3727822075 -- (fb0c32de)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O33 - MountPoints2\{001a1a62-8b4b-11de-a467-001e339f7ce2}\Shell - "" = AutoRun
O33 - MountPoints2\{001a1a62-8b4b-11de-a467-001e339f7ce2}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{1e061b24-8e80-11de-9ff2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1e061b24-8e80-11de-9ff2-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{2cf454e6-8c22-11de-a058-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2cf454e6-8c22-11de-a058-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{5cbd67fb-ccb6-11de-bba6-85b1694fd61f}\Shell - "" = AutoRun
O33 - MountPoints2\{5cbd67fb-ccb6-11de-bba6-85b1694fd61f}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{787d7a76-8b49-11de-a3d8-001e339f7ce2}\Shell - "" = AutoRun
O33 - MountPoints2\{787d7a76-8b49-11de-a3d8-001e339f7ce2}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
[2011/12/16 16:53:24 | 000,000,000 | -HSD | C] -- C:\Users\Gisela\AppData\Local\fb0c32de
[2011/12/17 02:59:57 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
@Alternate Data Stream - 816 bytes -> C:\Windows\3727822075:83086625.exe
[2011/12/17 03:58:38 | 000,000,000 | ---- | C] () -- C:\Windows\3727822075
[2011/12/17 03:57:52 | 000,048,016 | -HS- | C] () -- C:\Windows\System32\c_16283.nl_

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = dword:0x00

:Commands
[emptytemp]
[EMPTYFLASH]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Wenn möglich, danach (ohne Internetverbindung) gleich MAM ausführen und Fullscan...

chris

Larina 20.12.2011 10:07
Hi,

ich habe den Code in Custom Scans/Fixes eingefügt und auf Run Fix geklickt. Hat er wohl auch gemacht und dann kam die Aufforderung zum Reboot. Ich habe auf Yes geklickt, aber seitdem hat sich nichts mehr getan...(insbesondere kein Reboot)

Larina

Chris4You 20.12.2011 10:21
Hi,

probiere den Reboot "per Hand"...

chris

Larina 20.12.2011 10:30
Hi,

der Bildschirm ist seit einigen Minuten gräulich und das Fenster mit 'Shut down Windows' ist immer noch da...ergo es tut sich auch hier nichts (auf Cancel gehen geht auch nicht...)

Larina


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:42 Uhr.
Seite 1 von 5 1 23 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131