Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   unbekannter Virus, blockiert Antivir, MBAM, Otl etc. (https://www.trojaner-board.de/106537-unbekannter-virus-blockiert-antivir-mbam-otl-etc.html)

Larina 19.12.2011 11:08
unbekannter Virus, blockiert Antivir, MBAM, Otl etc.
 
Hallo,

meine Mutter hat sich irgendwas auf ihrem Laptop (OS: Windows Vista Home Basic, 32-bit) eingefangen und ich soll es nun beseitigen. Leider bin ich nicht wirklich gut in diesen Dingen und mit meinem Bemühungen bis jetzt gescheitert.
Angefangen hat alles mit der Fake-Meldung von der Bundespolizei und der 100€ Zahlungsaufforderung per UCash. Diese Erscheinung habe ich offensichtlich wegbekommen, indem ich eine exe-Datei im Temp Ordner gelöscht habe. Allerdings blieb die Begleiterscheinung, dass sämtliche Explorer (Firefox, IE, Chrome) ständig auf merkwürdige Seiten umleiten. Daraufhin wollte ich das System mit Avira Antivir scannen, allerdings stürzte der Scanvorgang schnell ab und ließ sich nicht wieder starten. Daraufhin habe ich MBAM installiert, aber auch das stürzte nach 2 Sekunden ab und jeder weitere Versuch es zu starten ergab die Fehlermeldung:
'Auf das angegebene Gerät, bzw. den Pfad oder die Datei kann nicht zugegriffen werden. Sie verfügen eventuell nicht über ausreichend Berechtigungen, um auf das Element zugreifen zu können.'
Genau dasselbe Verhalten legte der PC an den Tag, als ich es mit HiJackThis versucht habe.
Daraufhin habe ich dieses Forum gefunden und hoffe nun, dass mir hier jemand helfen kann...
Entsprechend der Anweisungen habe ich Defogger.exe ausgeführt, das war unproblematisch. Aber sowohl bei dem Versuch Otl.exe auszuführen als auch bei dem Versuch gmer auszuführen passierte dasselbe wie schon bei MBAM: nach wenigen Sekunden stürzte das jeweilige Programm ab und ließ sich dann mit entsprechender Fehlermeldung nicht mehr öffnen. (Bei MBAM habe ich es auch schon mit Umbenennung in firefox.exe versucht, was ebenfalls nichts gebracht hat...) Dementsprechend habe ich leider auch keine Logs.
Was kann ich noch tun, um Otl und Gmer ans Laufen zu kriegen? Oder welche anderen Analysetools sollte ich verwenden?

Vielen Dank schonmal für die Hilfe!
Grüße
Larina

Edit: Im abgesicherten Modus treten dieselben Fehlermeldungen auf.

Chris4You 19.12.2011 11:13
Hi,

das hört sich nicht gut an...

Probeier opb Du in den abgesicherten Modus (F8 beim Booten) kommt und da OTL ausführen kannst...

chris

Larina 19.12.2011 11:19
Wie bereits im Anfangspost editiert: Es kommt dieselbe Fehlermeldung vonwegen ich hab kein Zugriffsrecht...

Chris4You 19.12.2011 12:00
Hi,

kannst Du über einen anderen Account einsteigen?

Sonst bleibt nur noch von Rettungs-CD booten und den Rechner untrtsuchen lassen. Dazu ist es u. U. notwendig im Bios die Bootreihenfolge umzustellen
Bootreihenfolge ändern: Startreihenfolge im BIOS ändern

Antivir, Rescue-CD
Avira Support
Dort bitte das Rescue System sowie das update
dazu runterladen. Beim Start der Anwendung leere CD in den Brenner,
CD brennen lassen. Zweite CD brennen mit dem ausgepackten Update.
Von CD booten (Einstellung im BIOS vornehmen)...
Wenn nichts mehr geht - Avira bietet Rettungs-CD zum Download an - Antivirus & Antispyware - PC-WELT
oder
Dr. Web-Live-CD
Lade Dir das Abbild (Dr.Web CureIt! —) runter (jeweils die neuste Version, z. Z. http://download.geo.drweb.com/pub/dr...livecd-600.iso) und brenne es auf CD/DVD. Stelle dann im BIOS die Bootreihenfolge um (zuerst von CD booten), boote dann von der erstellten CD und starte Dr. Web Live CD (default). Lass dann alle Festplatten untersuchen...
Bei Funden bitte Name und Pfad notieren, bevor du sie von Dr. Web beseitigen lässt...
Weiter Anweisungen: Dr.Web CureIt! —

chris

Chris4You 19.12.2011 12:39
Hi,

mir ist doch noch was eingefallen, rkill...

Das killt alles, ev. erhältst Du dann Zugriff und kannst MAM oder OTL ausführen...

Lade Dir RKILL auf den Desktop (http://download.bleepingcomputer.com/grinler/rkill.exe (exe) oder http://download.bleepingcomputer.com/grinler/rkill.scr (scr)
  • Starte durch Doppelklick das Programm, WIN7/Vista-User als Admin ausführen (Rechtsklick und Admin)
  • Es öffnet sich ein Consolenfenster, nicht unternehmen
  • Nach erfolgreichem Lauf öffnet sich ein Fenster mit einem Log, das abkopieren und hier posten
  • Achtung: Falls sich von Scare/Fake-Ware ein Fenster öffnet und die Ausführung verhindern will, das Fenster stehen lassen und RKILL nochmal starten

chris

Larina 19.12.2011 13:58
Hi,

rkill habe ich gestern abend mal versucht, aber nach einer Laufzeit von ca einer Stunde stand da immer noch 'Terminating known malware processes. Please be patient.' (o.ä.), das kam mir verdächtig lang vor, deswegen habe ich es dann erstmal abgebrochen.
Im Moment lasse ich diese DrWebLiveCD laufen (seit 1 3/4 Stunden). Bis jetzt hat er 28 Bedrohungen gefunden. Wenn der Scan durch ist, poste ich die Ergebnisse.

Larina

Chris4You 19.12.2011 14:54
Hi,

Du solltest Dich (und Deine Mutter) wahrscheinlich seelisch und moralisch auf das Neuaufsetzen vorbereiten..
Aber schua-ma-mal...

chris

Larina 19.12.2011 15:18
Hi,

das habe ich zum Glück vorbeugend schonmal getan, ergo die wichtigsten Daten sind bereits auf einen Stick kopiert (wie gut, dass meine Mutter nur so wenig wichtige Dinge auf dem Pc hat ^^)

Larina

Larina 19.12.2011 22:27
Hi,

ich war gerade längere Zeit weg und hatte den Scan weiterlaufen lassen, als ich wiederkam und sehen wollte, ob er nun endlich fertig ist, musste ich feststellen, dass nur noch der grüne Bildschirmhintergrund zu sehen war und von dem Scan nichts mehr. Ist das normal? (Ich dachte nach dem Scan wartet das Programm auf weitere Anweisungen...)
Bis ich weggegangen bin, sah es wie folgt aus: 64 infizierte Dateien und einige (ich weiß nicht mehr wieviele) nicht scannbare Dateien. Hier die einzelnen Ergebnisse:
Code:
File -> details (action)
/win/D:/pagefile.sys -> file too large, skipped (contains an error)
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/011196e2.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/014a961e.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/1104c7cf.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/111def64.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/22cef180.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/354cbf23.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/4008a8be.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/44f5bdf9.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/4bdee396.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/4be9e367.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/5349c999.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/537ef694.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/5910a8b7.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/5da5c687.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/5dbcd021.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/674ad916.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/677de388.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/6d13aaa2.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/6d52bc57.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Dokumente und Einstellungen/Gisela/AppData/Local/fb0c32de/X -> infected with BackDoor.Maxplus.442
/win/D:/Dokumente und Einstellungen/Gisela/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/BBNXHQI8/Installer[1].exe -> archive NSIS (contains an error)
/win/D:/Dokumente und Einstellungen/Gisela/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/QTFCR0MO/2[1].exe -> infected with Backdoor.Maxplus.482
/win/D:/Dokumente und Einstellungen/Gisela/AppData/Local/Mozilla/Firefox/Profiles/cxtagmqf.default/Cache/1/35/024B8d01 -> infected with Exploit.PDF.2645
/win/D:/Dokumente und Einstellungen/Gisela/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/0/47346c40-4775eac5 -> infected with Trojan.Inject.59380
/win/D:/Dokumente und Einstellungen/Gisela/Downloads/avira_antivir_personal_de.exe -> archive RAR (contains an error)
/win/D:/Program Files/Avira/AntiVir Desktop/avguard.exe -> infected with Trojan.Starter.1695
/win/D:/Program Files/Avira/AntiVir Desktop/avshadow.exe -> infected with Trojan.Starter.1695
/win/D:/Program Files/Avira/AntiVir Desktop/update.exe -> infected with Trojan.Starter.1695
/win/D:/Program Files/Avira/AntiVir Desktop/sched.exe -> infected with Trojan.Starter.1695
/win/D:/Program Files/Cyberlink/Shared Files/RichVideo.exe -> infected with Trojan.Starter.1695
/win/D:/Program Files/DivX/DivX Plus Player/DPXPlugins/DPXDeviceManagerPlugin.dll -> packed by PECOMPACT (contains an error)
/win/D:/Program Files/DivX/DivX Plus Player/DPXPlugins/DPXDFXAudioPlugin.dll -> packed by PECOMPACT (contains an error)
/win/D:/Program Files/DivX/DivX Plus Player/DPXPlugins/DPXDownloadManagerPlugin.dll -> packed by PECOMPACT (contains an error)
/win/D:/Program Files/DivX/DivX Plus Player/DSEPlugins/DivXAACDecode.dll -> packed by PECOMPACT (contains an error)
/win/D:/Program Files/DivX/DivX Plus Player/DSEPlugins/DivXASPDecode.dll -> packed by PECOMPACT (contains an error)
/win/D:/Program Files/DivX/DivX Plus Player/DSEPlugins/DivXAVCDecode.dll -> packed by PECOMPACT (contains an error)
/win/D:/Program Files/DivX/DivX Plus Player/DSEPlugins/MP3SurroundDecode.dll -> packed by PECOMPACT (contains an error)
/win/D:/Program Files/DivX/DivX Plus Web Player/Stream Engine/DivXAACDecode.dll -> packed by PECOMPACT (contains an error)
/win/D:/Program Files/DivX/DivX Plus Web Player/Stream Engine/DivXASPDecode.dll -> packed by PECOMPACT (contains an error)
/win/D:/Program Files/DivX/DivX Plus Web Player/Stream Engine/DivXAVCDecode.dll -> packed by PECOMPACT (contains an error)
/win/D:/Program Files/DivX/DivX Plus Web Player/Stream Engine/MP3SurroundDecode.dll -> packed by PECOMPACT (contains an error)
/win/D:/Program Files/MiKTeX 2.7/scripts/pax/pax.jar -> archive ZIP (contains an error)
/win/D:/Program Files/TOSHIBA/ConfigFree/CFsvcs.exe -> infected with Trojan.Starter.1695
/win/D:/Program Files/TOSHIBA/TOSHIBA DVD PLAYER/TNaviSrv.exe -> infected with Trojan.Starter.1695
/win/D:/Program Files/Vodafone/Vodafone Mobile Connect/Bin/VMCService.exe -> infected with Trojan.Starter.1695
/win/D:/Program Files/ICQ6.5/Zip.dll -> archive CHM (contains an error)
/win/D:/Program Files/ICQ6.5/ConfigFiles/TopSearches.7z -> archive 7-ZIP (contains an error)
/win/D:/Program Files/ICQ6.5/ConfigFiles/TopSearchesDe.7z -> archive 7-ZIP (contains an error)
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/011196e2.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/014a961e.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/1104c7cf.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/111def64.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/All Users/Avira/AntiVir Desktop/INFECTED/22cef180.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/354cbf23.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/4008a8be.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/44f5bdf9.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/4bdee396.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/4be9e367.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/5349c999.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/537ef694.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/5910a8b7.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/5da5c687.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/5dbcd021.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/674ad916.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/677de388.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/6d13aaa2.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/6d52bc57.qua -> packed by BINARY PACKAGE - thread detected
/win/D:/Programme/Avira/AntiVir Desktop/avguard.exe -> infected with Trojan.Starter.1695
/win/D:/Programme/Avira/AntiVir Desktop/avshadow.exe -> infected with Trojan.Starter.1695
/win/D:/Programme/Avira/AntiVir Desktop/update.exe -> infected with Trojan.Starter.1695
/win/D:/Programme/Avira/AntiVir Desktop/sched.exe -> infected with Trojan.Starter.1695
/win/D:/Programme/Cyberlink/Shared Files/RichVideo.exe -> infected with Trojan.Starter.1695
/win/D:/Programme/DivX/DivX Plus Player/DPXPlugins/DPXDeviceManagerPlugin.dll -> packed by PECOMPACT (contains an error)
/win/D:/Programme/DivX/DivX Plus Player/DPXPlugins/DPXDFXAudioPlugin.dll -> packed by PECOMPACT (contains an error)
/win/D:/Programme/DivX/DivX Plus Player/DPXPlugins/DPXDownloadManagerPlugin.dll -> packed by PECOMPACT (contains an error)
/win/D:/Programme/DivX/DivX Plus Player/DSEPlugins/DivXAACDecode.dll -> packed by PECOMPACT (contains an error)
/win/D:/Programme/DivX/DivX Plus Player/DSEPlugins/DivXASPDecode.dll -> packed by PECOMPACT (contains an error)
/win/D:/Programme/DivX/DivX Plus Player/DSEPlugins/DivXAVCDecode.dll -> packed by PECOMPACT (contains an error)
/win/D:/Programme/DivX/DivX Plus Player/DSEPlugins/MP3SurroundDecode.dll -> packed by PECOMPACT (contains an error)
/win/D:/Programme/DivX/DivX Plus Web Player/Stream Engine/DivXAACDecode.dll -> packed by PECOMPACT (contains an error)
/win/D:/Programme/DivX/DivX Plus Web Player/Stream Engine/DivXASPDecode.dll -> packed by PECOMPACT (contains an error)
/win/D:/Programme/DivX/DivX Plus Web Player/Stream Engine/DivXAVCDecode.dll -> packed by PECOMPACT (contains an error)
/win/D:/Programme/DivX/DivX Plus Web Player/Stream Engine/MP3SurroundDecode.dll -> packed by PECOMPACT (contains an error)
/win/D:/Programme/MiKTeX 2.7/scripts/pax/pax.jar -> archive ZIP (contains an error)
/win/D:/Programme/TOSHIBA/ConfigFree/CFsvcs.exe -> infected with Trojan.Starter.1695
/win/D:/Programme/TOSHIBA/TOSHIBA DVD PLAYER/TNaviSrv.exe -> infected with Trojan.Starter.1695
/win/D:/Programme/Vodafone/Vodafone Mobile Connect/Bin/VMCService.exe -> infected with Trojan.Starter.1695
/win/D:/Programme/ICQ6.5/Zip.dll -> archive CHM (contains an error)
/win/D:/Programme/ICQ6.5/ConfigFiles/TopSearches.7z -> archive 7-ZIP (contains an error)
/win/D:/Programme/ICQ6.5/ConfigFiles/TopSearchesDe.7z -> archive 7-ZIP (contains an error)
/win/D:/Users/Gisela/AppData/Local/fb0c32de/X -> infected with BackDoor.Maxplus.442
/win/D:/Users/Gisela/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/BBNXHQI8/Installer[1].exe -> archive NSIS (contains an error)
/win/D:/Users/Gisela/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/QTFCR0MO/2[1].exe -> infected with Backdoor.Maxplus.482
/win/D:/Users/Gisela/AppData/Local/Mozilla/Firefox/Profiles/cxtagmqf.default/Cache/1/35/024B8d01 -> infected with Exploit.PDF.2645
/win/D:/Users/Gisela/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/0/47346c40-4775eac5 -> infected with Trojan.Inject.59380
Larina

Chris4You 20.12.2011 07:27
Hi,

das sieht nicht gut aus, Du solltet Neuaufsetzen...
Über eine Exploit hat sich ein Backdoor eingeschlichen...
/win/D:/Dokumente und Einstellungen/Gisela/AppData/Local/fb0c32de/X -> infected with BackDoor.Maxplus.442

Wir können och versuchen über OTLPE was rauszubekommen...
System mit OTL-PE scannen

Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop.
Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
Lege eine leere CD in Deinen Brenner.
ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
Du kannst nun die Fenster des Brennprogramms schließen.

