|
Plagegeister aller Art und deren Bekämpfung: unbekannter Virus, blockiert Antivir, MBAM, Otl etc.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.12.2011, 11:08 | #1 |
| unbekannter Virus, blockiert Antivir, MBAM, Otl etc. Hallo, meine Mutter hat sich irgendwas auf ihrem Laptop (OS: Windows Vista Home Basic, 32-bit) eingefangen und ich soll es nun beseitigen. Leider bin ich nicht wirklich gut in diesen Dingen und mit meinem Bemühungen bis jetzt gescheitert. Angefangen hat alles mit der Fake-Meldung von der Bundespolizei und der 100€ Zahlungsaufforderung per UCash. Diese Erscheinung habe ich offensichtlich wegbekommen, indem ich eine exe-Datei im Temp Ordner gelöscht habe. Allerdings blieb die Begleiterscheinung, dass sämtliche Explorer (Firefox, IE, Chrome) ständig auf merkwürdige Seiten umleiten. Daraufhin wollte ich das System mit Avira Antivir scannen, allerdings stürzte der Scanvorgang schnell ab und ließ sich nicht wieder starten. Daraufhin habe ich MBAM installiert, aber auch das stürzte nach 2 Sekunden ab und jeder weitere Versuch es zu starten ergab die Fehlermeldung: 'Auf das angegebene Gerät, bzw. den Pfad oder die Datei kann nicht zugegriffen werden. Sie verfügen eventuell nicht über ausreichend Berechtigungen, um auf das Element zugreifen zu können.' Genau dasselbe Verhalten legte der PC an den Tag, als ich es mit HijackThis versucht habe. Daraufhin habe ich dieses Forum gefunden und hoffe nun, dass mir hier jemand helfen kann... Entsprechend der Anweisungen habe ich Defogger.exe ausgeführt, das war unproblematisch. Aber sowohl bei dem Versuch Otl.exe auszuführen als auch bei dem Versuch GMER auszuführen passierte dasselbe wie schon bei MBAM: nach wenigen Sekunden stürzte das jeweilige Programm ab und ließ sich dann mit entsprechender Fehlermeldung nicht mehr öffnen. (Bei MBAM habe ich es auch schon mit Umbenennung in firefox.exe versucht, was ebenfalls nichts gebracht hat...) Dementsprechend habe ich leider auch keine Logs. Was kann ich noch tun, um Otl und GMER ans Laufen zu kriegen? Oder welche anderen Analysetools sollte ich verwenden? Vielen Dank schonmal für die Hilfe! Grüße Larina Edit: Im abgesicherten Modus treten dieselben Fehlermeldungen auf. |
19.12.2011, 11:13 | #2 |
| unbekannter Virus, blockiert Antivir, MBAM, Otl etc. Hi,
__________________das hört sich nicht gut an... Probeier opb Du in den abgesicherten Modus (F8 beim Booten) kommt und da OTL ausführen kannst... chris
__________________ |
19.12.2011, 11:19 | #3 |
| unbekannter Virus, blockiert Antivir, MBAM, Otl etc. Wie bereits im Anfangspost editiert: Es kommt dieselbe Fehlermeldung vonwegen ich hab kein Zugriffsrecht...