Starte das unbootbare System neu und boote von der CD, die Du gerade erstellt hast.
Anmerkung: Wenn Du nicht weißt, wie Du Deinen Computer dazu bringst, von CD zu booten, dann folge diesen Schritten hierInstallation: Wie boote ich Windows von der CD?.
Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
Mache einen Doppelklick auf das OTLPE Icon.
Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
OTLpe sollte nun starten.



http://image.hijackthis.de/upload/hjt1-034.jpg

Drücke Run Scan, um den Scan zu starten.
Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt gesichert und mit Notepad++ geöffnet.
Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt in diesen Thread.



chris

Larina 20.12.2011 09:01
Hi,

ich habe inzwischen die Ergebnisse des Scans doch gefunden und die Bedrohungen beheben lassen (DrWeb sagte: Alle behoben). Daraufhin habe ich das System neu gestartet und versucht Otl.exe auszuführen, was allerdings erneut nicht ging. Dann habe ich mit DrWeb neu gescannt und nach kurzer Zeit die Ergebnisse
/win/D:/Dokumente und Einstellungen/Gisela/AppData/Local/fb0c32de/X.# -> infected with BackDoor.Maxplus.442
/win/D:/Dokumente und Einstellungen/Gisela/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/QTFCR0MO/2[1].#xe -> infected with Backdoor.Maxplus.482
/win/D:/Dokumente und Einstellungen/Gisela/AppData/Local/Mozilla/Firefox/Profiles/cxtagmqf.default/Cache/1/35/024B8d01.# -> infected with Exploit.PDF.2645
erhalten. Daraufhin habe ich das abgebrochen.
Entsprechend deinem letzten Post habe ich jetzt Otl Network gestartet. Er hat mich nicht nach der remote registry gefragt, dafür aber nach dem Windows-Ordner (Ich hab C:\Windows angegeben).
Hier also die Ergebnisse:
OTL.txt
OTL Logfile:
Code:
OTL logfile created on: 12/20/2011 8:47:00 AM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Basic Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.37 Gb Total Space | 35.39 Gb Free Space | 47.59% Space Free | Partition Type: NTFS
Drive D: | 73.21 Gb Total Space | 68.06 Gb Free Space | 92.95% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (VMCService)
SRV - File not found [Auto] --  -- (TNaviSrv)
SRV - File not found [Auto] --  -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - File not found [Auto] --  -- (ConfigFree Service)
SRV - File not found [Auto] --  -- (AntiVirService)
SRV - File not found [Auto] --  -- (AntiVirSchedulerService)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/04/16 08:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2011/12/20 01:56:30 | 000,000,000 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\3727822075 -- (fb0c32de)
DRV - [2011/07/01 02:57:35 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/01 02:57:35 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/11/08 17:29:17 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/05/11 04:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/10 23:39:17 | 000,067,072 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\cdrom.sys -- (cdrom)
DRV - [2009/02/13 04:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/09/02 08:03:54 | 000,168,704 | ---- | M] (10moons Technologies Co.,Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tridvid.sys -- (TridVid)
DRV - [2008/07/18 11:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/05/19 13:42:56 | 000,912,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/28 09:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/04/15 03:05:08 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/03/17 04:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/11/09 07:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/17 15:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/20 07:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/02 02:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/10/18 04:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Gisela_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKU\Gisela_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/skins/
IE - HKU\Gisela_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Gisela_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\Gisela_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\Gisela_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http:gmx.de"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.1
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: 
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/02 13:50:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/24 05:42:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/31 14:26:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\web@veoh.com: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009/06/05 07:41:37 | 000,000,000 | ---D | M]
 
[2010/10/06 03:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gisela\AppData\Roaming\Mozilla\Extensions
[2010/10/06 03:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gisela\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/12/14 17:15:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\extensions
[2010/08/20 12:22:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/13 14:23:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/21 13:51:55 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/01/08 14:18:42 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\extensions\searchrecs@veoh.com
[2011/12/16 13:48:39 | 000,000,950 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-1.xml
[2010/09/18 09:28:47 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-10.xml
[2010/10/25 07:25:07 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-11.xml
[2010/11/03 05:45:10 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-12.xml
[2010/12/11 11:12:37 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-13.xml
[2011/03/28 03:35:32 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-14.xml
[2011/04/24 05:42:27 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-15.xml
[2010/01/11 15:37:52 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-2.xml
[2010/02/20 03:26:43 | 000,000,954 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-3.xml
[2010/03/15 14:28:39 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-4.xml
[2010/03/24 15:12:49 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-5.xml
[2010/04/03 14:41:47 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-6.xml
[2010/07/01 03:19:36 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-7.xml
[2010/07/26 16:47:08 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-8.xml
[2010/09/09 14:30:39 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-9.xml
[2009/12/16 15:52:45 | 000,000,944 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin.xml
[2011/12/17 04:06:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/10 13:46:49 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011/12/17 04:06:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\GISELA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CXTAGMQF.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\GISELA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CXTAGMQF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/12/02 13:50:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/09 23:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/02 13:50:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/12/02 13:50:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/02 13:50:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/12/02 13:50:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/12/02 13:50:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/12/02 13:50:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [cfFncEnabler.exe]  File not found
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [jswtrayutil]  File not found
O4 - HKLM..\Run: [NDSTray.exe]  File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\Gisela_ON_C..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -  File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{001a1a62-8b4b-11de-a467-001e339f7ce2}\Shell - "" = AutoRun
O33 - MountPoints2\{001a1a62-8b4b-11de-a467-001e339f7ce2}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{1e061b24-8e80-11de-9ff2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1e061b24-8e80-11de-9ff2-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{2cf454e6-8c22-11de-a058-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2cf454e6-8c22-11de-a058-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{5cbd67fb-ccb6-11de-bba6-85b1694fd61f}\Shell - "" = AutoRun
O33 - MountPoints2\{5cbd67fb-ccb6-11de-bba6-85b1694fd61f}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{787d7a76-8b49-11de-a3d8-001e339f7ce2}\Shell - "" = AutoRun
O33 - MountPoints2\{787d7a76-8b49-11de-a3d8-001e339f7ce2}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\Windows\System32\drivers\
File not found -- C:\Windows\System32\
[2011/12/17 04:41:11 | 000,000,000 | ---D | C] -- C:\Users\Gisela\AppData\Roaming\QuickScan
[2011/12/17 04:20:18 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/12/17 04:20:09 | 000,000,000 | ---D | C] -- C:\Users\Gisela\AppData\Roaming\Malwarebytes
[2011/12/17 04:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/17 04:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/17 04:20:02 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/17 04:20:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/17 04:06:46 | 000,000,000 | ---D | C] -- C:\Users\Gisela\AppData\Roaming\Avira
[2011/12/17 04:06:30 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/12/17 04:06:30 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/12/17 04:06:29 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/12/17 02:59:57 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/12/17 02:56:30 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/12/16 16:53:24 | 000,000,000 | -HSD | C] -- C:\Users\Gisela\AppData\Local\fb0c32de
[2011/12/16 13:47:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/16 13:47:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/16 13:47:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/16 13:47:01 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/16 13:47:01 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/12/16 13:47:00 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/16 13:46:56 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/15 06:07:00 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/15 06:06:59 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/15 06:06:58 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/15 06:06:56 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/15 06:06:55 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/15 06:06:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/09 13:23:51 | 000,000,000 | ---D | C] -- C:\Users\Gisela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GeoGebra 4
[2011/12/04 15:18:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/12/02 14:36:47 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/12/02 14:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011/12/02 14:36:26 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\System32\drivers\
File not found -- C:\Windows\System32\
[2011/12/20 02:03:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/20 02:02:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/20 02:02:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/20 02:02:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011/12/20 02:02:51 | 001,694,194 | -H-- | M] () -- C:\Users\Gisela\AppData\Local\IconCache.db
[2011/12/20 02:00:47 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2011/12/20 02:00:47 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/12/20 02:00:47 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/20 02:00:47 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/12/20 02:00:47 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/20 01:56:50 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/20 01:56:30 | 000,000,000 | ---- | M] () -- C:\Windows\3727822075
[2011/12/20 01:56:26 | 2009,075,712 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/19 04:37:58 | 000,302,592 | ---- | M] () -- C:\Users\Gisela\Desktop\4oxrfg5s.exe
[2011/12/19 04:36:38 | 000,584,192 | ---- | M] () -- C:\Users\Gisela\Desktop\OTL.exe
[2011/12/19 04:36:38 | 000,584,192 | ---- | M] () -- C:\Users\Gisela\Desktop\OTL (2).exe
[2011/12/19 04:36:20 | 000,050,477 | ---- | M] () -- C:\Users\Gisela\Desktop\Defogger.exe
[2011/12/18 16:31:22 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/18 16:02:48 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/12/18 15:57:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/18 15:32:53 | 000,020,992 | ---- | M] () -- C:\Users\Gisela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/18 09:53:26 | 000,001,356 | ---- | M] () -- C:\Users\Gisela\AppData\Local\d3d9caps.dat
[2011/12/18 09:01:17 | 195,131,308 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/17 05:57:16 | 000,388,608 | ---- | M] () -- C:\Users\Gisela\Desktop\HiJackThis204.exe
[2011/12/17 03:57:52 | 000,048,016 | -HS- | M] () -- C:\Windows\System32\c_16283.nl_
[2011/12/17 03:20:07 | 307,472,120 | ---- | M] () -- C:\Users\Gisela\Documents\17122011.reg
[2011/12/16 17:28:11 | 000,366,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/12 03:18:11 | 000,013,033 | ---- | M] () -- C:\Users\Gisela\Documents\Kopischke.odt
[2011/12/09 13:23:51 | 000,001,891 | ---- | M] () -- C:\Users\Gisela\Desktop\GeoGebra 4.lnk
[2011/12/04 15:18:42 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/12/04 15:18:42 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2011/12/04 15:18:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/12/02 14:36:47 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/26 17:31:01 | 000,041,395 | ---- | M] () -- C:\Users\Gisela\Documents\Wendy Gutachter.odt
[2011/11/23 08:37:27 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/12/20 02:02:51 | 001,694,194 | -H-- | C] () -- C:\Users\Gisela\AppData\Local\IconCache.db
[2011/12/20 02:01:43 | 000,584,192 | ---- | C] () -- C:\Users\Gisela\Desktop\OTL (2).exe
[2011/12/20 01:56:26 | 2009,075,712 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/19 04:49:45 | 000,302,592 | ---- | C] () -- C:\Users\Gisela\Desktop\4oxrfg5s.exe
[2011/12/19 04:43:12 | 000,584,192 | ---- | C] () -- C:\Users\Gisela\Desktop\OTL.exe
[2011/12/19 04:39:15 | 000,050,477 | ---- | C] () -- C:\Users\Gisela\Desktop\Defogger.exe
[2011/12/18 08:52:14 | 000,388,608 | ---- | C] () -- C:\Users\Gisela\Desktop\HiJackThis204.exe
[2011/12/17 03:58:38 | 000,000,000 | ---- | C] () -- C:\Windows\3727822075
[2011/12/17 03:57:52 | 000,048,016 | -HS- | C] () -- C:\Windows\System32\c_16283.nl_
[2011/12/17 03:19:38 | 307,472,120 | ---- | C] () -- C:\Users\Gisela\Documents\17122011.reg
[2011/12/16 17:25:14 | 195,131,308 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/09 13:23:51 | 000,001,891 | ---- | C] () -- C:\Users\Gisela\Desktop\GeoGebra 4.lnk
[2011/12/02 14:36:28 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/09/02 13:07:58 | 000,000,229 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010/09/02 13:07:58 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010/09/02 13:07:35 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/09/02 13:07:35 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010/09/02 13:07:13 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2010/09/02 13:06:46 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2010/09/02 13:02:41 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2010/01/14 16:17:27 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/01/14 16:17:27 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/01/14 16:17:27 | 000,008,704 | ---- | C] () -- C:\Windows\System32\vidccleaner.exe
[2009/10/30 16:15:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/09/11 14:20:36 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/11 14:20:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/11 14:19:56 | 000,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll
[2009/09/11 14:19:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/09/11 14:18:53 | 000,067,072 | ---- | C] () -- C:\Windows\System32\drivers\cdrom.sys
[2009/08/28 10:28:14 | 000,001,356 | ---- | C] () -- C:\Users\Gisela\AppData\Local\d3d9caps.dat
[2009/06/11 04:46:44 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll
[2009/06/11 04:46:43 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll
[2009/06/11 04:46:43 | 000,040,960 | ---- | C] () -- C:\Windows\System32\maplec.dll
[2009/05/06 12:03:37 | 000,020,992 | ---- | C] () -- C:\Users\Gisela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/09 06:00:58 | 000,028,672 | ---- | C] () -- C:\Windows\System32\VendorCmdRW.dll
[2009/03/30 06:22:41 | 000,102,776 | ---- | C] () -- C:\Users\Gisela\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/03/30 05:17:26 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009/03/30 05:17:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009/03/30 05:17:26 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009/03/30 05:17:26 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/08/13 06:59:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/08/13 06:59:34 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/08/13 06:59:34 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/08/13 06:59:34 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/08/13 06:59:34 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/08/13 06:59:34 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/08/13 06:51:12 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/13 06:36:31 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/08/13 06:36:30 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/08/13 06:36:29 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/08/13 06:36:27 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/08/13 05:51:33 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/06/23 06:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008/05/23 10:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
[2008/04/21 18:46:28 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/04/21 18:45:02 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/01/21 03:21:48 | 001,418,806 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2008/01/21 03:21:25 | 000,618,442 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 03:21:25 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 03:21:25 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 03:21:25 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/01/20 21:34:22 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 000,366,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:51 | 000,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 07:35:51 | 000,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:35:51 | 000,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:35:51 | 000,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:33:57 | 000,197,632 | ---- | C] () -- C:\Windows\System32\ir32_32.dll
[2006/11/02 05:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:24:31 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2006/11/02 05:23:31 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 05:23:31 | 000,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 02:10:37 | 000,053,536 | ---- | C] () -- C:\Windows\System32\dosx.exe
[2006/11/02 02:10:02 | 000,000,718 | ---- | C] () -- C:\Windows\System32\mscdexnt.exe
[2006/11/02 02:10:00 | 000,002,842 | ---- | C] () -- C:\Windows\System32\redir.exe
[2006/11/02 02:09:59 | 000,069,886 | ---- | C] () -- C:\Windows\System32\edit.com
[2006/11/02 02:09:59 | 000,019,694 | ---- | C] () -- C:\Windows\System32\GRAPHICS.COM
[2006/11/02 02:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\share.exe
[2006/11/02 02:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\fastopen.exe
[2006/11/02 02:09:57 | 000,014,710 | ---- | C] () -- C:\Windows\System32\KB16.COM
[2006/11/02 02:09:56 | 000,007,052 | ---- | C] () -- C:\Windows\System32\nlsfunc.exe
[2006/11/02 02:09:55 | 000,039,274 | ---- | C] () -- C:\Windows\System32\mem.exe
[2006/11/02 02:09:55 | 000,001,131 | ---- | C] () -- C:\Windows\System32\LOADFIX.COM
[2006/11/02 02:09:53 | 000,011,753 | ---- | C] () -- C:\Windows\System32\setver.exe
[2006/11/02 02:09:52 | 000,020,634 | ---- | C] () -- C:\Windows\System32\debug.exe
[2006/11/02 02:09:51 | 000,008,424 | ---- | C] () -- C:\Windows\System32\exe2bin.exe
[2006/11/02 02:09:50 | 000,012,642 | ---- | C] () -- C:\Windows\System32\edlin.exe
[2006/11/02 02:09:49 | 000,050,648 | ---- | C] () -- C:\Windows\System32\COMMAND.COM
[2006/11/02 02:09:49 | 000,012,498 | ---- | C] () -- C:\Windows\System32\append.exe
[2006/11/02 02:09:45 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys
[2006/11/02 02:09:44 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 02:09:44 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 02:09:42 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS
[2006/11/02 02:09:41 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 02:09:40 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 02:09:38 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 02:09:35 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 02:09:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 02:09:29 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 02:09:26 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 02:09:24 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 02:09:23 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 02:09:22 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS
[2006/11/02 02:09:20 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 01:25:08 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll
 
========== LOP Check ==========
 
[2009/11/08 17:29:02 | 000,000,000 | ---D | M] -- C:\Users\Gisela\AppData\Roaming\DAEMON Tools Pro
[2010/01/30 17:07:27 | 000,000,000 | ---D | M] -- C:\Users\Gisela\AppData\Roaming\DynaGeo
[2011/07/12 16:20:18 | 000,000,000 | ---D | M] -- C:\Users\Gisela\AppData\Roaming\ICQ
[2009/06/13 11:56:21 | 000,000,000 | ---D | M] -- C:\Users\Gisela\AppData\Roaming\OpenOffice.org
[2010/07/04 10:50:26 | 000,000,000 | ---D | M] -- C:\Users\Gisela\AppData\Roaming\PhotoScape
[2011/12/17 04:48:44 | 000,000,000 | ---D | M] -- C:\Users\Gisela\AppData\Roaming\QuickScan
[2011/10/07 13:23:17 | 000,000,000 | ---D | M] -- C:\Users\Gisela\AppData\Roaming\ScanSoft
[2010/10/06 03:18:30 | 000,000,000 | ---D | M] -- C:\Users\Gisela\AppData\Roaming\Thunderbird
[2009/03/30 08:09:58 | 000,000,000 | ---D | M] -- C:\Users\Gisela\AppData\Roaming\Toshiba
[2009/08/17 11:36:56 | 000,000,000 | ---D | M] -- C:\Users\Gisela\AppData\Roaming\Vodafone
[2009/03/30 06:19:07 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 07:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2009/11/08 17:33:15 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Pro
[2006/11/02 07:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 07:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/03/30 06:19:07 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2009/03/30 06:19:07 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 07:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009/11/10 13:46:50 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2010/09/02 13:02:39 | 000,000,000 | ---D | M] -- C:\ProgramData\ScanSoft
[2006/11/02 07:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/03/30 06:19:07 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/04/09 06:19:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2006/11/02 07:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2009/03/30 05:17:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Toshiba
[2009/03/30 06:22:44 | 000,000,000 | ---D | M] -- C:\ProgramData\ToshibaEurope
[2008/08/13 06:58:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2009/08/17 11:36:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Vodafone
[2009/03/30 06:19:07 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011/12/20 02:02:55 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 816 bytes -> C:\Windows\3727822075:83086625.exe
< End of report >
--- --- ---

Extra.txt
OTL Logfile:
Code:
OTL Extras logfile created on: 12/20/2011 8:47:00 AM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Basic Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.37 Gb Total Space | 35.39 Gb Free Space | 47.59% Space Free | Partition Type: NTFS
Drive D: | 73.21 Gb Total Space | 68.06 Gb Free Space | 92.95% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome ()
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 ()
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 ()
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" ()
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 30
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite MFC-250C
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{5782EFD2-603D-4AFA-87EF-7CB54044839C}" = Winfunktion Mathematik plus 17
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A80AC620-12FA-11D5-B287-0050DA4BBA2C}" = Riding Star
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow!
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX-Setup
"DynaGeo_is1" = DynaGeo 3.1f
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ICQToolbar" = ICQ Toolbar
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Maple 12" = Maple 12
"Maxima-5.19.2_is1" = Maxima 5.19.2
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiKTeX 2.7" = MiKTeX 2.7
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"myphotobook" = myphotobook 3.6
"NSS" = Norton Security Scan
"PhotoScape" = PhotoScape
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeXnicCenter_is1" = TeXnicCenter Version 1 Beta 7.50
"Uninstall_is1" = Uninstall 1.0.0.1
"Veoh Web Player Beta" = Veoh Web Player
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 0.9.9
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR
"YTdetect" = Yahoo! Detect
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Gisela_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GeoGebra 4" = GeoGebra 4
 
< End of report >
--- --- ---


Larina

Chris4You 20.12.2011 09:26
Hi,

folgendes file auf usb-stick kopieren und wiedermit OLTPE starten und dann fixen lassen:

Script auf CD oder USB-Stick kopieren, OTL starten und wie folgt vorgehen...
(abgesicherter Modus mit Eingabeaufforderung OTL starten dann notepad aufrufen, Script laden und Inhalt der Codebox wie u. beschrieben in OTL kopieren)
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:

:OTL
DRV - [2011/12/20 01:56:30 | 000,000,000 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\3727822075 -- (fb0c32de)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O33 - MountPoints2\{001a1a62-8b4b-11de-a467-001e339f7ce2}\Shell - "" = AutoRun
O33 - MountPoints2\{001a1a62-8b4b-11de-a467-001e339f7ce2}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{1e061b24-8e80-11de-9ff2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1e061b24-8e80-11de-9ff2-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{2cf454e6-8c22-11de-a058-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2cf454e6-8c22-11de-a058-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{5cbd67fb-ccb6-11de-bba6-85b1694fd61f}\Shell - "" = AutoRun
O33 - MountPoints2\{5cbd67fb-ccb6-11de-bba6-85b1694fd61f}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{787d7a76-8b49-11de-a3d8-001e339f7ce2}\Shell - "" = AutoRun
O33 - MountPoints2\{787d7a76-8b49-11de-a3d8-001e339f7ce2}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
[2011/12/16 16:53:24 | 000,000,000 | -HSD | C] -- C:\Users\Gisela\AppData\Local\fb0c32de
[2011/12/17 02:59:57 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
@Alternate Data Stream - 816 bytes -> C:\Windows\3727822075:83086625.exe
[2011/12/17 03:58:38 | 000,000,000 | ---- | C] () -- C:\Windows\3727822075
[2011/12/17 03:57:52 | 000,048,016 | -HS- | C] () -- C:\Windows\System32\c_16283.nl_

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = dword:0x00

:Commands
[emptytemp]
[EMPTYFLASH]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Wenn möglich, danach (ohne Internetverbindung) gleich MAM ausführen und Fullscan...

chris

Larina 20.12.2011 10:07
Hi,

ich habe den Code in Custom Scans/Fixes eingefügt und auf Run Fix geklickt. Hat er wohl auch gemacht und dann kam die Aufforderung zum Reboot. Ich habe auf Yes geklickt, aber seitdem hat sich nichts mehr getan...(insbesondere kein Reboot)

Larina

Chris4You 20.12.2011 10:21
Hi,

probiere den Reboot "per Hand"...

chris

Larina 20.12.2011 10:30
Hi,

der Bildschirm ist seit einigen Minuten gräulich und das Fenster mit 'Shut down Windows' ist immer noch da...ergo es tut sich auch hier nichts (auf Cancel gehen geht auch nicht...)