__________________ |
19.12.2011, 12:00 | #4 |
| unbekannter Virus, blockiert Antivir, MBAM, Otl etc. Hi, kannst Du über einen anderen Account einsteigen? Sonst bleibt nur noch von Rettungs-CD booten und den Rechner untrtsuchen lassen. Dazu ist es u. U. notwendig im Bios die Bootreihenfolge umzustellen Bootreihenfolge ändern: Startreihenfolge im BIOS ändern Antivir, Rescue-CD Avira Support Dort bitte das Rescue System sowie das update dazu runterladen. Beim Start der Anwendung leere CD in den Brenner, CD brennen lassen. Zweite CD brennen mit dem ausgepackten Update. Von CD booten (Einstellung im BIOS vornehmen)... Wenn nichts mehr geht - Avira bietet Rettungs-CD zum Download an - Antivirus & Antispyware - PC-WELT oder Dr. Web-Live-CD Lade Dir das Abbild (Dr.Web CureIt! —) runter (jeweils die neuste Version, z. Z. http://download.geo.drweb.com/pub/dr...livecd-600.iso) und brenne es auf CD/DVD. Stelle dann im BIOS die Bootreihenfolge um (zuerst von CD booten), boote dann von der erstellten CD und starte Dr. Web Live CD (default). Lass dann alle Festplatten untersuchen... Bei Funden bitte Name und Pfad notieren, bevor du sie von Dr. Web beseitigen lässt... Weiter Anweisungen: Dr.Web CureIt! — chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
19.12.2011, 12:39 | #5 |
| unbekannter Virus, blockiert Antivir, MBAM, Otl etc. Hi, mir ist doch noch was eingefallen, rkill... Das killt alles, ev. erhältst Du dann Zugriff und kannst MAM oder OTL ausführen... Lade Dir RKILL auf den Desktop (http://download.bleepingcomputer.com/grinler/rkill.exe (exe) oder http://download.bleepingcomputer.com/grinler/rkill.scr (scr)
chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
19.12.2011, 13:58 | #6 |
| unbekannter Virus, blockiert Antivir, MBAM, Otl etc. Hi, rkill habe ich gestern abend mal versucht, aber nach einer Laufzeit von ca einer Stunde stand da immer noch 'Terminating known malware processes. Please be patient.' (o.ä.), das kam mir verdächtig lang vor, deswegen habe ich es dann erstmal abgebrochen. Im Moment lasse ich diese DrWebLiveCD laufen (seit 1 3/4 Stunden). Bis jetzt hat er 28 Bedrohungen gefunden. Wenn der Scan durch ist, poste ich die Ergebnisse. Larina |
19.12.2011, 14:54 | #7 |
| unbekannter Virus, blockiert Antivir, MBAM, Otl etc. Hi, Du solltest Dich (und Deine Mutter) wahrscheinlich seelisch und moralisch auf das Neuaufsetzen vorbereiten.. Aber schua-ma-mal... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
19.12.2011, 15:18 | #8 |
| unbekannter Virus, blockiert Antivir, MBAM, Otl etc. Hi, das habe ich zum Glück vorbeugend schonmal getan, ergo die wichtigsten Daten sind bereits auf einen Stick kopiert (wie gut, dass meine Mutter nur so wenig wichtige Dinge auf dem Pc hat ^^) Larina |
19.12.2011, 22:27 | #9 |
| unbekannter Virus, blockiert Antivir, MBAM, Otl etc. Hi, ich war gerade längere Zeit weg und hatte den Scan weiterlaufen lassen, als ich wiederkam und sehen wollte, ob er nun endlich fertig ist, musste ich feststellen, dass nur noch der grüne Bildschirmhintergrund zu sehen war und von dem Scan nichts mehr. Ist das normal? (Ich dachte nach dem Scan wartet das Programm auf weitere Anweisungen...) Bis ich weggegangen bin, sah es wie folgt aus: 64 infizierte Dateien und einige (ich weiß nicht mehr wieviele) nicht scannbare Dateien. Hier die einzelnen Ergebnisse: Code:
ATTFilter File -> details (action) /win/D:/pagefile.sys -> file too large, skipped (contains an error) /win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/011196e2.qua -> packed by BINARY PACKAGE - thread detected /win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/014a961e.qua -> packed by BINARY PACKAGE - thread detected /win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/1104c7cf.qua -> packed by BINARY PACKAGE - thread detected /win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/111def64.qua -> packed by BINARY PACKAGE - thread detected /win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/22cef180.qua -> packed by BINARY PACKAGE - thread detected /win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/354cbf23.qua -> packed by BINARY PACKAGE - thread detected /win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/4008a8be.qua -> packed by BINARY PACKAGE - thread detected /win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/44f5bdf9.qua -> packed by BINARY PACKAGE - thread detected /win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/4bdee396.qua -> packed by BINARY PACKAGE - thread detected /win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/4be9e367.qua -> packed by BINARY PACKAGE - thread detected /win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/5349c999.qua -> packed by BINARY PACKAGE - thread detected /win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/537ef694.qua -> packed by BINARY PACKAGE - thread detected /win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/5910a8b7.qua -> packed by BINARY PACKAGE - thread detected /win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/5da5c687.qua -> packed by BINARY PACKAGE - thread detected /win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/5dbcd021.qua -> packed by BINARY PACKAGE - thread detected /win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/674ad916.qua -> packed by BINARY PACKAGE - thread detected /win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/677de388.qua -> packed by BINARY PACKAGE - thread detected /win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/6d13aaa2.qua -> packed by BINARY PACKAGE - thread detected /win/D:/Dokumente und Einstellungen/All Users/Avira/AntiVir Desktop/INFECTED/6d52bc57.qua -> packed by BINARY PACKAGE - thread detected /win/D:/Dokumente und Einstellungen/Gisela/AppData/Local/fb0c32de/X -> infected with BackDoor.Maxplus.442 /win/D:/Dokumente und Einstellungen/Gisela/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/BBNXHQI8/Installer[1].exe -> archive NSIS (contains an error) /win/D:/Dokumente und Einstellungen/Gisela/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/QTFCR0MO/2[1].exe -> infected with Backdoor.Maxplus.482 /win/D:/Dokumente und Einstellungen/Gisela/AppData/Local/Mozilla/Firefox/Profiles/cxtagmqf.default/Cache/1/35/024B8d01 -> infected with Exploit.PDF.2645 /win/D:/Dokumente und Einstellungen/Gisela/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/0/47346c40-4775eac5 -> infected with Trojan.Inject.59380 /win/D:/Dokumente und Einstellungen/Gisela/Downloads/avira_antivir_personal_de.exe -> archive RAR (contains an error) /win/D:/Program Files/Avira/AntiVir Desktop/avguard.exe -> infected with Trojan.Starter.1695 /win/D:/Program Files/Avira/AntiVir Desktop/avshadow.exe -> infected with Trojan.Starter.1695 /win/D:/Program Files/Avira/AntiVir Desktop/update.exe -> infected with Trojan.Starter.1695 /win/D:/Program Files/Avira/AntiVir Desktop/sched.exe -> infected with Trojan.Starter.1695 /win/D:/Program Files/Cyberlink/Shared Files/RichVideo.exe -> infected with Trojan.Starter.1695 /win/D:/Program Files/DivX/DivX Plus Player/DPXPlugins/DPXDeviceManagerPlugin.dll -> packed by PECOMPACT (contains an error) /win/D:/Program Files/DivX/DivX Plus Player/DPXPlugins/DPXDFXAudioPlugin.dll -> packed by PECOMPACT (contains an error) /win/D:/Program Files/DivX/DivX Plus Player/DPXPlugins/DPXDownloadManagerPlugin.dll -> packed by PECOMPACT (contains an error) /win/D:/Program Files/DivX/DivX Plus Player/DSEPlugins/DivXAACDecode.dll -> packed by PECOMPACT (contains an error) /win/D:/Program Files/DivX/DivX Plus Player/DSEPlugins/DivXASPDecode.dll -> packed by PECOMPACT (contains an error) /win/D:/Program Files/DivX/DivX Plus Player/DSEPlugins/DivXAVCDecode.dll -> packed by PECOMPACT (contains an error) /win/D:/Program Files/DivX/DivX Plus Player/DSEPlugins/MP3SurroundDecode.dll -> packed by PECOMPACT (contains an error) /win/D:/Program Files/DivX/DivX Plus Web Player/Stream Engine/DivXAACDecode.dll -> packed by PECOMPACT (contains an error) /win/D:/Program Files/DivX/DivX Plus Web Player/Stream Engine/DivXASPDecode.dll -> packed by PECOMPACT (contains an error) /win/D:/Program Files/DivX/DivX Plus Web Player/Stream Engine/DivXAVCDecode.dll -> packed by PECOMPACT (contains an error) /win/D:/Program Files/DivX/DivX Plus Web Player/Stream Engine/MP3SurroundDecode.dll -> packed by PECOMPACT (contains an error) /win/D:/Program Files/MiKTeX 2.7/scripts/pax/pax.jar -> archive ZIP (contains an error) /win/D:/Program Files/TOSHIBA/ConfigFree/CFsvcs.exe -> infected with Trojan.Starter.1695 /win/D:/Program Files/TOSHIBA/TOSHIBA DVD PLAYER/TNaviSrv.exe -> infected with Trojan.Starter.1695 /win/D:/Program Files/Vodafone/Vodafone Mobile Connect/Bin/VMCService.exe -> infected with Trojan.Starter.1695 /win/D:/Program Files/ICQ6.5/Zip.dll -> archive CHM (contains an error) /win/D:/Program Files/ICQ6.5/ConfigFiles/TopSearches.7z -> archive 7-ZIP (contains an error) /win/D:/Program Files/ICQ6.5/ConfigFiles/TopSearchesDe.7z -> archive 7-ZIP (contains an error) /win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/011196e2.qua -> packed by BINARY PACKAGE - thread detected /win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/014a961e.qua -> packed by BINARY PACKAGE - thread detected /win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/1104c7cf.qua -> packed by BINARY PACKAGE - thread detected /win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/111def64.qua -> packed by BINARY PACKAGE - thread detected /win/D:/ProgramData/All Users/Avira/AntiVir Desktop/INFECTED/22cef180.qua -> packed by BINARY PACKAGE - thread detected /win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/354cbf23.qua -> packed by BINARY PACKAGE - thread detected /win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/4008a8be.qua -> packed by BINARY PACKAGE - thread detected /win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/44f5bdf9.qua -> packed by BINARY PACKAGE - thread detected /win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/4bdee396.qua -> packed by BINARY PACKAGE - thread detected /win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/4be9e367.qua -> packed by BINARY PACKAGE - thread detected /win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/5349c999.qua -> packed by BINARY PACKAGE - thread detected /win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/537ef694.qua -> packed by BINARY PACKAGE - thread detected /win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/5910a8b7.qua -> packed by BINARY PACKAGE - thread detected /win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/5da5c687.qua -> packed by BINARY PACKAGE - thread detected /win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/5dbcd021.qua -> packed by BINARY PACKAGE - thread detected /win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/674ad916.qua -> packed by BINARY PACKAGE - thread detected /win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/677de388.qua -> packed by BINARY PACKAGE - thread detected /win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/6d13aaa2.qua -> packed by BINARY PACKAGE - thread detected /win/D:/ProgramData/Avira/AntiVir Desktop/INFECTED/6d52bc57.qua -> packed by BINARY PACKAGE - thread detected /win/D:/Programme/Avira/AntiVir Desktop/avguard.exe -> infected with Trojan.Starter.1695 /win/D:/Programme/Avira/AntiVir Desktop/avshadow.exe -> infected with Trojan.Starter.1695 /win/D:/Programme/Avira/AntiVir Desktop/update.exe -> infected with Trojan.Starter.1695 /win/D:/Programme/Avira/AntiVir Desktop/sched.exe -> infected with Trojan.Starter.1695 /win/D:/Programme/Cyberlink/Shared Files/RichVideo.exe -> infected with Trojan.Starter.1695 /win/D:/Programme/DivX/DivX Plus Player/DPXPlugins/DPXDeviceManagerPlugin.dll -> packed by PECOMPACT (contains an error) /win/D:/Programme/DivX/DivX Plus Player/DPXPlugins/DPXDFXAudioPlugin.dll -> packed by PECOMPACT (contains an error) /win/D:/Programme/DivX/DivX Plus Player/DPXPlugins/DPXDownloadManagerPlugin.dll -> packed by PECOMPACT (contains an error) /win/D:/Programme/DivX/DivX Plus Player/DSEPlugins/DivXAACDecode.dll -> packed by PECOMPACT (contains an error) /win/D:/Programme/DivX/DivX Plus Player/DSEPlugins/DivXASPDecode.dll -> packed by PECOMPACT (contains an error) /win/D:/Programme/DivX/DivX Plus Player/DSEPlugins/DivXAVCDecode.dll -> packed by PECOMPACT (contains an error) /win/D:/Programme/DivX/DivX Plus Player/DSEPlugins/MP3SurroundDecode.dll -> packed by PECOMPACT (contains an error) /win/D:/Programme/DivX/DivX Plus Web Player/Stream Engine/DivXAACDecode.dll -> packed by PECOMPACT (contains an error) /win/D:/Programme/DivX/DivX Plus Web Player/Stream Engine/DivXASPDecode.dll -> packed by PECOMPACT (contains an error) /win/D:/Programme/DivX/DivX Plus Web Player/Stream Engine/DivXAVCDecode.dll -> packed by PECOMPACT (contains an error) /win/D:/Programme/DivX/DivX Plus Web Player/Stream Engine/MP3SurroundDecode.dll -> packed by PECOMPACT (contains an error) /win/D:/Programme/MiKTeX 2.7/scripts/pax/pax.jar -> archive ZIP (contains an error) /win/D:/Programme/TOSHIBA/ConfigFree/CFsvcs.exe -> infected with Trojan.Starter.1695 /win/D:/Programme/TOSHIBA/TOSHIBA DVD PLAYER/TNaviSrv.exe -> infected with Trojan.Starter.1695 /win/D:/Programme/Vodafone/Vodafone Mobile Connect/Bin/VMCService.exe -> infected with Trojan.Starter.1695 /win/D:/Programme/ICQ6.5/Zip.dll -> archive CHM (contains an error) /win/D:/Programme/ICQ6.5/ConfigFiles/TopSearches.7z -> archive 7-ZIP (contains an error) /win/D:/Programme/ICQ6.5/ConfigFiles/TopSearchesDe.7z -> archive 7-ZIP (contains an error) /win/D:/Users/Gisela/AppData/Local/fb0c32de/X -> infected with BackDoor.Maxplus.442 /win/D:/Users/Gisela/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/BBNXHQI8/Installer[1].exe -> archive NSIS (contains an error) /win/D:/Users/Gisela/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/QTFCR0MO/2[1].exe -> infected with Backdoor.Maxplus.482 /win/D:/Users/Gisela/AppData/Local/Mozilla/Firefox/Profiles/cxtagmqf.default/Cache/1/35/024B8d01 -> infected with Exploit.PDF.2645 /win/D:/Users/Gisela/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/0/47346c40-4775eac5 -> infected with Trojan.Inject.59380