Larina

Chris4You 20.12.2011 10:37
Hi,

oh je... Dann länger den Einschaltknopf drücken...

chris

Larina 20.12.2011 10:46
Hi,

gemacht, neu gestartet, MAM neu installiert, beim ersten Scanversuch abgestürzt (nach 5 Sek) und dann bekannte Fehlermeldung geliefert...

Larina

Chris4You 20.12.2011 11:05
Hi,

führen wir als letztes vor dem Neuaufsetzen folgendes durch:
Überprüfen der Festplatte auf Fehler

Frage: Ein HW-Fehler (Lüfter läuft nicht, die Lüftungsschlitze sind zu etc.) kanne snicht sein?

chris

Larina 20.12.2011 11:08
Hi,

ich denke nicht, dass es ein HW-Fehler ist...das Notebook wird nur selten bewegt und meines Erachtens nach läuft der Lüfter ganz normal.
Ich prüfe dann also mal die Platte auf Fehler.

Larina

Larina 20.12.2011 13:53
Hi,

die Festplatte hat 2 Partitionen:
Data ( E: ) - alles ok
Vista ( C: ) - kommt kurz eine Meldung, die - soweit ich es lesen konnte (war sehr schnell wieder weg...) - lautet: 'Volume kann für direkten Zugriff nicht geöffnet werden.'

Larina

Chris4You 20.12.2011 16:03
Hi,

selbst wenn kein exklusiver Zugriff mögich ist, sollte er das melden und anbieten eine Überprüfung beim
nächsten Booten durchzuführen… Das deutet auf einen manipulierten Bootblock hin…

Hast Du eine Vista-CD von der in die Rettungskonsole gebootet werden kann?

Es gibt noch einige andere Möglichkeiten (Ausbau der HD und anschluß an einen anderen Rechner
als Slave), aber ich denke das wird zu kompliziert…

chris

Larina 20.12.2011 16:13
Hi,

die Überprüfung führt er eh nur beim Booten und nicht im laufenden Betrieb durch...
Leider habe ich keine Vista-Cd, Windows war bereits vorinstalliert.
HW-Ausbau ist mir tatsächlich zu kompliziert, zumal ich im Moment auch kein Werkzeug (Schraubenzieher o.ä.) zur Hand habe.

Larina

Chris4You 20.12.2011 17:53
Hi,

aber er überprüft nicht, oder...?
Iregndwie kommen wir so nicht weiter..
Was mich irritiert ist, das MAM erst anläuft und dann abstürzt, das ist für Malware "untypisch", entweder der Start wird komplett unterbunden...

Wenn keine Vista-CDda ist, dann fällt auch sfc /scannow aus (das würde versuchen das System zu reparieren...

Letzter Versuch...
Lade Dir die passende Version von Hitman pro Downloads - SurfRight, den cloudbasierten Scanner auswählen... und laufen lassen...

chris

Larina 20.12.2011 19:23
Hi,

er lässt es ja nur beim ersten Start nach der Installation zu, danach verhindert er es immer...
Hitman ist gelaufen und hat folgendes gefunden und (zumindest angeblich) behoben:
Code:
C:\Windows\DRIVERS\cdrom.sys -> Rootkit (G Data: Gen:Variant.TDss.15 (Engine-A); DrWeb: Trojan.NtRootKit.12040; IKARUS : Rootkit.Win32.ZAccess!IK)
C:\Windows\system32\TODDSrv.exe -> Trojan (G Data: Trojan.Generic.KDV.268357 (Engine-A); DrWeb: Trojan.Starter.1695; IKARUS : Trojan-Spy.Win32.Zbot!IK)
Zudem etliche Tracking Cookies
Die ausführliche log-Datei ist im Anhang.
Computer ist neu gestartet und im Moment läuft CHKDSK (bei 20%).

Larina

Larina 20.12.2011 20:03
Hi,

Datenträgerüberprüfung ergab: Keine Fehler.
Ich habe jetzt MAM neu installiert und es läuft (zum Glück).
Ich habe erstmal Quick Scan ausgewählt. Hier die entsprechende log-Datei:
Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8403

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

20.12.2011 20:01:05
mbam-log-2011-12-20 (20-01-05).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 160736
Laufzeit: 2 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fb0c32de (Backdoor.0Access) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\3727822075:83086625.exe (Backdoor.0Access) -> Quarantined and deleted successfully.
Larina

Edit: Ich lasse jetzt auch mal einen vollständigen Scan durchführen.

Larina 20.12.2011 21:04
Hi,

hier die log-Datei des vollständigen Scans:
Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8403

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

20.12.2011 21:00:00
mbam-log-2011-12-20 (21-00-00).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 352269
Laufzeit: 54 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Gisela\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\QTFCR0MO\2[1].#xe (Trojan.Agent.PE3) -> Quarantined and deleted successfully.
c:\Windows\assembly\GAC_MSIL\Desktop.ini (Rootkit.0Access) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\12202011_095314\C_Users\Gisela\AppData\Local\fb0c32de\X.# (Trojan.Agent.PE3) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\12202011_095314\c_windows\System32\c_16283.nl_ (Backdoor.0Access) -> Quarantined and deleted successfully.
Was sollte ich jetzt am besten machen?

Larina

Chris4You 20.12.2011 21:07
Hi,

jahuuuuuuuuuu!
Haben wir die Saubacke endlich...
Nach dem Fullscann noch OTL-Log und
TDSS-Killer
TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Nach dem Start erscheint ein Fenster, dort dann "Start Scan".
Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

Bin jetzt Mißtrauisch, daher noch:
MBR-Check
Lade Dir http://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
  • Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

chris
Ps.: OTL hat es teilweise geschafft, die Rootkit-Treiber waren das eigentliche Problem...
c:\_OTL\movedfiles\12202011_095314\C_Users\Gisela\AppData\Local\fb0c32de\X.# (Trojan.Agent.PE3) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\12202011_095314\c_windows\System32\c_16283.nl_ (Backdoor.0Access) -> Quarantined and deleted successfully.

Larina 20.12.2011 22:13
Hi,

hier die Ergebnisse:
Otl.txt
OTL Logfile:
Code:
OTL logfile created on: 20.12.2011 21:56:23 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = G:\
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 58,12% Memory free
3,98 Gb Paging File | 3,20 Gb Available in Paging File | 80,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,37 Gb Total Space | 36,30 Gb Free Space | 48,82% Space Free | Partition Type: NTFS
Drive E: | 73,21 Gb Total Space | 68,05 Gb Free Space | 92,95% Space Free | Partition Type: NTFS
Drive G: | 245,73 Mb Total Space | 243,60 Mb Free Space | 99,14% Space Free | Partition Type: FAT
 
Computer Name: GISELA-PC | User Name: Gisela | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.20 21:55:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.11.08 10:57:47 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.06.24 09:06:14 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2008.05.09 10:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008.04.24 12:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2008.04.16 23:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2008.04.16 23:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2008.04.08 14:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.31 16:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2008.01.17 15:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2008.03.06 09:14:54 | 005,121,912 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2007.12.25 11:03:40 | 000,015,184 | ---- | M] () -- C:\Programme\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2007.12.14 20:40:00 | 000,090,112 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006.10.10 10:44:16 | 000,009,728 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006.10.07 11:57:04 | 000,053,248 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (VMCService)
SRV - File not found [Auto | Stopped] --  -- (TNaviSrv)
SRV - File not found [Auto | Stopped] --  -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - File not found [Auto | Stopped] --  -- (ConfigFree Service)
SRV - File not found [Auto | Stopped] --  -- (AntiVirService)
SRV - File not found [Auto | Stopped] --  -- (AntiVirSchedulerService)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008.04.16 14:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Programme\Jumpstart\jswpsapi.exe -- (jswpsapi)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.01 08:57:35 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.01 08:57:35 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.11.08 23:29:17 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 10:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.09.02 14:03:54 | 000,168,704 | ---- | M] (10moons Technologies Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tridvid.sys -- (TridVid)
DRV - [2008.07.18 17:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008.05.19 19:42:56 | 000,912,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.04.28 15:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008.04.15 09:05:08 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.03.17 10:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.11.09 13:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.10.17 21:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.11.20 13:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006.11.02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.10.18 10:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/skins/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http:gmx.de"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.1
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.02 19:50:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.24 11:42:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.31 20:26:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\web@veoh.com: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009.06.05 13:41:37 | 000,000,000 | ---D | M]
 
[2010.10.06 09:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gisela\AppData\Roaming\mozilla\Extensions
[2010.10.06 09:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gisela\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.12.14 23:15:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gisela\AppData\Roaming\mozilla\Firefox\Profiles\cxtagmqf.default\extensions
[2010.08.20 18:22:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gisela\AppData\Roaming\mozilla\Firefox\Profiles\cxtagmqf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.13 20:23:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Gisela\AppData\Roaming\mozilla\Firefox\Profiles\cxtagmqf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.11.21 19:51:55 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Gisela\AppData\Roaming\mozilla\Firefox\Profiles\cxtagmqf.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.01.08 20:18:42 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Gisela\AppData\Roaming\mozilla\Firefox\Profiles\cxtagmqf.default\extensions\searchrecs@veoh.com
[2011.12.16 19:48:39 | 000,000,950 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-1.xml
[2010.09.18 15:28:47 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-10.xml
[2010.10.25 13:25:07 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-11.xml
[2010.11.03 11:45:10 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-12.xml
[2010.12.11 17:12:37 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-13.xml
[2011.03.28 09:35:32 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-14.xml
[2011.04.24 11:42:27 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-15.xml
[2010.01.11 21:37:52 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-2.xml
[2010.02.20 09:26:43 | 000,000,954 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-3.xml
[2010.03.15 20:28:39 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-4.xml
[2010.03.24 21:12:49 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-5.xml
[2010.04.03 20:41:47 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-6.xml
[2010.07.01 09:19:36 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-7.xml
[2010.07.26 22:47:08 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-8.xml
[2010.09.09 20:30:39 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-9.xml
[2009.12.16 21:52:45 | 000,000,944 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin.xml
[2011.12.17 10:06:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.11.10 19:46:49 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.12.17 10:06:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\GISELA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CXTAGMQF.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\GISELA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CXTAGMQF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.12.02 19:50:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.02 19:50:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.02 19:50:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.02 19:50:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.02 19:50:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.02 19:50:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.02 19:50:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: VeohTV Plugin (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
CHR - plugin: Veoh Web Player Beta (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Gisela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Gisela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\Gisela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Toshiba TEMPO] C:\Programme\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F49342F-B661-4B69-AED5-38E0260223EB}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Gisela\Desktop\Bilder\Jagd Schleifer 2011\wieder angekommen 2.JPG
O24 - Desktop BackupWallPaper: C:\Users\Gisela\Desktop\Bilder\Jagd Schleifer 2011\wieder angekommen 2.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{001a1a62-8b4b-11de-a467-001e339f7ce2}\Shell - "" = AutoRun
O33 - MountPoints2\{001a1a62-8b4b-11de-a467-001e339f7ce2}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{1e061b24-8e80-11de-9ff2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1e061b24-8e80-11de-9ff2-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{2cf454e6-8c22-11de-a058-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2cf454e6-8c22-11de-a058-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{5cbd67fb-ccb6-11de-bba6-85b1694fd61f}\Shell - "" = AutoRun
O33 - MountPoints2\{5cbd67fb-ccb6-11de-bba6-85b1694fd61f}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{787d7a76-8b49-11de-a3d8-001e339f7ce2}\Shell - "" = AutoRun
O33 - MountPoints2\{787d7a76-8b49-11de-a3d8-001e339f7ce2}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\Windows\System32\drivers\
File not found -- C:\Windows\System32\
[2011.12.20 18:46:30 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011.12.20 18:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011.12.20 15:53:16 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011.12.20 15:53:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.12.17 10:41:11 | 000,000,000 | ---D | C] -- C:\Users\Gisela\AppData\Roaming\QuickScan
[2011.12.17 10:20:09 | 000,000,000 | ---D | C] -- C:\Users\Gisela\AppData\Roaming\Malwarebytes
[2011.12.17 10:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.17 10:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.17 10:20:02 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.17 10:20:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.17 10:06:46 | 000,000,000 | ---D | C] -- C:\Users\Gisela\AppData\Roaming\Avira
[2011.12.17 10:06:30 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.12.17 10:06:30 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.12.17 10:06:29 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.12.17 08:56:30 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.12.16 19:47:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.16 19:47:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.16 19:47:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.16 19:47:01 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.12.16 19:47:00 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.16 19:46:56 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.12.15 12:07:00 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.12.15 12:06:59 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.12.15 12:06:58 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.12.15 12:06:56 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.12.15 12:06:55 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.12.15 12:06:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.12.09 19:23:51 | 000,000,000 | ---D | C] -- C:\Users\Gisela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GeoGebra 4
[2011.12.04 21:18:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011.12.02 20:36:47 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.12.02 20:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011.12.02 20:36:26 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\System32\drivers\
File not found -- C:\Windows\System32\
[2011.12.20 21:58:27 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.20 21:58:27 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.20 21:58:27 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.20 21:58:27 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.20 21:31:13 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.20 21:02:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.20 21:02:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.20 21:02:31 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.20 21:02:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.20 21:02:04 | 2009,075,712 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.20 19:49:40 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011.12.20 19:00:55 | 000,000,598 | ---- | M] () -- C:\Windows\System32\.crusader
[2011.12.20 13:50:24 | 000,000,000 | ---- | M] () -- C:\Windows\3727822075
[2011.12.19 10:40:33 | 000,000,020 | ---- | M] () -- C:\Users\Gisela\defogger_reenable
[2011.12.19 10:37:58 | 000,302,592 | ---- | M] () -- C:\Users\Gisela\Desktop\4oxrfg5s.exe
[2011.12.19 10:36:38 | 000,584,192 | ---- | M] () -- C:\Users\Gisela\Desktop\OTL.exe
[2011.12.19 10:36:38 | 000,584,192 | ---- | M] () -- C:\Users\Gisela\Desktop\OTL (2).exe
[2011.12.19 10:36:20 | 000,050,477 | ---- | M] () -- C:\Users\Gisela\Desktop\Defogger.exe
[2011.12.18 21:32:53 | 000,020,992 | ---- | M] () -- C:\Users\Gisela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.18 15:53:26 | 000,001,356 | ---- | M] () -- C:\Users\Gisela\AppData\Local\d3d9caps.dat
[2011.12.18 15:01:17 | 195,131,308 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.12.17 11:57:16 | 000,388,608 | ---- | M] () -- C:\Users\Gisela\Desktop\HiJackThis204.exe
[2011.12.17 09:20:07 | 307,472,120 | ---- | M] () -- C:\Users\Gisela\Documents\17122011.reg
[2011.12.16 23:28:11 | 000,366,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.12 09:18:11 | 000,013,033 | ---- | M] () -- C:\Users\Gisela\Documents\Kopischke.odt
[2011.12.11 20:42:31 | 000,004,944 | ---- | M] () -- C:\Users\Gisela\untitled4_MAS.bak
[2011.12.11 20:41:25 | 000,005,112 | ---- | M] () -- C:\Users\Gisela\untitled3_MAS.bak
[2011.12.11 20:40:57 | 000,004,296 | ---- | M] () -- C:\Users\Gisela\untitled2_MAS.bak
[2011.12.11 20:09:47 | 000,002,400 | ---- | M] () -- C:\Users\Gisela\untitled1_MAS.bak
[2011.12.09 19:23:51 | 000,001,891 | ---- | M] () -- C:\Users\Gisela\Desktop\GeoGebra 4.lnk
[2011.12.04 21:18:42 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011.12.02 20:36:47 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.11.26 23:31:01 | 000,041,395 | ---- | M] () -- C:\Users\Gisela\Documents\Wendy Gutachter.odt
[2011.11.23 14:37:27 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
 
========== Files Created - No Company Name ==========
 
[2011.12.20 19:00:55 | 000,000,598 | ---- | C] () -- C:\Windows\System32\.crusader
[2011.12.20 18:35:25 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011.12.20 10:42:07 | 000,000,000 | ---- | C] () -- C:\Windows\3727822075
[2011.12.20 08:01:43 | 000,584,192 | ---- | C] () -- C:\Users\Gisela\Desktop\OTL (2).exe
[2011.12.20 07:56:26 | 2009,075,712 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.19 10:49:45 | 000,302,592 | ---- | C] () -- C:\Users\Gisela\Desktop\4oxrfg5s.exe
[2011.12.19 10:43:12 | 000,584,192 | ---- | C] () -- C:\Users\Gisela\Desktop\OTL.exe
[2011.12.19 10:39:53 | 000,000,020 | ---- | C] () -- C:\Users\Gisela\defogger_reenable
[2011.12.19 10:39:15 | 000,050,477 | ---- | C] () -- C:\Users\Gisela\Desktop\Defogger.exe
[2011.12.18 14:52:14 | 000,388,608 | ---- | C] () -- C:\Users\Gisela\Desktop\HiJackThis204.exe
[2011.12.17 09:19:38 | 307,472,120 | ---- | C] () -- C:\Users\Gisela\Documents\17122011.reg
[2011.12.16 23:25:14 | 195,131,308 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.12.11 20:09:47 | 000,002,400 | ---- | C] () -- C:\Users\Gisela\untitled1_MAS.bak
[2011.12.09 19:23:51 | 000,001,891 | ---- | C] () -- C:\Users\Gisela\Desktop\GeoGebra 4.lnk
[2011.12.02 20:36:28 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010.09.02 19:07:58 | 000,000,229 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010.09.02 19:07:58 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010.09.02 19:07:35 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.09.02 19:07:35 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.09.02 19:07:13 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2010.09.02 19:06:46 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2010.09.02 19:02:41 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2010.01.14 22:17:27 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.01.14 22:17:27 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.01.14 22:17:27 | 000,008,704 | ---- | C] () -- C:\Windows\System32\vidccleaner.exe
[2009.10.30 22:15:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.09.11 20:20:36 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.11 20:20:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.11 20:19:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.08.28 16:28:14 | 000,001,356 | ---- | C] () -- C:\Users\Gisela\AppData\Local\d3d9caps.dat
[2009.06.11 10:46:44 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll
[2009.06.11 10:46:43 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll
[2009.06.11 10:46:43 | 000,040,960 | ---- | C] () -- C:\Windows\System32\maplec.dll
[2009.05.06 18:03:37 | 000,020,992 | ---- | C] () -- C:\Users\Gisela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.09 12:00:58 | 000,028,672 | ---- | C] () -- C:\Windows\System32\VendorCmdRW.dll
[2009.03.30 11:17:26 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009.03.30 11:17:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009.03.30 11:17:26 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009.03.30 11:17:26 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008.08.13 12:59:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.08.13 12:59:34 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.08.13 12:59:34 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.08.13 12:59:34 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.08.13 12:59:34 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.08.13 12:59:34 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008.08.13 12:51:12 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008.08.13 12:36:31 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008.08.13 12:36:30 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008.08.13 12:36:29 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.08.13 12:36:27 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008.08.13 11:51:33 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.06.23 12:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008.05.23 16:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
[2008.04.22 00:46:28 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.01.21 09:21:25 | 000,618,442 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:21:25 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:21:25 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:21:25 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:44:53 | 000,366,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 11:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >
--- --- ---

Extra.txt
OTL Logfile:
Code:
OTL Extras logfile created on: 20.12.2011 21:56:23 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = G:\
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 58,12% Memory free
3,98 Gb Paging File | 3,20 Gb Available in Paging File | 80,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,37 Gb Total Space | 36,30 Gb Free Space | 48,82% Space Free | Partition Type: NTFS
Drive E: | 73,21 Gb Total Space | 68,05 Gb Free Space | 92,95% Space Free | Partition Type: NTFS
Drive G: | 245,73 Mb Total Space | 243,60 Mb Free Space | 99,14% Space Free | Partition Type: FAT
 
Computer Name: GISELA-PC | User Name: Gisela | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome ()
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 ()
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 ()
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" ()
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4409C460-59B0-4EB6-BB54-CF5BEFA1E672}" = dir=in | app=c:\desktop\powerdirector\pdr.exe |
"{45264540-5051-4691-A91C-359DFBF42523}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{6EFA4046-2605-4D7B-8276-4617424AF9EE}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{220C7263-851E-4D91-8AEB-0E35FB464748}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{9B52B132-DBFF-450C-A977-A555F9F478AB}C:\program files\maple 12\jre\bin\maple.exe" = protocol=6 | dir=in | app=c:\program files\maple 12\jre\bin\maple.exe |
"TCP Query User{AB98DD90-54B5-401F-9232-2560D0FAB638}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{BDE0859D-929E-42C9-B512-A59E607355B3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{DCF6F3AB-9FEE-474B-AEF0-6214AAF6BA44}C:\program files\maxima-5.19.2\bin\xmaxima.exe" = protocol=6 | dir=in | app=c:\program files\maxima-5.19.2\bin\xmaxima.exe |
"UDP Query User{400DAD42-7B03-488F-A81C-C42C386E7841}C:\program files\maxima-5.19.2\bin\xmaxima.exe" = protocol=17 | dir=in | app=c:\program files\maxima-5.19.2\bin\xmaxima.exe |
"UDP Query User{63107EAC-D450-4E8E-85F5-03DE4934BFE3}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{76AD0DBA-76DD-42B2-9255-3E6DCF9C4693}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{92512D89-335B-4F9A-A795-755C544D9294}C:\program files\maple 12\jre\bin\maple.exe" = protocol=17 | dir=in | app=c:\program files\maple 12\jre\bin\maple.exe |
"UDP Query User{F24AE3C5-C421-4C51-9FF5-0C7625CD3FD4}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 30
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite MFC-250C
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{5782EFD2-603D-4AFA-87EF-7CB54044839C}" = Winfunktion Mathematik plus 17
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A80AC620-12FA-11D5-B287-0050DA4BBA2C}" = Riding Star
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow!
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX-Setup
"DynaGeo_is1" = DynaGeo 3.1f
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ICQToolbar" = ICQ Toolbar
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Maple 12" = Maple 12
"Maxima-5.19.2_is1" = Maxima 5.19.2
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiKTeX 2.7" = MiKTeX 2.7
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"myphotobook" = myphotobook 3.6
"NSS" = Norton Security Scan
"PhotoScape" = PhotoScape
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeXnicCenter_is1" = TeXnicCenter Version 1 Beta 7.50
"Uninstall_is1" = Uninstall 1.0.0.1
"Veoh Web Player Beta" = Veoh Web Player
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 0.9.9
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GeoGebra 4" = GeoGebra 4
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 05.07.2011 07:20:15 | Computer Name = Gisela-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 05.07.2011 14:40:59 | Computer Name = Gisela-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 05.07.2011 14:42:12 | Computer Name = Gisela-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 06.07.2011 05:17:53 | Computer Name = Gisela-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 06.07.2011 05:19:08 | Computer Name = Gisela-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 06.07.2011 14:59:52 | Computer Name = Gisela-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 06.07.2011 15:01:10 | Computer Name = Gisela-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 07.07.2011 05:19:47 | Computer Name = Gisela-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 07.07.2011 05:21:02 | Computer Name = Gisela-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 07.07.2011 15:42:12 | Computer Name = Gisela-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
[ System Events ]
Error - 20.12.2011 15:04:27 | Computer Name = Gisela-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 20.12.2011 15:04:27 | Computer Name = Gisela-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 20.12.2011 16:03:50 | Computer Name = Gisela-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 20.12.2011 16:03:50 | Computer Name = Gisela-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 20.12.2011 16:03:50 | Computer Name = Gisela-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 20.12.2011 16:03:50 | Computer Name = Gisela-PC | Source = Service Control Manager | ID = 7023
Description =
 
Error - 20.12.2011 16:03:50 | Computer Name = Gisela-PC | Source = Service Control Manager | ID = 7003
Description =
 
Error - 20.12.2011 16:03:50 | Computer Name = Gisela-PC | Source = Service Control Manager | ID = 7003
Description =
 
Error - 20.12.2011 16:03:50 | Computer Name = Gisela-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 20.12.2011 16:03:50 | Computer Name = Gisela-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
--- --- ---