__________________ Alles, was lediglich wahrscheinlich ist, ist wahrscheinlich falsch. |
20.12.2011, 07:27 | #10 |
| unbekannter Virus, blockiert Antivir, MBAM, Otl etc. Hi, das sieht nicht gut aus, Du solltet Neuaufsetzen... Über eine Exploit hat sich ein Backdoor eingeschlichen... /win/D:/Dokumente und Einstellungen/Gisela/AppData/Local/fb0c32de/X -> infected with BackDoor.Maxplus.442 Wir können och versuchen über OTLPE was rauszubekommen... System mit OTL-PE scannen Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast. Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes. Lege eine leere CD in Deinen Brenner. ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen. Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed". Du kannst nun die Fenster des Brennprogramms schließen. Starte das unbootbare System neu und boote von der CD, die Du gerade erstellt hast. Anmerkung: Wenn Du nicht weißt, wie Du Deinen Computer dazu bringst, von CD zu booten, dann folge diesen Schritten hierInstallation: Wie boote ich Windows von der CD?. Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen. Mache einen Doppelklick auf das OTLPE Icon. Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes. Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes. Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK. OTLpe sollte nun starten. Drücke Run Scan, um den Scan zu starten. Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt gesichert und mit Notepad++ geöffnet. Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast. Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt in diesen Thread. chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
20.12.2011, 09:01 | #11 |
| unbekannter Virus, blockiert Antivir, MBAM, Otl etc. Hi, ich habe inzwischen die Ergebnisse des Scans doch gefunden und die Bedrohungen beheben lassen (DrWeb sagte: Alle behoben). Daraufhin habe ich das System neu gestartet und versucht Otl.exe auszuführen, was allerdings erneut nicht ging. Dann habe ich mit DrWeb neu gescannt und nach kurzer Zeit die Ergebnisse /win/D:/Dokumente und Einstellungen/Gisela/AppData/Local/fb0c32de/X.# -> infected with BackDoor.Maxplus.442 /win/D:/Dokumente und Einstellungen/Gisela/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/QTFCR0MO/2[1].#xe -> infected with Backdoor.Maxplus.482 /win/D:/Dokumente und Einstellungen/Gisela/AppData/Local/Mozilla/Firefox/Profiles/cxtagmqf.default/Cache/1/35/024B8d01.# -> infected with Exploit.PDF.2645 erhalten. Daraufhin habe ich das abgebrochen. Entsprechend deinem letzten Post habe ich jetzt Otl Network gestartet. Er hat mich nicht nach der remote registry gefragt, dafür aber nach dem Windows-Ordner (Ich hab C:\Windows angegeben). Hier also die Ergebnisse: OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 12/20/2011 8:47:00 AM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Windows Vista (TM) Home Basic Service Pack 2 (Version = 6.0.6002) - Type = System Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74.37 Gb Total Space | 35.39 Gb Free Space | 47.59% Space Free | Partition Type: NTFS Drive D: | 73.21 Gb Total Space | 68.06 Gb Free Space | 92.95% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - File not found [Auto] -- -- (VMCService) SRV - File not found [Auto] -- -- (TNaviSrv) SRV - File not found [Auto] -- -- (RichVideo) Cyberlink RichVideo Service(CRVS) SRV - File not found [Auto] -- -- (ConfigFree Service) SRV - File not found [Auto] -- -- (AntiVirService) SRV - File not found [Auto] -- -- (AntiVirSchedulerService) SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2008/04/16 08:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand] -- -- (IpInIp) DRV - [2011/12/20 01:56:30 | 000,000,000 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\3727822075 -- (fb0c32de) DRV - [2011/07/01 02:57:35 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011/07/01 02:57:35 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009/11/08 17:29:17 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009/05/11 04:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/04/10 23:39:17 | 000,067,072 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\cdrom.sys -- (cdrom) DRV - [2009/02/13 04:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008/09/02 08:03:54 | 000,168,704 | ---- | M] (10moons Technologies Co.,Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tridvid.sys -- (TridVid) DRV - [2008/07/18 11:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32) DRV - [2008/05/19 13:42:56 | 000,912,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008/04/28 09:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf) DRV - [2008/04/15 03:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008/03/17 04:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007/11/09 07:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ) DRV - [2007/10/17 15:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006/11/20 07:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk) DRV - [2006/11/02 02:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006/10/18 04:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Gisela_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA; IE - HKU\Gisela_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/skins/ IE - HKU\Gisela_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\Gisela_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\Gisela_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\Gisela_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=" FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "http:gmx.de" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5 FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.1 FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks ) FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/02 13:50:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/24 05:42:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/31 14:26:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\web@veoh.com: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009/06/05 07:41:37 | 000,000,000 | ---D | M] [2010/10/06 03:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gisela\AppData\Roaming\Mozilla\Extensions [2010/10/06 03:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gisela\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011/12/14 17:15:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\extensions [2010/08/20 12:22:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/12/13 14:23:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011/11/21 13:51:55 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010/01/08 14:18:42 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\extensions\searchrecs@veoh.com [2011/12/16 13:48:39 | 000,000,950 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-1.xml [2010/09/18 09:28:47 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-10.xml [2010/10/25 07:25:07 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-11.xml [2010/11/03 05:45:10 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-12.xml [2010/12/11 11:12:37 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-13.xml [2011/03/28 03:35:32 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-14.xml [2011/04/24 05:42:27 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-15.xml [2010/01/11 15:37:52 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-2.xml [2010/02/20 03:26:43 | 000,000,954 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-3.xml [2010/03/15 14:28:39 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-4.xml [2010/03/24 15:12:49 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-5.xml [2010/04/03 14:41:47 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-6.xml [2010/07/01 03:19:36 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-7.xml [2010/07/26 16:47:08 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-8.xml [2010/09/09 14:30:39 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-9.xml [2009/12/16 15:52:45 | 000,000,944 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin.xml [2011/12/17 04:06:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2009/11/10 13:46:49 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011/12/17 04:06:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} File not found (No name found) -- () (No name found) -- C:\USERS\GISELA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CXTAGMQF.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI () (No name found) -- C:\USERS\GISELA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CXTAGMQF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011/12/02 13:50:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/11/09 23:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/12/02 13:50:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/12/02 13:50:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/12/02 13:50:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011/12/02 13:50:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011/12/02 13:50:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011/12/02 13:50:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [cfFncEnabler.exe] File not found O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [jswtrayutil] File not found O4 - HKLM..\Run: [NDSTray.exe] File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH) O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKU\Gisela_ON_C..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found O13 - gopher Prefix: missing O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{001a1a62-8b4b-11de-a467-001e339f7ce2}\Shell - "" = AutoRun O33 - MountPoints2\{001a1a62-8b4b-11de-a467-001e339f7ce2}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{1e061b24-8e80-11de-9ff2-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1e061b24-8e80-11de-9ff2-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{2cf454e6-8c22-11de-a058-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{2cf454e6-8c22-11de-a058-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{5cbd67fb-ccb6-11de-bba6-85b1694fd61f}\Shell - "" = AutoRun O33 - MountPoints2\{5cbd67fb-ccb6-11de-bba6-85b1694fd61f}\Shell\AutoRun\command - "" = D:\setup.exe O33 - MountPoints2\{787d7a76-8b49-11de-a3d8-001e339f7ce2}\Shell - "" = AutoRun O33 - MountPoints2\{787d7a76-8b49-11de-a3d8-001e339f7ce2}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\Windows\System32\drivers\ File not found -- C:\Windows\System32\ [2011/12/17 04:41:11 | 000,000,000 | ---D | C] -- C:\Users\Gisela\AppData\Roaming\QuickScan [2011/12/17 04:20:18 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011/12/17 04:20:09 | 000,000,000 | ---D | C] -- C:\Users\Gisela\AppData\Roaming\Malwarebytes [2011/12/17 04:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/12/17 04:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/12/17 04:20:02 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011/12/17 04:20:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/12/17 04:06:46 | 000,000,000 | ---D | C] -- C:\Users\Gisela\AppData\Roaming\Avira [2011/12/17 04:06:30 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011/12/17 04:06:30 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011/12/17 04:06:29 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011/12/17 02:59:57 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA% [2011/12/17 02:56:30 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011/12/16 16:53:24 | 000,000,000 | -HSD | C] -- C:\Users\Gisela\AppData\Local\fb0c32de [2011/12/16 13:47:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011/12/16 13:47:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011/12/16 13:47:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011/12/16 13:47:01 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011/12/16 13:47:01 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011/12/16 13:47:00 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011/12/16 13:46:56 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011/12/15 06:07:00 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011/12/15 06:06:59 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011/12/15 06:06:58 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011/12/15 06:06:56 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011/12/15 06:06:55 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2011/12/15 06:06:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011/12/09 13:23:51 | 000,000,000 | ---D | C] -- C:\Users\Gisela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GeoGebra 4 [2011/12/04 15:18:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2011/12/02 14:36:47 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011/12/02 14:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2011/12/02 14:36:26 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== File not found -- C:\Windows\System32\drivers\ File not found -- C:\Windows\System32\ [2011/12/20 02:03:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/12/20 02:02:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/12/20 02:02:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/12/20 02:02:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2011/12/20 02:02:51 | 001,694,194 | -H-- | M] () -- C:\Users\Gisela\AppData\Local\IconCache.db [2011/12/20 02:00:47 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2011/12/20 02:00:47 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011/12/20 02:00:47 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/12/20 02:00:47 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011/12/20 02:00:47 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/12/20 01:56:50 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/12/20 