Larina 20.12.2011 22:13
TDSSKiller
Code:
22:03:14.0536 1068        TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
22:03:14.0552 1068        ============================================================
22:03:14.0552 1068        Current date / time: 2011/12/20 22:03:14.0552
22:03:14.0552 1068        SystemInfo:
22:03:14.0552 1068       
22:03:14.0552 1068        OS Version: 6.0.6002 ServicePack: 2.0
22:03:14.0552 1068        Product type: Workstation
22:03:14.0552 1068        ComputerName: GISELA-PC
22:03:14.0552 1068        UserName: Gisela
22:03:14.0552 1068        Windows directory: C:\Windows
22:03:14.0552 1068        System windows directory: C:\Windows
22:03:14.0552 1068        Processor architecture: Intel x86
22:03:14.0552 1068        Number of processors: 1
22:03:14.0552 1068        Page size: 0x1000
22:03:14.0552 1068        Boot type: Normal boot
22:03:14.0552 1068        ============================================================
22:03:15.0145 1068        Initialize success
22:03:31.0369 3924        ============================================================
22:03:31.0369 3924        Scan started
22:03:31.0369 3924        Mode: Manual; SigCheck; TDLFS;
22:03:31.0369 3924        ============================================================
22:03:32.0055 3924        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:03:32.0149 3924        ACPI - ok
22:03:32.0305 3924        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
22:03:32.0336 3924        adp94xx - ok
22:03:32.0445 3924        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
22:03:32.0461 3924        adpahci - ok
22:03:32.0695 3924        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
22:03:32.0710 3924        adpu160m - ok
22:03:32.0851 3924        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
22:03:32.0866 3924        adpu320 - ok
22:03:33.0100 3924        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:03:33.0178 3924        AFD - ok
22:03:33.0475 3924        AgereSoftModem  (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys
22:03:33.0709 3924        AgereSoftModem - ok
22:03:34.0161 3924        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
22:03:34.0161 3924        agp440 - ok
22:03:34.0426 3924        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:03:34.0426 3924        aic78xx - ok
22:03:34.0847 3924        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
22:03:34.0847 3924        aliide - ok
22:03:34.0957 3924        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
22:03:34.0972 3924        amdagp - ok
22:03:35.0050 3924        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
22:03:35.0066 3924        amdide - ok
22:03:35.0128 3924        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
22:03:35.0237 3924        AmdK7 - ok
22:03:35.0362 3924        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
22:03:35.0409 3924        AmdK8 - ok
22:03:35.0487 3924        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
22:03:35.0487 3924        arc - ok
22:03:35.0596 3924        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
22:03:35.0612 3924        arcsas - ok
22:03:35.0674 3924        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:03:35.0721 3924        AsyncMac - ok
22:03:35.0783 3924        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:03:35.0799 3924        atapi - ok
22:03:35.0924 3924        athr            (997e25f5b7d53c94c0ad2dc080f6868e) C:\Windows\system32\DRIVERS\athr.sys
22:03:36.0002 3924        athr - ok
22:03:36.0111 3924        avgio          (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
22:03:36.0111 3924        avgio - ok
22:03:36.0220 3924        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
22:03:36.0267 3924        avgntflt - ok
22:03:36.0329 3924        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
22:03:36.0345 3924        avipbb - ok
22:03:36.0439 3924        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:03:36.0470 3924        Beep - ok
22:03:36.0579 3924        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
22:03:36.0626 3924        blbdrive - ok
22:03:36.0704 3924        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:03:36.0751 3924        bowser - ok
22:03:36.0829 3924        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:03:36.0907 3924        BrFiltLo - ok
22:03:37.0000 3924        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:03:37.0047 3924        BrFiltUp - ok
22:03:37.0094 3924        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:03:37.0156 3924        Brserid - ok
22:03:37.0219 3924        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:03:37.0281 3924        BrSerWdm - ok
22:03:37.0375 3924        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:03:37.0437 3924        BrUsbMdm - ok
22:03:37.0484 3924        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:03:37.0546 3924        BrUsbSer - ok
22:03:37.0609 3924        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:03:37.0655 3924        BTHMODEM - ok
22:03:37.0733 3924        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:03:37.0796 3924        cdfs - ok
22:03:37.0889 3924        cdrom          (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
22:03:37.0905 3924        cdrom - ok
22:03:37.0967 3924        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
22:03:37.0999 3924        circlass - ok
22:03:38.0123 3924        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:03:38.0139 3924        CLFS - ok
22:03:38.0217 3924        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:03:38.0264 3924        CmBatt - ok
22:03:38.0326 3924        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
22:03:38.0326 3924        cmdide - ok
22:03:38.0404 3924        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:03:38.0420 3924        Compbatt - ok
22:03:38.0513 3924        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
22:03:38.0529 3924        crcdisk - ok
22:03:38.0591 3924        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
22:03:38.0623 3924        Crusoe - ok
22:03:38.0794 3924        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:03:38.0810 3924        disk - ok
22:03:38.0903 3924        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:03:38.0950 3924        drmkaud - ok
22:03:39.0044 3924        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
22:03:39.0059 3924        DXGKrnl - ok
22:03:39.0153 3924        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:03:39.0200 3924        E1G60 - ok
22:03:39.0309 3924        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:03:39.0325 3924        Ecache - ok
22:03:39.0403 3924        ElbyCDIO        (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys
22:03:39.0418 3924        ElbyCDIO - ok
22:03:39.0481 3924        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
22:03:39.0496 3924        elxstor - ok
22:03:39.0559 3924        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
22:03:39.0605 3924        ErrDev - ok
22:03:39.0715 3924        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:03:39.0761 3924        exfat - ok
22:03:39.0839 3924        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:03:39.0886 3924        fastfat - ok
22:03:39.0980 3924        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
22:03:39.0995 3924        fdc - ok
22:03:40.0073 3924        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:03:40.0089 3924        FileInfo - ok
22:03:40.0136 3924        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:03:40.0198 3924        Filetrace - ok
22:03:40.0261 3924        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:03:40.0292 3924        flpydisk - ok
22:03:40.0385 3924        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:03:40.0401 3924        FltMgr - ok
22:03:40.0510 3924        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:03:40.0541 3924        Fs_Rec - ok
22:03:40.0619 3924        FwLnk          (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
22:03:40.0666 3924        FwLnk - ok
22:03:40.0729 3924        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
22:03:40.0744 3924        gagp30kx - ok
22:03:40.0853 3924        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
22:03:40.0916 3924        HdAudAddService - ok
22:03:40.0994 3924        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:03:41.0025 3924        HDAudBus - ok
22:03:41.0087 3924        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:03:41.0150 3924        HidBth - ok
22:03:41.0259 3924        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:03:41.0290 3924        HidIr - ok
22:03:41.0353 3924        HidUsb          (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
22:03:41.0399 3924        HidUsb - ok
22:03:41.0462 3924        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
22:03:41.0477 3924        HpCISSs - ok
22:03:41.0540 3924        HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
22:03:41.0587 3924        HSFHWAZL - ok
22:03:41.0696 3924        HSF_DPV        (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
22:03:41.0789 3924        HSF_DPV - ok
22:03:41.0883 3924        HSXHWAZL        (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
22:03:41.0945 3924        HSXHWAZL - ok
22:03:42.0055 3924        HTTP            (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
22:03:42.0148 3924        HTTP - ok
22:03:42.0257 3924        hwdatacard      (19e6885a061011d8dabe8f64498423fa) C:\Windows\system32\DRIVERS\ewusbmdm.sys
22:03:42.0304 3924        hwdatacard - ok
22:03:42.0413 3924        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
22:03:42.0413 3924        i2omp - ok
22:03:42.0507 3924        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:03:42.0554 3924        i8042prt - ok
22:03:42.0632 3924        iaStor          (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
22:03:42.0663 3924        iaStor - ok
22:03:42.0725 3924        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
22:03:42.0725 3924        iaStorV - ok
22:03:42.0881 3924        igfx            (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:03:43.0069 3924        igfx - ok
22:03:43.0162 3924        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:03:43.0178 3924        iirsp - ok
22:03:43.0349 3924        IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
22:03:43.0599 3924        IntcAzAudAddService - ok
22:03:43.0739 3924        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
22:03:43.0739 3924        intelide - ok
22:03:43.0786 3924        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:03:43.0833 3924        intelppm - ok
22:03:43.0911 3924        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:03:43.0942 3924        IpFilterDriver - ok
22:03:44.0020 3924        IpInIp - ok
22:03:44.0067 3924        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
22:03:44.0114 3924        IPMIDRV - ok
22:03:44.0176 3924        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:03:44.0192 3924        IPNAT - ok
22:03:44.0254 3924        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:03:44.0285 3924        IRENUM - ok
22:03:44.0379 3924        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
22:03:44.0379 3924        isapnp - ok
22:03:44.0473 3924        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:03:44.0488 3924        iScsiPrt - ok
22:03:44.0535 3924        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:03:44.0551 3924        iteatapi - ok
22:03:44.0597 3924        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:03:44.0613 3924        iteraid - ok
22:03:44.0691 3924        jswpslwf        (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys
22:03:44.0738 3924        jswpslwf - ok
22:03:44.0831 3924        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:03:44.0831 3924        kbdclass - ok
22:03:44.0894 3924        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
22:03:44.0941 3924        kbdhid - ok
22:03:45.0019 3924        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
22:03:45.0034 3924        KSecDD - ok
22:03:45.0112 3924        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:03:45.0159 3924        lltdio - ok
22:03:45.0253 3924        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
22:03:45.0268 3924        LSI_FC - ok
22:03:45.0315 3924        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
22:03:45.0331 3924        LSI_SAS - ok
22:03:45.0424 3924        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
22:03:45.0440 3924        LSI_SCSI - ok
22:03:45.0471 3924        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:03:45.0533 3924        luafv - ok
22:03:45.0611 3924        mdmxsdk        (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
22:03:45.0643 3924        mdmxsdk - ok
22:03:45.0736 3924        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
22:03:45.0736 3924        megasas - ok
22:03:45.0799 3924        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
22:03:45.0814 3924        MegaSR - ok
22:03:45.0845 3924        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:03:45.0892 3924        Modem - ok
22:03:45.0955 3924        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:03:46.0001 3924        monitor - ok
22:03:46.0079 3924        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:03:46.0095 3924        mouclass - ok
22:03:46.0142 3924        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:03:46.0157 3924        mouhid - ok
22:03:46.0204 3924        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:03:46.0220 3924        MountMgr - ok
22:03:46.0251 3924        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
22:03:46.0267 3924        mpio - ok
22:03:46.0329 3924        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:03:46.0345 3924        mpsdrv - ok
22:03:46.0423 3924        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:03:46.0438 3924        Mraid35x - ok
22:03:46.0516 3924        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:03:46.0563 3924        MRxDAV - ok
22:03:46.0625 3924        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:03:46.0672 3924        mrxsmb - ok
22:03:46.0797 3924        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:03:46.0828 3924        mrxsmb10 - ok
22:03:46.0875 3924        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:03:46.0891 3924        mrxsmb20 - ok
22:03:46.0953 3924        msahci          (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
22:03:46.0969 3924        msahci - ok
22:03:47.0015 3924        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
22:03:47.0031 3924        msdsm - ok
22:03:47.0125 3924        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:03:47.0171 3924        Msfs - ok
22:03:47.0249 3924        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:03:47.0249 3924        msisadrv - ok
22:03:47.0312 3924        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:03:47.0374 3924        MSKSSRV - ok
22:03:47.0483 3924        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:03:47.0530 3924        MSPCLOCK - ok
22:03:47.0593 3924        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:03:47.0639 3924        MSPQM - ok
22:03:47.0717 3924        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:03:47.0733 3924        MsRPC - ok
22:03:47.0780 3924        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:03:47.0795 3924        mssmbios - ok
22:03:47.0920 3924        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:03:47.0967 3924        MSTEE - ok
22:03:48.0014 3924        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:03:48.0029 3924        Mup - ok
22:03:48.0123 3924        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:03:48.0154 3924        NativeWifiP - ok
22:03:48.0295 3924        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:03:48.0326 3924        NDIS - ok
22:03:48.0404 3924        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:03:48.0435 3924        NdisTapi - ok
22:03:48.0482 3924        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:03:48.0513 3924        Ndisuio - ok
22:03:48.0622 3924        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:03:48.0653 3924        NdisWan - ok
22:03:48.0700 3924        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:03:48.0731 3924        NDProxy - ok
22:03:48.0794 3924        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:03:48.0841 3924        NetBIOS - ok
22:03:48.0965 3924        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:03:48.0997 3924        netbt - ok
22:03:49.0075 3924        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:03:49.0075 3924        nfrd960 - ok
22:03:49.0168 3924        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:03:49.0199 3924        Npfs - ok
22:03:49.0262 3924        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:03:49.0309 3924        nsiproxy - ok
22:03:49.0465 3924        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:03:49.0511 3924        Ntfs - ok
22:03:49.0574 3924        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:03:49.0621 3924        ntrigdigi - ok
22:03:49.0699 3924        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:03:49.0730 3924        Null - ok
22:03:49.0823 3924        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
22:03:49.0839 3924        nvraid - ok
22:03:49.0886 3924        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
22:03:49.0901 3924        nvstor - ok
22:03:49.0948 3924        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
22:03:49.0948 3924        nv_agp - ok
22:03:49.0995 3924        NwlnkFlt - ok
22:03:50.0026 3924        NwlnkFwd - ok
22:03:50.0120 3924        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
22:03:50.0167 3924        ohci1394 - ok
22:03:50.0245 3924        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:03:50.0276 3924        Parport - ok
22:03:50.0354 3924        partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:03:50.0369 3924        partmgr - ok
22:03:50.0416 3924        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:03:50.0479 3924        Parvdm - ok
22:03:50.0603 3924        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:03:50.0619 3924        pci - ok
22:03:50.0666 3924        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
22:03:50.0681 3924        pciide - ok
22:03:50.0728 3924        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:03:50.0744 3924        pcmcia - ok
22:03:50.0806 3924        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:03:50.0869 3924        PEAUTH - ok
22:03:51.0009 3924        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:03:51.0040 3924        PptpMiniport - ok
22:03:51.0087 3924        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
22:03:51.0118 3924        Processor - ok
22:03:51.0227 3924        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:03:51.0243 3924        PSched - ok
22:03:51.0368 3924        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
22:03:51.0415 3924        ql2300 - ok
22:03:51.0477 3924        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:03:51.0493 3924        ql40xx - ok
22:03:51.0524 3924        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:03:51.0586 3924        QWAVEdrv - ok
22:03:51.0617 3924        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:03:51.0664 3924        RasAcd - ok
22:03:51.0758 3924        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:03:51.0820 3924        Rasl2tp - ok
22:03:51.0898 3924        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:03:51.0945 3924        RasPppoe - ok
22:03:52.0007 3924        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:03:52.0007 3924        RasSstp - ok
22:03:52.0117 3924        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:03:52.0163 3924        rdbss - ok
22:03:52.0226 3924        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:03:52.0257 3924        RDPCDD - ok
22:03:52.0304 3924        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
22:03:52.0335 3924        rdpdr - ok
22:03:52.0397 3924        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:03:52.0460 3924        RDPENCDD - ok
22:03:52.0569 3924        RDPWD          (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
22:03:52.0600 3924        RDPWD - ok
22:03:52.0694 3924        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:03:52.0709 3924        rspndr - ok
22:03:52.0787 3924        RTL8169        (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
22:03:52.0834 3924        RTL8169 - ok
22:03:52.0928 3924        RTSTOR          (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS
22:03:52.0975 3924        RTSTOR - ok
22:03:53.0021 3924        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:03:53.0037 3924        sbp2port - ok
22:03:53.0099 3924        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:03:53.0162 3924        secdrv - ok
22:03:53.0240 3924        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:03:53.0271 3924        Serenum - ok
22:03:53.0365 3924        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:03:53.0427 3924        Serial - ok
22:03:53.0489 3924        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:03:53.0521 3924        sermouse - ok
22:03:53.0614 3924        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
22:03:53.0645 3924        sffdisk - ok
22:03:53.0692 3924        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
22:03:53.0739 3924        sffp_mmc - ok
22:03:53.0833 3924        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
22:03:53.0864 3924        sffp_sd - ok
22:03:53.0926 3924        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:03:53.0973 3924        sfloppy - ok
22:03:54.0035 3924        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
22:03:54.0051 3924        sisagp - ok
22:03:54.0113 3924        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
22:03:54.0113 3924        SiSRaid2 - ok
22:03:54.0176 3924        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
22:03:54.0191 3924        SiSRaid4 - ok
22:03:54.0301 3924        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:03:54.0332 3924        Smb - ok
22:03:54.0410 3924        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:03:54.0425 3924        spldr - ok
22:03:54.0519 3924        sptd            (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\System32\Drivers\sptd.sys
22:03:54.0535 3924        sptd - ok
22:03:54.0644 3924        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:03:54.0706 3924        srv - ok
22:03:54.0769 3924        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:03:54.0815 3924        srv2 - ok
22:03:54.0878 3924        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:03:54.0893 3924        srvnet - ok
22:03:54.0987 3924        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
22:03:54.0987 3924        ssmdrv - ok
22:03:55.0081 3924        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:03:55.0096 3924        swenum - ok
22:03:55.0143 3924        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:03:55.0159 3924        Symc8xx - ok
22:03:55.0205 3924        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:03:55.0205 3924        Sym_hi - ok
22:03:55.0299 3924        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:03:55.0315 3924        Sym_u3 - ok
22:03:55.0393 3924        SynTP          (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
22:03:55.0408 3924        SynTP - ok
22:03:55.0517 3924        Tcpip          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
22:03:55.0595 3924        Tcpip - ok
22:03:55.0689 3924        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
22:03:55.0767 3924        Tcpip6 - ok
22:03:55.0861 3924        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:03:55.0923 3924        tcpipreg - ok
22:03:56.0032 3924        tdcmdpst        (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
22:03:56.0063 3924        tdcmdpst - ok
22:03:56.0110 3924        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:03:56.0141 3924        TDPIPE - ok
22:03:56.0219 3924        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:03:56.0251 3924        TDTCP - ok
22:03:56.0344 3924        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:03:56.0375 3924        tdx - ok
22:03:56.0485 3924        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:03:56.0500 3924        TermDD - ok
22:03:56.0609 3924        tos_sps32      (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
22:03:56.0625 3924        tos_sps32 - ok
22:03:56.0672 3924        TridVid        (171f41174a88f71e7234d7a48303c6a0) C:\Windows\system32\DRIVERS\TridVid.sys
22:03:56.0703 3924        TridVid ( UnsignedFile.Multi.Generic ) - warning
22:03:56.0703 3924        TridVid - detected UnsignedFile.Multi.Generic (1)
22:03:56.0812 3924        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:03:56.0843 3924        tssecsrv - ok
22:03:56.0890 3924        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:03:56.0921 3924        tunmp - ok
22:03:57.0031 3924        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:03:57.0062 3924        tunnel - ok
22:03:57.0140 3924        TVALZ          (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
22:03:57.0155 3924        TVALZ - ok
22:03:57.0218 3924        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
22:03:57.0218 3924        uagp35 - ok
22:03:57.0280 3924        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:03:57.0311 3924        udfs - ok
22:03:57.0374 3924        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
22:03:57.0389 3924        uliagpkx - ok
22:03:57.0467 3924        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
22:03:57.0483 3924        uliahci - ok
22:03:57.0530 3924        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:03:57.0545 3924        UlSata - ok
22:03:57.0623 3924        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:03:57.0655 3924        ulsata2 - ok
22:03:57.0686 3924        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:03:57.0717 3924        umbus - ok
22:03:57.0811 3924        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:03:57.0842 3924        usbccgp - ok
22:03:57.0889 3924        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:03:57.0935 3924        usbcir - ok
22:03:58.0029 3924        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:03:58.0045 3924        usbehci - ok
22:03:58.0123 3924        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:03:58.0169 3924        usbhub - ok
22:03:58.0247 3924        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:03:58.0294 3924        usbohci - ok
22:03:58.0372 3924        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:03:58.0419 3924        usbprint - ok
22:03:58.0497 3924        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
22:03:58.0544 3924        usbscan - ok
22:03:58.0606 3924        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:03:58.0637 3924        USBSTOR - ok
22:03:58.0715 3924        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:03:58.0731 3924        usbuhci - ok
22:03:58.0809 3924        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
22:03:58.0840 3924        usbvideo - ok
22:03:58.0918 3924        VClone          (1cdaa48cb2f7744b8d25650e050766a5) C:\Windows\system32\DRIVERS\VClone.sys
22:03:58.0949 3924        VClone - ok
22:03:59.0043 3924        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:03:59.0059 3924        vga - ok
22:03:59.0152 3924        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:03:59.0183 3924        VgaSave - ok
22:03:59.0246 3924        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
22:03:59.0261 3924        viaagp - ok
22:03:59.0308 3924        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
22:03:59.0355 3924        ViaC7 - ok
22:03:59.0402 3924        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
22:03:59.0417 3924        viaide - ok
22:03:59.0542 3924        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:03:59.0558 3924        volmgr - ok
22:03:59.0651 3924        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:03:59.0667 3924        volmgrx - ok
22:03:59.0729 3924        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:03:59.0745 3924        volsnap - ok
22:03:59.0792 3924        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
22:03:59.0807 3924        vsmraid - ok
22:03:59.0917 3924        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:03:59.0979 3924        WacomPen - ok
22:04:00.0057 3924        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:04:00.0088 3924        Wanarp - ok
22:04:00.0104 3924        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:04:00.0135 3924        Wanarpv6 - ok
22:04:00.0197 3924        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
22:04:00.0229 3924        Wd - ok
22:04:00.0307 3924        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:04:00.0338 3924        Wdf01000 - ok
22:04:00.0431 3924        winachsf        (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
22:04:00.0525 3924        winachsf - ok
22:04:00.0634 3924        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
22:04:00.0665 3924        WmiAcpi - ok
22:04:00.0775 3924        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:04:00.0821 3924        ws2ifsl - ok
22:04:00.0899 3924        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:04:00.0931 3924        WUDFRd - ok
22:04:01.0024 3924        XAudio          (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
22:04:01.0040 3924        XAudio - ok
22:04:01.0087 3924        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:04:01.0243 3924        \Device\Harddisk0\DR0 - ok
22:04:01.0258 3924        MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
22:04:01.0367 3924        \Device\Harddisk1\DR1 - ok
22:04:01.0367 3924        Boot (0x1200)  (ee927f59cc580f4744aaa761d6bbc12a) \Device\Harddisk0\DR0\Partition0
22:04:01.0367 3924        \Device\Harddisk0\DR0\Partition0 - ok
22:04:01.0399 3924        Boot (0x1200)  (d906ad2edc756e2d58a56ce8ae2c511c) \Device\Harddisk0\DR0\Partition1
22:04:01.0399 3924        \Device\Harddisk0\DR0\Partition1 - ok
22:04:01.0414 3924        Boot (0x1200)  (8de33614e07dc00c79efbb62e5dd6617) \Device\Harddisk1\DR1\Partition0
22:04:01.0414 3924        \Device\Harddisk1\DR1\Partition0 - ok
22:04:01.0414 3924        ============================================================
22:04:01.0414 3924        Scan finished
22:04:01.0414 3924        ============================================================
22:04:01.0445 2748        Detected object count: 1
22:04:01.0445 2748        Actual detected object count: 1
22:04:25.0781 2748        HKLM\SYSTEM\ControlSet001\services\TridVid - will be deleted on reboot
22:04:25.0813 2748        HKLM\SYSTEM\ControlSet002\services\TridVid - will be deleted on reboot
22:04:25.0859 2748        C:\Windows\system32\DRIVERS\TridVid.sys - will be deleted on reboot
22:04:25.0859 2748        TridVid ( UnsignedFile.Multi.Generic ) - User select action: Delete
MBRCheck
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows Vista Home Basic Edition
Windows Information:                Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:        TOSHIBA
BIOS Manufacturer:                INSYDE
System Manufacturer:                TOSHIBA
System Product Name:                Satellite L300
Logical Drives Mask:                0x0000007c

Kernel Drivers (total 150):
  0x8203A000 \SystemRoot\system32\ntkrnlpa.exe
  0x82007000 \SystemRoot\system32\hal.dll
  0x8040E000 \SystemRoot\system32\kdcom.dll
  0x80415000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x80485000 \SystemRoot\system32\PSHED.dll
  0x80496000 \SystemRoot\system32\BOOTVID.dll
  0x8049E000 \SystemRoot\system32\CLFS.SYS
  0x804DF000 \SystemRoot\system32\CI.dll
  0x805BF000 \SystemRoot\System32\drivers\pcrcx.sys
  0x8060C000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x80688000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80695000 \SystemRoot\system32\drivers\acpi.sys
  0x806DB000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x806E4000 \SystemRoot\system32\drivers\msisadrv.sys
  0x806EC000 \SystemRoot\system32\drivers\pci.sys
  0x80713000 \SystemRoot\System32\drivers\partmgr.sys
  0x80722000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x80725000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x8072F000 \SystemRoot\system32\drivers\volmgr.sys
  0x8073E000 \SystemRoot\System32\drivers\volmgrx.sys
  0x80788000 \SystemRoot\System32\drivers\mountmgr.sys
  0x80798000 \SystemRoot\system32\DRIVERS\pciide.sys
  0x8079F000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x8260C000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x826DA000 \SystemRoot\system32\drivers\atapi.sys
  0x826E2000 \SystemRoot\system32\drivers\ataport.SYS
  0x82700000 \SystemRoot\system32\drivers\msahci.sys
  0x8270A000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8273C000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8274C000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x87A00000 \SystemRoot\system32\drivers\ndis.sys
  0x87B0B000 \SystemRoot\system32\drivers\msrpc.sys
  0x87B36000 \SystemRoot\system32\drivers\NETIO.SYS
  0x87C08000 \SystemRoot\System32\drivers\tcpip.sys
  0x87CF2000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x87E09000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x87F19000 \SystemRoot\system32\drivers\volsnap.sys
  0x87F52000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
  0x87F57000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
  0x87F9A000 \SystemRoot\System32\Drivers\spldr.sys
  0x87FA2000 \SystemRoot\System32\Drivers\mup.sys
  0x87FB1000 \SystemRoot\System32\drivers\ecache.sys
  0x87FD8000 \SystemRoot\system32\drivers\disk.sys
  0x87D0D000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x87FE9000 \SystemRoot\system32\drivers\crcdisk.sys
  0x87B71000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x87E00000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x87C00000 \SystemRoot\system32\DRIVERS\FwLnk.sys
  0x87B7C000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x87DFC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8B808000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
  0x8BEEC000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8BF8C000 \SystemRoot\System32\drivers\watchdog.sys
  0x8BF98000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8BFA3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8BFE1000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8C008000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8C095000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
  0x8C0B6000 \SystemRoot\system32\DRIVERS\athr.sys
  0x8C19A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8C1AD000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8C1B8000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x8C1E7000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8C1E9000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8C1F4000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
  0x87B8B000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x87BA3000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x827BD000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8BFF0000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x87BD2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x87BE9000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x807AD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x807D0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x807DF000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x805CD000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x805E2000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x87BF4000 \SystemRoot\system32\DRIVERS\VClone.sys
  0x8C207000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
  0x8C22D000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8C22F000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8C259000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8C263000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8C270000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8C2A5000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8C800000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8C2B6000 \SystemRoot\system32\drivers\portcls.sys
  0x8C2E3000 \SystemRoot\system32\drivers\drmk.sys
  0x8C308000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
  0x8CA07000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
  0x8CB0A000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
  0x8CBBF000 \SystemRoot\system32\drivers\modem.sys
  0x8CBCC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8CBD5000 \SystemRoot\System32\Drivers\Null.SYS
  0x8CBDC000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8CBE3000 \SystemRoot\System32\drivers\vga.sys
  0x8C346000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8CBEF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8CBF7000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8C367000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8C372000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8C380000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8C389000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8C39F000 \SystemRoot\system32\DRIVERS\smb.sys
  0x8C3B3000 \SystemRoot\system32\drivers\afd.sys
  0x8CE09000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8CE3B000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8CE51000 \SystemRoot\system32\DRIVERS\jswpslwf.sys
  0x8CE56000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8CE64000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8CE77000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x8CE7D000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8CEB9000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8CEC3000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
  0x8CEC8000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x8CEEF000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
  0x8CEF1000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8CEFE000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x94670000 \SystemRoot\System32\win32k.sys
  0x8CFCC000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8CFD6000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x94890000 \SystemRoot\System32\TSDDD.dll
  0x948B0000 \SystemRoot\System32\cdd.dll
  0x8CFE5000 \SystemRoot\system32\drivers\luafv.sys
  0x87D2E000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x87D45000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x87D55000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x87FF2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x87D7F000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xA8A09000 \SystemRoot\system32\drivers\spsys.sys
  0xA8AB9000 \SystemRoot\system32\drivers\HTTP.sys
  0xA8B26000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA8B43000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA8B5C000 \SystemRoot\system32\drivers\mrxdav.sys
  0xA8B7D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA8B9C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA8BD5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x87D92000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA9204000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA9253000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
  0xA9257000 \SystemRoot\system32\drivers\peauth.sys
  0xA9335000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA933F000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA934B000 \SystemRoot\system32\DRIVERS\xaudio.sys
  0xA9353000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0xA9371000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0xA9386000 \SystemRoot\System32\Drivers\fastfat.SYS
  0xA93AE000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0xA93C3000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
  0xA93D5000 \SystemRoot\system32\drivers\13992015.sys
  0x77330000 \Windows\System32\ntdll.dll

Processes (total 63):
      0 System Idle Process
      4 System
    516 C:\Windows\System32\smss.exe
    584 csrss.exe
    628 C:\Windows\System32\wininit.exe
    636 csrss.exe
    684 C:\Windows\System32\winlogon.exe
    708 C:\Windows\System32\services.exe
    728 C:\Windows\System32\lsass.exe
    736 C:\Windows\System32\lsm.exe
    892 C:\Windows\System32\svchost.exe
    948 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    988 C:\Windows\System32\svchost.exe
    1020 C:\Windows\System32\svchost.exe
    1108 C:\Windows\System32\svchost.exe
    1128 C:\Windows\System32\svchost.exe
    1188 C:\Windows\System32\audiodg.exe
    1208 C:\Windows\System32\svchost.exe
    1224 C:\Windows\System32\SLsvc.exe
    1260 C:\Windows\System32\svchost.exe
    1368 C:\Windows\System32\svchost.exe
    1660 C:\Windows\System32\wlanext.exe
    1784 C:\Windows\System32\spoolsv.exe
    1944 C:\Windows\System32\dwm.exe
    1992 C:\Windows\explorer.exe
    2020 C:\Windows\System32\svchost.exe
    324 C:\Windows\System32\svchost.exe
    700 C:\Windows\System32\svchost.exe
    1376 C:\Windows\System32\SearchIndexer.exe
    116 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2016 C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    2068 C:\Windows\System32\igfxtray.exe
    2076 C:\Windows\System32\hkcmd.exe
    2084 C:\Windows\System32\igfxpers.exe
    2092 C:\Windows\RtHDVCpl.exe
    2108 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    2116 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    2124 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    2140 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    2148 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    2164 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    2188 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    2204 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    2212 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2276 C:\Program Files\Windows Sidebar\sidebar.exe
    2284 C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    2344 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    2676 C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
    2888 C:\Windows\System32\igfxsrvc.exe
    3000 C:\Windows\System32\taskeng.exe
    3600 C:\Windows\System32\igfxext.exe
    3660 C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
    3672 C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    2224 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    3332 C:\Windows\System32\svchost.exe
    2972 WUDFHost.exe
    1836 WmiPrvSE.exe
    3128 C:\Windows\System32\SearchProtocolHost.exe
    2260 C:\Windows\System32\SearchFilterHost.exe
    232 dllhost.exe
    804 dllhost.exe
    1076 C:\Users\Gisela\Desktop\MBRCheck.exe
    2052 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000012`f5700000  (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHZ2160BHG1, Rev: 0040020C

      Size  Device Name          MBR Status
  --------------------------------------------
    149 GB  \\.\PhysicalDrive0  Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
Larina

Chris4You 20.12.2011 22:37
Hi,

ein kleiner Fix noch, dann solltest Du noch den CCleaner laufen lassen...

Fix für OTL
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:

:OTL
[2011.12.20 18:46:30 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = dword:0x00

:Commands
[emptytemp]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

chris

Larina 21.12.2011 08:25
Hi,

Otl-log
Code:
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fb0c32de deleted successfully.
C:\Windows\3727822075 moved successfully.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk moved successfully.
C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe moved successfully.
File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk scheduled to be moved on reboot.
File C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{001a1a62-8b4b-11de-a467-001e339f7ce2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{001a1a62-8b4b-11de-a467-001e339f7ce2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{001a1a62-8b4b-11de-a467-001e339f7ce2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{001a1a62-8b4b-11de-a467-001e339f7ce2}\ not found.
File D:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e061b24-8e80-11de-9ff2-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e061b24-8e80-11de-9ff2-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e061b24-8e80-11de-9ff2-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e061b24-8e80-11de-9ff2-806e6f6e6963}\ not found.
File D:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2cf454e6-8c22-11de-a058-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2cf454e6-8c22-11de-a058-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2cf454e6-8c22-11de-a058-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2cf454e6-8c22-11de-a058-806e6f6e6963}\ not found.
File D:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5cbd67fb-ccb6-11de-bba6-85b1694fd61f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5cbd67fb-ccb6-11de-bba6-85b1694fd61f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5cbd67fb-ccb6-11de-bba6-85b1694fd61f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5cbd67fb-ccb6-11de-bba6-85b1694fd61f}\ not found.
File D:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{787d7a76-8b49-11de-a3d8-001e339f7ce2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{787d7a76-8b49-11de-a3d8-001e339f7ce2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{787d7a76-8b49-11de-a3d8-001e339f7ce2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{787d7a76-8b49-11de-a3d8-001e339f7ce2}\ not found.
File D:\setup_vmc_lite.exe /checkApplicationPresence not found.
C:\Users\Gisela\AppData\Local\fb0c32de\U folder moved successfully.
C:\Users\Gisela\AppData\Local\fb0c32de folder moved successfully.
C:\Windows\System32\%APPDATA%\Microsoft\Windows\IETldCache folder moved successfully.
C:\Windows\System32\%APPDATA%\Microsoft\Windows folder moved successfully.
C:\Windows\System32\%APPDATA%\Microsoft folder moved successfully.
C:\Windows\System32\%APPDATA% folder moved successfully.
Unable to delete ADS C:\Windows\3727822075:83086625.exe .
File C:\Windows\3727822075 not found.
C:\Windows\System32\c_16283.nl_ moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware\\"DisableMonitoring" | dword:0x00 /E : value set successfully!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
 
User: Gisela
->Temp folder emptied: 508958141 bytes
->Java cache emptied: 20831183 bytes
->FireFox cache emptied: 60570879 bytes
->Google Chrome cache emptied: 19525530 bytes
->Flash cache emptied: 1977759 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 506513973 bytes
 
Total Files Cleaned = 1,067.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
 
User: Gisela
->Temp folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 12202011_095314
CCleaner ebenfalls gelaufen.

Larina

Chris4You 21.12.2011 18:49
Hi,

na, was treibt der Rechner?
Wie gesagt, Neuaufsetzen wird empfolen...

chris

Larina 21.12.2011 20:12
Hi,

der Pc verhält sich zwar inzwischen oberflächlich wieder normal, aber ich lasse gerade avast das System überprüfen und er hat schon 5 infizierte Dateien gefunden bei 18%...
Ich fürchte um das Neuaufsetzen werden wir wohl kaum herum kommen :/

Larina

Chris4You 21.12.2011 20:17
Hi,

kommt darauf an wo er sie findet, in der quarantäne von OTL etc...
Neuaufsetzen solltest Du schon...

chris

Larina 21.12.2011 20:54
Hi,

hier die Ergebnisse (insgesamt 7 Funde):
Code:
C:\Program Files\bhv\Winfunktion Mathematik plus 17\rechner.exe -> Win32:Malware-gen
C:\Program Files\Cyberlink\Shared Files\RichVideo.#xe -> Win32:Patched-WQ [Trj]
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.#xe -> Win32:Patched-WQ [Trj]
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.#xe -> Win32:Patched-WQ [Trj]
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.#xe -> Win32.Patched-WQ [Trj]
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18451_none_894b9dbde369cb1f\dfsc.sys ->Win32:Zeroot-B [Rtk]
C:\_OTL\MovedFiles\12202011_095314\C_Windows\3727822075:83086625.exe -> Win32:Tiny-AMB [Rtk]
Ich habs mal löschen lassen und scanne jetzt erneut (Startzeitprüfung)...

Larina

Chris4You 21.12.2011 21:05
Hi,

der Rootkit hat einiges nachgezogen...
Lade Dir ComboFix neu runter und lass ihn im Anschluß laufen...

http://download.bleepingcomputer.com/sUBs/ComboFix.exe und
(Anwendung hatten wir ja schon...)

chris

Larina 21.12.2011 21:35
Hi,

nein ComboFix hatten wir noch nicht, aber da hxxp://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird steht wahrscheinlich alles, was ich wissen sollte ;)

Larina

Larina 21.12.2011 22:02
Hi,

ComboFix erzählt mir, dass der Real-Time-Scanner von AntiVir Desktop noch aktiv ist, das kann aber theoretisch nicht sein, da ich AntiVir komplett deinstalliert habe und dafür avast installiert (mag ich persönlich halt lieber) und der ist deaktiviert...Soll ich trotzdem auf Ok klicken?

Larina

PS: avast hat bei der Startzeitprüfung gesagt: 0 infizierte Dateien

Chris4You 21.12.2011 22:05
Si sancho!

Larina 21.12.2011 22:47
Hi,

es kam erst von Windows diese Meldung:
'Freeware implemention of XCACLS funktioniert nicht mehr'
Dann kam von ComboFix:
'You are infected with Rootkit.ZeroAccess! It has inserted itself into the tcp/ip stack. This is a particulary difficult infection.' gefolgt von dem Hinweis bzgl. Internetverbindung.
Dann kam was vonwegen Rootkit is detected.
Dann hat er neu gestartet. Unter C:\ ist keine Datei ComboFix.txt zu finden...

Larina

Chris4You 22.12.2011 07:23
Hi,

das Teil hat sich zu tief im System verankert (jetzt müssten wir den TCP-Stack/beteiligte Treiber auseinander nehmen), bitte Daten retten und Neuaufsetzen... hat keinen Wert mehr...

chris

Larina 22.12.2011 09:48
Hi,

da ich sowas noch nie gemacht habe, wäre ich dir sehr dankbar, wenn du mir dabei auch ein wenig hilfst.
Daten sind gesichert. Wie komme ich an die Treiber, die ich brauche (bzw wie finde ich raus, welche Treiber zur Zeit drauf sind, die ich dann nachher wieder installieren müsste)? Wie mache ich das ohne CD (soweit ich weiß ist keine Recovery-Partition drauf)? Produktschlüssel ist natürlich vorhanden.

Larina

Chris4You 22.12.2011 10:01
Hi,

lass bitte noch mal ComboFix laufen, ich möchte gerne das LOG haben...

Was für ein Rechner ist das (Lenovo?).

Wenn keine OS-DVD dabei war gibt es zwei Möglichkeiten.
1.) Der Rechner hat aufgefordert sie selbst zu erstellen
2.) Es befindet sich eine versteckte Partition auf dem Rechner die beim Booten per
Tastenkombination erreicht werden kann und dann automatisch den Auslieferungszustand wiederherstellt (Rechner komplett geputzt, keine Programme&Daten mehr..)
-> von Rechner zu Rechner verschieden...

Notfalls: http://www.netzwelt.de/download/6479...very-disc.html

Die notwendigen Teriber dann von der Homepage des Herstellers runterladen...

chris

Larina 22.12.2011 10:59
Hi,

diesmal hab ich sogar ein ComboFix Log gekriegt (Wow) Hier ist es:
Combofix Logfile:
Code:
ComboFix 11-12-21.02 - Gisela 22.12.2011  10:18:23.1.1 - x86
Microsoft® Windows Vista™ Home Basic  6.0.6002.2.1252.49.1031.18.1915.908 [GMT 1:00]
ausgeführt von:: c:\users\Gisela\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\
c:\windows\system32\drivers\
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-11-22 bis 2011-12-22  ))))))))))))))))))))))))))))))
.
.
2011-12-22 09:40 . 2011-12-22 09:42        --------        d-----w-        c:\users\Gisela\AppData\Local\temp
2011-12-22 09:40 . 2011-12-22 09:40        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-12-21 18:12 . 2011-12-21 18:33        --------        d-----w-        c:\program files\ThreatFire
2011-12-21 18:12 . 2011-12-21 18:12        --------        d-----w-        c:\programdata\PC Tools
2011-12-21 18:09 . 2011-11-28 17:53        314456        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2011-12-21 18:09 . 2011-11-28 17:52        34392        ----a-w-        c:\windows\system32\drivers\aswRdr.sys
2011-12-21 18:09 . 2011-11-28 17:52        52952        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2011-12-21 18:09 . 2011-11-28 17:51        20568        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2011-12-21 18:09 . 2011-11-28 17:53        435032        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2011-12-21 18:09 . 2011-11-28 17:52        55128        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2011-12-21 18:08 . 2011-11-28 18:01        41184        ----a-w-        c:\windows\avastSS.scr
2011-12-21 18:08 . 2011-11-28 18:01        199816        ----a-w-        c:\windows\system32\aswBoot.exe
2011-12-21 18:08 . 2011-12-21 18:08        --------        d-----w-        c:\programdata\AVAST Software
2011-12-21 18:08 . 2011-12-21 18:08        --------        d-----w-        c:\program files\AVAST Software
2011-12-21 17:58 . 2011-12-21 17:58        --------        d-----w-        c:\program files\Tracker Software
2011-12-21 06:52 . 2011-12-21 06:52        --------        d-----w-        c:\program files\CCleaner
2011-12-20 21:00 . 2011-12-20 21:00        --------        d-----w-        C:\TDSS
2011-12-20 17:35 . 2011-12-20 18:49        23624        ----a-w-        c:\windows\system32\drivers\hitmanpro35.sys
2011-12-20 17:31 . 2011-12-20 18:00        --------        d-----w-        c:\programdata\Hitman Pro
2011-12-20 14:53 . 2011-07-13 02:55        2237440        ----a-r-        C:\OTLPE.exe
2011-12-20 14:53 . 2011-12-20 14:53        --------        d-----w-        C:\_OTL
2011-12-17 09:41 . 2011-12-17 09:48        --------        d-----w-        c:\users\Gisela\AppData\Roaming\QuickScan
2011-12-17 09:20 . 2011-12-17 09:20        --------        d-----w-        c:\users\Gisela\AppData\Roaming\Malwarebytes
2011-12-17 09:20 . 2011-12-17 09:20        --------        d-----w-        c:\programdata\Malwarebytes
2011-12-17 09:20 . 2011-12-20 18:57        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-12-17 09:20 . 2011-08-31 16:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-12-16 18:57 . 2011-11-21 10:47        6823496        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{5166DE8E-2159-4D6B-9F6A-2D5D8CE66069}\mpengine.dll
2011-12-16 18:47 . 2011-11-03 22:31        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2011-12-16 18:47 . 2011-11-03 23:16        141112        ----a-w-        c:\program files\Internet Explorer\sqmapi.dll
2011-12-16 18:47 . 2011-11-03 22:37        194048        ----a-w-        c:\program files\Internet Explorer\IEShims.dll
2011-12-16 18:47 . 2011-11-03 22:39        1127424        ----a-w-        c:\windows\system32\wininet.dll
2011-12-16 18:47 . 2011-11-03 22:47        1798144        ----a-w-        c:\windows\system32\jscript9.dll
2011-12-16 18:47 . 2011-11-03 22:42        678912        ----a-w-        c:\program files\Internet Explorer\iedvtool.dll
2011-12-16 18:46 . 2011-11-03 22:40        1427456        ----a-w-        c:\windows\system32\inetcpl.cpl
2011-12-15 11:07 . 2011-11-23 13:37        2043904        ----a-w-        c:\windows\system32\win32k.sys
2011-12-15 11:06 . 2011-10-27 08:01        3602816        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2011-12-15 11:06 . 2011-10-27 08:01        3550080        ----a-w-        c:\windows\system32\ntoskrnl.exe
2011-12-15 11:06 . 2011-10-14 16:02        429056        ----a-w-        c:\windows\system32\EncDec.dll
2011-12-15 11:06 . 2011-10-25 15:56        49152        ----a-w-        c:\windows\system32\csrsrv.dll
2011-12-15 11:06 . 2011-11-08 14:42        2048        ----a-w-        c:\windows\system32\tzres.dll
2011-12-14 09:45 . 2011-12-14 09:45        170080        ----a-w-        c:\program files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
2011-12-02 19:36 . 2011-12-02 19:36        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-10 04:54 . 2010-04-30 20:51        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2011-12-02 18:50 . 2011-04-24 10:42        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-04-20 11:14 . !HASH: COULD NOT OPEN FILE !!!!! . 748336 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16421_none_58a99749ebaa0de6\iexplore.exe
[7] 2011-02-22 . 9CE5543464432CA73134F170FA2BF823 . 638232 . . [8.00.6001.23143] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23143_none_12ac5bb64907479b\iexplore.exe
[7] 2011-02-22 . C1D36A2CBE0CEC4DF593DB1288CF586E . 638232 . . [8.00.6001.19048] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19048_none_1227c05d2fe52684\iexplore.exe
[7] 2010-12-18 . 7852371DA9EFBC17B645558E23780EAC . 638232 . . [8.00.6001.23111] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23111_none_12cacae648f0c11a\iexplore.exe
[7] 2010-12-18 . B988D7F127B94BD5BF8356FE81B985C4 . 638232 . . [8.00.6001.19019] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19019_none_1249306b2fcbec08\iexplore.exe
[7] 2010-11-02 . 92A17B0A89D14815AACC62CD190B6CE3 . 638232 . . [8.00.6001.23091] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23091_none_127449a04931a37b\iexplore.exe
[7] 2010-11-02 . 5AB037B17F8A87D052F5A88E0D29A3C8 . 638232 . . [8.00.6001.18999] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18999_none_11f2d8e9300c984e\iexplore.exe
[7] 2010-09-08 . 4A719476A6393B1DCACFEB4F3AC6599C . 638232 . . [8.00.6001.23067] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23067_none_129abb204913e7b2\iexplore.exe
[7] 2010-09-08 . D5A730DFDEAE005373E62BC2A866E3BB . 638232 . . [8.00.6001.18975] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18975_none_120477992ffffb10\iexplore.exe
[7] 2010-06-26 . F05B3A2C6CB319DD1377AD566CF5ECE5 . 638232 . . [8.00.6001.23040] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23040_none_12a958f24909fe6f\iexplore.exe
[7] 2010-06-26 . 7420BE0E7D3D1320054F7ACA0594953D . 638232 . . [8.00.6001.18943] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18943_none_1222e6c92fe9748f\iexplore.exe
[7] 2010-05-04 . 48A6109E8DF0365195298CC527B7426A . 638232 . . [8.00.6001.23019] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23019_none_12d2cb5048e98eab\iexplore.exe
[7] 2010-05-04 . 5C9B1062EA7A44E8F6BFDE994B68C7AA . 638232 . . [8.00.6001.18928] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18928_none_123d88132fd4bb60\iexplore.exe
[7] 2010-02-23 . 25DB705A7DC85C208B3CF2D20F118AA7 . 638232 . . [8.00.6001.22995] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22995_none_127872a6492dd595\iexplore.exe
[7] 2010-02-23 . 9F52FBE99C749E3F32C75124F09F1B03 . 638232 . . [8.00.6001.18904] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18904_none_124f26c32fc81e22\iexplore.exe
[7] 2010-01-02 . 3D8DA00B028DEA9517066F1CECBFC4A2 . 638216 . . [8.00.6001.22973] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22973_none_128c11ea491f6b05\iexplore.exe
[7] 2010-01-02 . 88BD42DAE7CFFEB256CA7145A15E4843 . 638216 . . [8.00.6001.18882] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18882_none_11f6a4e9300acdd5\iexplore.exe
[7] 2009-11-21 . E7F8DF50E483D165BB01F367D3519AA7 . 638232 . . [8.00.6001.22956] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22956_none_12a4b2a0490c7f28\iexplore.exe
[7] 2009-11-21 . 1B6362BB14FCEB9E76BCF9A953B04788 . 638232 . . [8.00.6001.18865] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18865_none_120f459f2ff7e1f8\iexplore.exe
[7] 2009-08-27 . 9E45866CD349219784CD5A7620DBEB8A . 634632 . . [7.00.6000.16916] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16916_none_2d76f8e51cda9b48\iexplore.exe
[7] 2009-08-27 . A76AFC309AA55CD607A28AC41C7D7603 . 634632 . . [7.00.6000.21116] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21116_none_2e006dd235f86e54\iexplore.exe
[7] 2009-08-27 . BBF84F317553520BB78AEF7B047325C1 . 634648 . . [7.00.6001.18319] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18319_none_2f60386919fe783e\iexplore.exe
[7] 2009-08-27 . 7DD482E4A2E3CBB0A72F718C342F5B75 . 638216 . . [8.00.6001.22918] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22918_none_12d1f2e448ea4212\iexplore.exe
[7] 2009-08-27 . FE2DFF83B7753AC47C553EF7D5289BEE . 634648 . . [7.00.6001.22508] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22508_none_2ff3a6bc3314dfe7\iexplore.exe
[7] 2009-08-27 . 2E48756F12C21F46895036AC089AAD97 . 638232 . . [8.00.6001.18828] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18828_none_123d862d2fd4be39\iexplore.exe
[7] 2009-07-18 . 1D8163DBFECAEDB9C48C5F55084BC491 . 634648 . . [7.00.6001.18294] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18294_none_2f04b5b11a43dbec\iexplore.exe
[7] 2009-07-18 . 1D5A01AA2DE47C052AF46D7EBCB003A3 . 634648 . . [7.00.6000.16890] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_2d1a75e31d20e59f\iexplore.exe
[7] 2009-07-18 . 7FCF4E704A48D95202F3E7A1E1A21412 . 634648 . . [7.00.6000.21089] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21089_none_2db7bd56362e80c9\iexplore.exe
[7] 2009-07-18 . EBEE9E4421F35CD861107DDA0266FBB1 . 634648 . . [7.00.6001.22475] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22475_none_2fa4f48433505a52\iexplore.exe
[7] 2009-04-24 . 1F44940EF1D07D0BDAF80E55853DFBD0 . 634648 . . [7.00.6000.16851] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_2d46b5dd1cff8f32\iexplore.exe
[7] 2009-04-24 . F294D8EEB05C835EC44A12CE0A1DFE7A . 634632 . . [7.00.6001.18248] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18248_none_2f3ec6751a17b593\iexplore.exe
[7] 2009-04-24 . D5271AC4A06AD9D1E2EA0151B79B2657 . 634648 . . [7.00.6000.21046] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21046_none_2ddffc283610c500\iexplore.exe
[7] 2009-04-24 . D6157423C117F24D24695866A1D0A93F . 634648 . . [7.00.6001.22418] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22418_none_2fe8d4ea331cfeb1\iexplore.exe
[7] 2009-04-11 . 2C5168C856455CC43C4B4E1CC1920001 . 636080 . . [7.00.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d791517204c15\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\iexplore.exe
[7] 2009-03-03 . 9E6C1527D9A2C64BFD780AA23075380F . 636072 . . [7.00.6001.18226] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_2f5265b91a094b03\iexplore.exe
[7] 2009-03-03 . 8BA2B7A05F88BE0D45237A0994AD8366 . 636072 . . [7.00.6001.22389] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_none_2f9e23da3354de78\iexplore.exe
[7] 2009-03-03 . EA4BE33726155F89D89A3FE7142878E0 . 636072 . . [7.00.6000.16830] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_2d5b556b1cf03df9\iexplore.exe
[7] 2009-03-03 . 1DD66A2851DACDEC32EAE8F9A8865ABD . 636072 . . [7.00.6000.21023] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21023_none_2df29b2236034119\iexplore.exe
[7] 2009-01-15 . F0B1CA517977BA2FF6DA33F1B966C488 . 634024 . . [7.00.6000.20996] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\iexplore.exe
[7] 2009-01-15 . 0844F5B9CB3BB85A917D347EF1565B6C . 634024 . . [7.00.6000.16809] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\iexplore.exe
[7] 2008-04-25 . 07ED775D6DB4BFA96D7CFB09EB228418 . 625664 . . [7.00.6000.16681] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\iexplore.exe
[7] 2008-04-25 . 9F1427F203CA078005C9943800929640 . 625664 . . [7.00.6000.20823] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_2df2c11a360310b0\iexplore.exe
[7] 2008-02-22 . 182CAF7403705ACCB51211A761080B8F . 625664 . . [7.00.6000.20777] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\iexplore.exe
[7] 2008-02-21 . 9437CA21CD48C9B6BFD6F5AC0143D251 . 625664 . . [7.00.6000.16643] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\iexplore.exe
[7] 2008-01-21 . 5B92133D3E7FB2644677686305E29E81 . 625664 . . [7.00.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\iexplore.exe
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01        122512        ----a-w-        c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2010-01-14 378128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Gisela^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.46029141122885.exe.lnk]
path=c:\users\Gisela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.46029141122885.exe.lnk
backup=c:\windows\pss\0.46029141122885.exe.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Gisela^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\Gisela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-05-28 11:40        20480        ----a-w-        c:\program files\Google\Google EULA\GoogleEULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-04-03 19:23        3558648        ----a-w-        c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-04 135664]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-04 135664]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-08 721904]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-01-14 51984]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-01-14 59664]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-01-14 33552]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-04 15:48]
.
2011-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-04 15:48]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/skins/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - http:gmx.de
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
SafeBoot-09369117.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-MobileConnect - c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
MSConfigStartUp-UpdatePDRShortCut - c:\desktop\PowerDirector\MUITransfer\MUIStartMenu.exe
MSConfigStartUp-UpdatePPShortCut - c:\desktop\PowerProducer\MUITransfer\MUIStartMenu.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-22 10:41
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????s!?Y?l??P?R?x?R???R???R?? 
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(704)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'lsass.exe'(764)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'Explorer.exe'(1540)
c:\program files\ThreatFire\TfWah.dll
c:\windows\system32\MLANG.dll
c:\windows\system32\audioeng.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\Wlanapi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\eappcfg.dll
c:\windows\System32\ntlanman.dll
.
Zeit der Fertigstellung: 2011-12-22  10:53:16
ComboFix-quarantined-files.txt  2011-12-22 09:53
.
Vor Suchlauf: 12 Verzeichnis(se), 42.737.504.256 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 40.453.763.072 Bytes frei
.
- - End Of File - - C396529E9BB0EB4B2C583E06F4AA4C59
--- --- ---

Das Notebook ist von Toshiba, keine Ahnung welches Modell...

Larina

Chris4You 22.12.2011 11:16
Hi,

gebe zu, dass ich das erhofft habe... ;o)...


so, folgende Dateien bitte online prüfen lassen:
Dateien Online überprüfen lassen
  • Suche die Seite Virustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16421_none_58a99749ebaa0de6\iexplore.exe
c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Das müssen wirn och beseitigen...

Combofix scripten
Den folgenden Text in den Editor (Start -> Zubehör -> Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop ablegen.
Gib an "Alle Dateien" - Speichern:
Zitat:
KILLALL::

File::
c:\users\Gisela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.46029141122885.exe.lnk
c:\windows\pss\0.46029141122885.exe.lnk.Startup

Registry::
[-HKLM\~\startupfolder\C:^Users^Gisela^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.46029141122885.exe.lnk]

ClearJavaCache::
Jetzt solltest Du diese Datei auf Deinem Desktop finden, mit der Maus anklicken (rechte Taste gedrückt halten)
und per drag-and-drop auf das Combofix-Icon fallen lassen. Der sollte nun starten und das Script abarbeiten; Poste danach das Log von Combofix.

chris

Larina 22.12.2011 11:51
Hi,

die erste Datei ergab folgende Fehlermeldung:
Code:
iexplorer.exe
Sie verfügen nicht über die Berechtigung, diese Datei zu öffnen.

Wenden Sie sich an den Besitzer der Datei oder einen Administrator, um diese Berechtigung zu erhalten.
(Das Benutzerkonto ist als Administrator eingestellt...)
Die 2. Datei lieferte folgendes:
Code:
AhnLab-V3        2011.12.19.03        2011.12.19        -
AntiVir        7.11.19.166        2011.12.20        -
Antiy-AVL        2.0.3.7        2011.12.20        -
Avast        6.0.1289.0        2011.12.20        -
AVG        10.0.0.1190        2011.12.20        -
BitDefender        7.2        2011.12.20        -
ByteHero        1.0.0.1        2011.12.07        Trojan.Malware.Win32.xPack.l
CAT-QuickHeal        12.00        2011.12.20        -
ClamAV        0.97.3.0        2011.12.20        -
Commtouch        5.3.2.6        2011.12.20        -
Comodo        11025        2011.12.20        -
DrWeb        5.0.2.03300        2011.12.20        -
Emsisoft        5.1.0.11        2011.12.20        -
eSafe        7.0.17.0        2011.12.20        -
eTrust-Vet        37.0.9639        2011.12.22        -
F-Prot        4.6.5.141        2011.12.19        -
Fortinet        4.3.388.0        2011.12.20        -
GData        22        2011.12.20        -
Ikarus        T3.1.1.109.0        2011.12.20        -
Jiangmin        13.0.900        2011.12.21        -
K7AntiVirus        9.119.5720        2011.12.19        -
Kaspersky        9.0.0.837        2011.12.22        -
McAfee        5.400.0.1158        2011.12.20        -
McAfee-GW-Edition        2010.1E        2011.12.22        -
Microsoft        1.7903        2011.12.20        -
NOD32        6726        2011.12.20        -
Norman        6.07.13        2011.12.22        -
nProtect        2011-12-20.02        2011.12.20        -
Panda        10.0.3.5        2011.12.19        -
PCTools        8.0.0.5        2011.12.22        -
Prevx        3.0        2011.12.22        -
Rising        23.89.03.02        2011.12.22        -
Sophos        4.72.0        2011.12.20        -
SUPERAntiSpyware        4.40.0.1006        2011.12.20        -
Symantec        20111.2.0.82        2011.12.22        -
TheHacker        6.7.0.1.362        2011.12.19        -
TrendMicro        9.500.0.1008        2011.12.20        -
TrendMicro-HouseCall        9.500.0.1008        2011.12.20        -
VBA32        3.12.16.4        2011.12.20        -
VIPRE        11279        2011.12.20        -
ViRobot        2011.12.20.4835        2011.12.20        -
VirusBuster        14.1.125.0        2011.12.20        -
Additional information
MD5  : 5d29764082133f302126c85ab96acb80
SHA1  : 96d4f0b0af37c06aca5b7f81712d76112aa9773b
SHA256: 4ec95d6f5094cbcf032818e1823625360928810acb218ebfed32cfd31a02d9d7
Ich bin jetzt erstmal bis ca 14.30h weg, danach mach ich das ComboFix scripten.

Larina

Chris4You 22.12.2011 12:22
Hi,

ich bin dann erstmal komplett weg... ;o)...
Heute Abend wieder oline..

chris

Larina 22.12.2011 16:02
Hi,

Nachtrag zu TOSCDSPD.exe: size: 430080 bytes
cfscript laufen gelassen, Pc hat Reboot gemacht, ComboFix zeigt seit ca einer Stunde die Meldung
'Bereite Logdatei vor.
Starte keine anderen Programme, bevor ComboFix fertig ist.'
Sollte ich mir jetzt Sorgen machen, dass das so lange dauert?

Larina

Chris4You 22.12.2011 18:02
Hi,

ja....
Wie ist der Stand?
Sonst wieder von "Hand" booten...

chris

Larina 22.12.2011 18:08
Hi,

beim Runterfahren 'von Hand' hat er sich aufgehangen, also zwangsbeendet. Neu gestartet, nochmal versucht, wieder dasselbe Problem...

Larina

Chris4You 22.12.2011 20:15
Hi,

liegt wahrscheinlich am script (Zeilenumbruch)...
Code:
KILLALL::

File::
c:\users\Gisela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.46029141122885.exe.lnk
c:\windows\pss\0.46029141122885.exe.lnk.Startup

Registry::
[-HKLM\~\startupfolder\C:^Users^Gisela^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.46029141122885.exe.lnk]

ClearJavaCache::
chris
Ps.: Hilfe ich werde senil...

Larina 22.12.2011 21:28
Hi,

hat zwar immer noch lange gedauert, aber jetzt gabs ein log:
Combofix Logfile:
Code:
ComboFix 11-12-21.02 - Gisela 22.12.2011  20:38:06.1.1 - x86
Microsoft® Windows Vista™ Home Basic  6.0.6002.2.1252.49.1031.18.1915.909 [GMT 1:00]
ausgeführt von:: c:\users\Gisela\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Gisela\Desktop\cfscript.txt
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Gisela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.46029141122885.exe.lnk"
"c:\windows\pss\0.46029141122885.exe.lnk.Startup"
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-11-22 bis 2011-12-22  ))))))))))))))))))))))))))))))
.
.
2011-12-22 19:58 . 2011-12-22 20:03        --------        d-----w-        c:\users\Gisela\AppData\Local\temp
2011-12-22 19:58 . 2011-12-22 19:58        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-12-21 18:12 . 2011-12-21 18:33        --------        d-----w-        c:\program files\ThreatFire
2011-12-21 18:12 . 2011-12-21 18:12        --------        d-----w-        c:\programdata\PC Tools
2011-12-21 18:09 . 2011-11-28 17:53        314456        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2011-12-21 18:09 . 2011-11-28 17:52        34392        ----a-w-        c:\windows\system32\drivers\aswRdr.sys
2011-12-21 18:09 . 2011-11-28 17:52        52952        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2011-12-21 18:09 . 2011-11-28 17:51        20568        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2011-12-21 18:09 . 2011-11-28 17:53        435032        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2011-12-21 18:09 . 2011-11-28 17:52        55128        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2011-12-21 18:08 . 2011-11-28 18:01        41184        ----a-w-        c:\windows\avastSS.scr
2011-12-21 18:08 . 2011-11-28 18:01        199816        ----a-w-        c:\windows\system32\aswBoot.exe
2011-12-21 18:08 . 2011-12-21 18:08        --------        d-----w-        c:\programdata\AVAST Software
2011-12-21 18:08 . 2011-12-21 18:08        --------        d-----w-        c:\program files\AVAST Software
2011-12-21 17:58 . 2011-12-21 17:58        --------        d-----w-        c:\program files\Tracker Software
2011-12-21 06:52 . 2011-12-21 06:52        --------        d-----w-        c:\program files\CCleaner
2011-12-20 21:00 . 2011-12-20 21:00        --------        d-----w-        C:\TDSS
2011-12-20 17:35 . 2011-12-20 18:49        23624        ----a-w-        c:\windows\system32\drivers\hitmanpro35.sys
2011-12-20 17:31 . 2011-12-20 18:00        --------        d-----w-        c:\programdata\Hitman Pro
2011-12-20 14:53 . 2011-07-13 02:55        2237440        ----a-r-        C:\OTLPE.exe
2011-12-20 14:53 . 2011-12-20 14:53        --------        d-----w-        C:\_OTL
2011-12-17 09:41 . 2011-12-17 09:48        --------        d-----w-        c:\users\Gisela\AppData\Roaming\QuickScan
2011-12-17 09:20 . 2011-12-17 09:20        --------        d-----w-        c:\users\Gisela\AppData\Roaming\Malwarebytes
2011-12-17 09:20 . 2011-12-17 09:20        --------        d-----w-        c:\programdata\Malwarebytes
2011-12-17 09:20 . 2011-12-20 18:57        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-12-17 09:20 . 2011-08-31 16:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-12-16 18:57 . 2011-11-21 10:47        6823496        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{5166DE8E-2159-4D6B-9F6A-2D5D8CE66069}\mpengine.dll
2011-12-16 18:47 . 2011-11-03 22:31        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2011-12-16 18:47 . 2011-11-03 23:16        141112        ----a-w-        c:\program files\Internet Explorer\sqmapi.dll
2011-12-16 18:47 . 2011-11-03 22:37        194048        ----a-w-        c:\program files\Internet Explorer\IEShims.dll
2011-12-16 18:47 . 2011-11-03 22:39        1127424        ----a-w-        c:\windows\system32\wininet.dll
2011-12-16 18:47 . 2011-11-03 22:47        1798144        ----a-w-        c:\windows\system32\jscript9.dll
2011-12-16 18:47 . 2011-11-03 22:42        678912        ----a-w-        c:\program files\Internet Explorer\iedvtool.dll
2011-12-16 18:46 . 2011-11-03 22:40        1427456        ----a-w-        c:\windows\system32\inetcpl.cpl
2011-12-15 11:07 . 2011-11-23 13:37        2043904        ----a-w-        c:\windows\system32\win32k.sys
2011-12-15 11:06 . 2011-10-27 08:01        3602816        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2011-12-15 11:06 . 2011-10-27 08:01        3550080        ----a-w-        c:\windows\system32\ntoskrnl.exe
2011-12-15 11:06 . 2011-10-14 16:02        429056        ----a-w-        c:\windows\system32\EncDec.dll
2011-12-15 11:06 . 2011-10-25 15:56        49152        ----a-w-        c:\windows\system32\csrsrv.dll
2011-12-15 11:06 . 2011-11-08 14:42        2048        ----a-w-        c:\windows\system32\tzres.dll
2011-12-14 09:45 . 2011-12-14 09:45        170080        ----a-w-        c:\program files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
2011-12-02 19:36 . 2011-12-02 19:36        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-10 04:54 . 2010-04-30 20:51        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2011-12-02 18:50 . 2011-04-24 10:42        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-04-20 11:14 . !HASH: COULD NOT OPEN FILE !!!!! . 748336 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16421_none_58a99749ebaa0de6\iexplore.exe
[7] 2011-02-22 . 9CE5543464432CA73134F170FA2BF823 . 638232 . . [8.00.6001.23143] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23143_none_12ac5bb64907479b\iexplore.exe
[7] 2011-02-22 . C1D36A2CBE0CEC4DF593DB1288CF586E . 638232 . . [8.00.6001.19048] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19048_none_1227c05d2fe52684\iexplore.exe
[7] 2010-12-18 . 7852371DA9EFBC17B645558E23780EAC . 638232 . . [8.00.6001.23111] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23111_none_12cacae648f0c11a\iexplore.exe
[7] 2010-12-18 . B988D7F127B94BD5BF8356FE81B985C4 . 638232 . . [8.00.6001.19019] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19019_none_1249306b2fcbec08\iexplore.exe
[7] 2010-11-02 . 92A17B0A89D14815AACC62CD190B6CE3 . 638232 . . [8.00.6001.23091] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23091_none_127449a04931a37b\iexplore.exe
[7] 2010-11-02 . 5AB037B17F8A87D052F5A88E0D29A3C8 . 638232 . . [8.00.6001.18999] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18999_none_11f2d8e9300c984e\iexplore.exe
[7] 2010-09-08 . 4A719476A6393B1DCACFEB4F3AC6599C . 638232 . . [8.00.6001.23067] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23067_none_129abb204913e7b2\iexplore.exe
[7] 2010-09-08 . D5A730DFDEAE005373E62BC2A866E3BB . 638232 . . [8.00.6001.18975] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18975_none_120477992ffffb10\iexplore.exe
[7] 2010-06-26 . F05B3A2C6CB319DD1377AD566CF5ECE5 . 638232 . . [8.00.6001.23040] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23040_none_12a958f24909fe6f\iexplore.exe
[7] 2010-06-26 . 7420BE0E7D3D1320054F7ACA0594953D . 638232 . . [8.00.6001.18943] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18943_none_1222e6c92fe9748f\iexplore.exe
[7] 2010-05-04 . 48A6109E8DF0365195298CC527B7426A . 638232 . . [8.00.6001.23019] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23019_none_12d2cb5048e98eab\iexplore.exe
[7] 2010-05-04 . 5C9B1062EA7A44E8F6BFDE994B68C7AA . 638232 . . [8.00.6001.18928] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18928_none_123d88132fd4bb60\iexplore.exe
[7] 2010-02-23 . 25DB705A7DC85C208B3CF2D20F118AA7 . 638232 . . [8.00.6001.22995] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22995_none_127872a6492dd595\iexplore.exe
[7] 2010-02-23 . 9F52FBE99C749E3F32C75124F09F1B03 . 638232 . . [8.00.6001.18904] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18904_none_124f26c32fc81e22\iexplore.exe
[7] 2010-01-02 . 3D8DA00B028DEA9517066F1CECBFC4A2 . 638216 . . [8.00.6001.22973] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22973_none_128c11ea491f6b05\iexplore.exe
[7] 2010-01-02 . 88BD42DAE7CFFEB256CA7145A15E4843 . 638216 . . [8.00.6001.18882] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18882_none_11f6a4e9300acdd5\iexplore.exe
[7] 2009-11-21 . E7F8DF50E483D165BB01F367D3519AA7 . 638232 . . [8.00.6001.22956] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22956_none_12a4b2a0490c7f28\iexplore.exe
[7] 2009-11-21 . 1B6362BB14FCEB9E76BCF9A953B04788 . 638232 . . [8.00.6001.18865] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18865_none_120f459f2ff7e1f8\iexplore.exe
[7] 2009-08-27 . 9E45866CD349219784CD5A7620DBEB8A . 634632 . . [7.00.6000.16916] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16916_none_2d76f8e51cda9b48\iexplore.exe
[7] 2009-08-27 . A76AFC309AA55CD607A28AC41C7D7603 . 634632 . . [7.00.6000.21116] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21116_none_2e006dd235f86e54\iexplore.exe
[7] 2009-08-27 . BBF84F317553520BB78AEF7B047325C1 . 634648 . . [7.00.6001.18319] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18319_none_2f60386919fe783e\iexplore.exe
[7] 2009-08-27 . 7DD482E4A2E3CBB0A72F718C342F5B75 . 638216 . . [8.00.6001.22918] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22918_none_12d1f2e448ea4212\iexplore.exe
[7] 2009-08-27 . FE2DFF83B7753AC47C553EF7D5289BEE . 634648 . . [7.00.6001.22508] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22508_none_2ff3a6bc3314dfe7\iexplore.exe
[7] 2009-08-27 . 2E48756F12C21F46895036AC089AAD97 . 638232 . . [8.00.6001.18828] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18828_none_123d862d2fd4be39\iexplore.exe
[7] 2009-07-18 . 1D8163DBFECAEDB9C48C5F55084BC491 . 634648 . . [7.00.6001.18294] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18294_none_2f04b5b11a43dbec\iexplore.exe
[7] 2009-07-18 . 1D5A01AA2DE47C052AF46D7EBCB003A3 . 634648 . . [7.00.6000.16890] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_2d1a75e31d20e59f\iexplore.exe
[7] 2009-07-18 . 7FCF4E704A48D95202F3E7A1E1A21412 . 634648 . . [7.00.6000.21089] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21089_none_2db7bd56362e80c9\iexplore.exe
[7] 2009-07-18 . EBEE9E4421F35CD861107DDA0266FBB1 . 634648 . . [7.00.6001.22475] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22475_none_2fa4f48433505a52\iexplore.exe
[7] 2009-04-24 . 1F44940EF1D07D0BDAF80E55853DFBD0 . 634648 . . [7.00.6000.16851] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_2d46b5dd1cff8f32\iexplore.exe
[7] 2009-04-24 . F294D8EEB05C835EC44A12CE0A1DFE7A . 634632 . . [7.00.6001.18248] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18248_none_2f3ec6751a17b593\iexplore.exe
[7] 2009-04-24 . D5271AC4A06AD9D1E2EA0151B79B2657 . 634648 . . [7.00.6000.21046] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21046_none_2ddffc283610c500\iexplore.exe
[7] 2009-04-24 . D6157423C117F24D24695866A1D0A93F . 634648 . . [7.00.6001.22418] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22418_none_2fe8d4ea331cfeb1\iexplore.exe
[7] 2009-04-11 . 2C5168C856455CC43C4B4E1CC1920001 . 636080 . . [7.00.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d791517204c15\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\iexplore.exe
[7] 2009-03-03 . 9E6C1527D9A2C64BFD780AA23075380F . 636072 . . [7.00.6001.18226] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_2f5265b91a094b03\iexplore.exe
[7] 2009-03-03 . 8BA2B7A05F88BE0D45237A0994AD8366 . 636072 . . [7.00.6001.22389] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_none_2f9e23da3354de78\iexplore.exe
[7] 2009-03-03 . EA4BE33726155F89D89A3FE7142878E0 . 636072 . . [7.00.6000.16830] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_2d5b556b1cf03df9\iexplore.exe
[7] 2009-03-03 . 1DD66A2851DACDEC32EAE8F9A8865ABD . 636072 . . [7.00.6000.21023] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21023_none_2df29b2236034119\iexplore.exe
[7] 2009-01-15 . F0B1CA517977BA2FF6DA33F1B966C488 . 634024 . . [7.00.6000.20996] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\iexplore.exe
[7] 2009-01-15 . 0844F5B9CB3BB85A917D347EF1565B6C . 634024 . . [7.00.6000.16809] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\iexplore.exe
[7] 2008-04-25 . 07ED775D6DB4BFA96D7CFB09EB228418 . 625664 . . [7.00.6000.16681] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\iexplore.exe
[7] 2008-04-25 . 9F1427F203CA078005C9943800929640 . 625664 . . [7.00.6000.20823] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_2df2c11a360310b0\iexplore.exe
[7] 2008-02-22 . 182CAF7403705ACCB51211A761080B8F . 625664 . . [7.00.6000.20777] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\iexplore.exe
[7] 2008-02-21 . 9437CA21CD48C9B6BFD6F5AC0143D251 . 625664 . . [7.00.6000.16643] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\iexplore.exe
[7] 2008-01-21 . 5B92133D3E7FB2644677686305E29E81 . 625664 . . [7.00.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\iexplore.exe
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01        122512        ----a-w-        c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2010-01-14 378128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Gisela^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\Gisela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-05-28 11:40        20480        ----a-w-        c:\program files\Google\Google EULA\GoogleEULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-04-03 19:23        3558648        ----a-w-        c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-04 135664]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-04 135664]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-08 721904]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-01-14 51984]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-01-14 59664]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-01-14 33552]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-04 15:48]
.
2011-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-04 15:48]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/skins/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - http:gmx.de
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-22 21:02
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????s!?Y?l??P?R?x?R???R???R?? 
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(704)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'lsass.exe'(764)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'Explorer.exe'(3396)
c:\program files\ThreatFire\TfWah.dll
c:\windows\system32\msi.dll
c:\windows\system32\timedate.cpl
c:\windows\system32\ACTXPRXY.DLL
c:\windows\System32\msshsq.dll
c:\windows\system32\thumbcache.dll
c:\windows\system32\MLANG.dll
c:\windows\System32\SndVolSSO.dll
c:\windows\system32\AUDIOSES.DLL
c:\windows\system32\audioeng.dll
c:\windows\system32\Wlanapi.dll
c:\windows\System32\AltTab.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\ThreatFire\TFService.exe
c:\windows\system32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\WUDFHost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-22  21:16:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-12-22 20:15
ComboFix2.txt  2011-12-22 09:53
.
Vor Suchlauf: 15 Verzeichnis(se), 40.222.674.944 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 40.194.310.144 Bytes frei
.
- - End Of File - - A0D9B972F3AB99A400919FA9BE0FCEA5
--- --- ---


Was jetzt?

Larina

Chris4You 22.12.2011 22:06
Hi,

das Log sieht OK aus.
Ich wäre allerdings versucht das hier per CF zu "killen"...
Code:
c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16421_none_58a99749ebaa0de6\iexplore.exe
Lass mich raten, soweit verhält sich der Rechner "normal"?

chris

Larina 22.12.2011 22:57
Hi,

soweit ich das beurteilen kann (ich arbeite ja fast nie an dem Pc ^^) verhält er sich recht normal. Allerdings lässt sich zB die Datei HiJackThis204.exe nicht vom Desktop in den Papierkorb verschieben ('Zugriff auf den Zielordner verweigert. Sie benötigen Berechtigungen zur Durchführung des Vorgangs.')
Wenn ich die Datei per CF killen soll, dann poste das entsprechende Script bitte ;)

Larina

Chris4You 23.12.2011 07:54
Hi,

wenn Du als Admin unterwegs bist (für Deine Mutter unbedingt ein Gastkonto mit eingeschränkten Rechten zum Surfen einrichten), dann hat das Teil Ausführungsbeschränkungen in der Reg. hinterlassen....

Lass uns mal nachschauen...

Lade SystemLook von einem der folgenden Links und speichere das Tool auf dem Desktop.
http://jpshortstuff.247fixes.com/SystemLook.exe - http://images.malwareremoval.com/jps...SystemLook.exe
  • Doppelklick auf die SystemLook.exe, um das Tool zu starten.
  • Vista-User/Win7 mit Rechtsklick und als Administrator starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] /s
  • Klicke nun auf den Button Look, um den Scan zu starten.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

chris

Larina 23.12.2011 12:12
Hi,

hier ist das Log:
Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 12:06 on 23/12/2011 by Gisela
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions]
"mscoree.dll"= 0x0000000001 (1)
"mscorwks.dll"= 0x0000000001 (1)
"mso.dll"= 0x0000000001 (1)
"msjava.dll"= 0x0000000001 (1)
"msci_uno.dll"= 0x0000000001 (1)
"jvm.dll"= 0x0000000001 (1)
"jvm_g.dll"= 0x0000000001 (1)
"javai.dll"= 0x0000000001 (1)
"vb40032.dll"= 0x0000000001 (1)
"vbe6.dll"= 0x0000000001 (1)
"ums.dll"= 0x0000000001 (1)
"main123w.dll"= 0x0000000001 (1)
"udtapi.dll"= 0x0000000001 (1)
"mscorsvr.dll"= 0x0000000001 (1)
"eMigrationmmc.dll"= 0x0000000001 (1)
"eProcedureMMC.dll"= 0x0000000001 (1)
"eQueryMMC.dll"= 0x0000000001 (1)
"EncryptPatchVer.dll"= 0x0000000001 (1)
"Cleanup.dll"= 0x0000000001 (1)
"divx.dll"= 0x0000000001 (1)
"divxdec.ax"= 0x0000000001 (1)
"fullsoft.dll"= 0x0000000001 (1)
"NSWSTE.dll"= 0x0000000001 (1)
"ASSTE.dll"= 0x0000000001 (1)
"NPMLIC.dll"= 0x0000000001 (1)
"PMSTE.dll"= 0x0000000001 (1)
"AVSTE.dll"= 0x0000000001 (1)
"NAVOPTRF.dll"= 0x0000000001 (1)
"DRMINST.dll"= 0x0000000001 (1)
"TFDTCTT8.dll"= 0x0000000001 (1)
"DJSMAR00.dll"= 0x0000000001 (1)
"xlmlEN.dll"= 0x0000000001 (1)
"ISSTE.dll"= 0x0000000001 (1)
"symlcnet.dll"= 0x0000000001 (1)
"ppw32hlp.dll"= 0x0000000001 (1)
"Apitrap.dll"= 0x0000000001 (1)
"Vegas60k.dll"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEInstal.exe]
"ExecuteOptions"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE]
(No values found)


-= EOF =-
Larina

Chris4You 25.12.2011 10:51
Hi,

i.O. sonst löschen wir die Dateien per Killbox oder per CF...

chris

Larina 25.12.2011 14:33
Hi und frohe Weihnachten,

ich versuch die Dateien dann nachher mal mit Killbox zu löschen. Wolltest du jetzt noch ein CF Script für die iexplorer.exe machen oder nicht?

Larina

Chris4You 27.12.2011 07:15
Hi,

Den folgenden Text in den Editor (Start -> Zubehör -> Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop ablegen.
Gib an "Alle Dateien" - Speichern:
Code:
KILLALL::

File::
c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16421_none_58a99749ebaa0de6\iexplore.exe
Jetzt solltest Du diese Datei auf Deinem Desktop finden, mit der Maus anklicken (rechte Taste gedrückt halten)
und per drag-and-drop auf das Combofix-Icon fallen lassen. Der sollte nun starten und das Script abarbeiten; Poste danach das Log von Combofix.

chris

Larina 27.12.2011 21:05
Hi,

ComboFix sagt jetzt bei der Ausführung wieder 'You are infected with Rootkit ZeroAccess usw.' und startet dann den Pc neu, um Rootkitaktivitäten zu unterbinden. Nach dem Neustart hab ich das Skript also wieder ausgeführt mit demselben Erfolg (Infected-Meldung, Neustart). Das ganze Prozedere drei mal...hat sich aber nichts gebessert. Insbesondere kommt er so nie dazu das Skript auszuführen (oder mache ich was falsch?). Ich denke dann mal, dass es jetzt endgültig vorbei ist und ich neuaufsetzen muss? (Ab morgen Mittag habe ich erstmal 2 Tage kein Internet mehr.)

Larina

Chris4You 27.12.2011 22:07
Hi,

hast du es mit einer neuen Version von Combofix probiert?
Die veralten sehr schnell...
Mich würde die Aussgabe von hitman interssieren, kannst Du Dir da auch nochmal eine neue Version besorgen und laufen lassen?.

Danke,
chris

Larina 30.12.2011 18:45
Hi,

ich hege arge Zweifel daran, dass wir das Problem noch in den Griff bekommen, deswegen habe ich jetzt begonnen das System neu aufzusetzen.
Ich möchte mich an dieser Stelle trotzdem für die schnelle, ausführliche und kompetente Hilfe bedanken! *Riesen Lob*

Larina

Chris4You 01.01.2012 11:33
Hi,

Danke, mir wäre es aber trotzdem lieber gewesen, wir hätten es hin bekommen. Bitte auf jeden Fall die Festplatte komplett formatieren und nach versteckten, sehr kleinen Partitionen (nur mehrer MB groß) ausschau halten, da ist dann TDSS4 im Spiel...

Schöne Feiertage und nachträglich guten Rutsch,
chris


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:36 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131