01:56:30 | 000,000,000 | ---- | M] () -- C:\Windows\3727822075 [2011/12/20 01:56:26 | 2009,075,712 | -HS- | M] () -- C:\hiberfil.sys [2011/12/19 04:37:58 | 000,302,592 | ---- | M] () -- C:\Users\Gisela\Desktop\4oxrfg5s.exe [2011/12/19 04:36:38 | 000,584,192 | ---- | M] () -- C:\Users\Gisela\Desktop\OTL.exe [2011/12/19 04:36:38 | 000,584,192 | ---- | M] () -- C:\Users\Gisela\Desktop\OTL (2).exe [2011/12/19 04:36:20 | 000,050,477 | ---- | M] () -- C:\Users\Gisela\Desktop\Defogger.exe [2011/12/18 16:31:22 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/12/18 16:02:48 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011/12/18 15:57:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/12/18 15:32:53 | 000,020,992 | ---- | M] () -- C:\Users\Gisela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/12/18 09:53:26 | 000,001,356 | ---- | M] () -- C:\Users\Gisela\AppData\Local\d3d9caps.dat [2011/12/18 09:01:17 | 195,131,308 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011/12/17 05:57:16 | 000,388,608 | ---- | M] () -- C:\Users\Gisela\Desktop\HiJackThis204.exe [2011/12/17 03:57:52 | 000,048,016 | -HS- | M] () -- C:\Windows\System32\c_16283.nl_ [2011/12/17 03:20:07 | 307,472,120 | ---- | M] () -- C:\Users\Gisela\Documents\17122011.reg [2011/12/16 17:28:11 | 000,366,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/12/12 03:18:11 | 000,013,033 | ---- | M] () -- C:\Users\Gisela\Documents\Kopischke.odt [2011/12/09 13:23:51 | 000,001,891 | ---- | M] () -- C:\Users\Gisela\Desktop\GeoGebra 4.lnk [2011/12/04 15:18:42 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2011/12/04 15:18:42 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [2011/12/04 15:18:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2011/12/02 14:36:47 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011/11/26 17:31:01 | 000,041,395 | ---- | M] () -- C:\Users\Gisela\Documents\Wendy Gutachter.odt [2011/11/23 08:37:27 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/12/20 02:02:51 | 001,694,194 | -H-- | C] () -- C:\Users\Gisela\AppData\Local\IconCache.db [2011/12/20 02:01:43 | 000,584,192 | ---- | C] () -- C:\Users\Gisela\Desktop\OTL (2).exe [2011/12/20 01:56:26 | 2009,075,712 | -HS- | C] () -- C:\hiberfil.sys [2011/12/19 04:49:45 | 000,302,592 | ---- | C] () -- C:\Users\Gisela\Desktop\4oxrfg5s.exe [2011/12/19 04:43:12 | 000,584,192 | ---- | C] () -- C:\Users\Gisela\Desktop\OTL.exe [2011/12/19 04:39:15 | 000,050,477 | ---- | C] () -- C:\Users\Gisela\Desktop\Defogger.exe [2011/12/18 08:52:14 | 000,388,608 | ---- | C] () -- C:\Users\Gisela\Desktop\HiJackThis204.exe [2011/12/17 03:58:38 | 000,000,000 | ---- | C] () -- C:\Windows\3727822075 [2011/12/17 03:57:52 | 000,048,016 | -HS- | C] () -- C:\Windows\System32\c_16283.nl_ [2011/12/17 03:19:38 | 307,472,120 | ---- | C] () -- C:\Users\Gisela\Documents\17122011.reg [2011/12/16 17:25:14 | 195,131,308 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011/12/09 13:23:51 | 000,001,891 | ---- | C] () -- C:\Users\Gisela\Desktop\GeoGebra 4.lnk [2011/12/02 14:36:28 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2010/09/02 13:07:58 | 000,000,229 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2010/09/02 13:07:58 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2010/09/02 13:07:35 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010/09/02 13:07:35 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010/09/02 13:07:13 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat [2010/09/02 13:06:46 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2010/09/02 13:02:41 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini [2010/01/14 16:17:27 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010/01/14 16:17:27 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010/01/14 16:17:27 | 000,008,704 | ---- | C] () -- C:\Windows\System32\vidccleaner.exe [2009/10/30 16:15:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009/09/11 14:20:36 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009/09/11 14:20:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/09/11 14:19:56 | 000,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll [2009/09/11 14:19:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009/09/11 14:18:53 | 000,067,072 | ---- | C] () -- C:\Windows\System32\drivers\cdrom.sys [2009/08/28 10:28:14 | 000,001,356 | ---- | C] () -- C:\Users\Gisela\AppData\Local\d3d9caps.dat [2009/06/11 04:46:44 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll [2009/06/11 04:46:43 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll [2009/06/11 04:46:43 | 000,040,960 | ---- | C] () -- C:\Windows\System32\maplec.dll [2009/05/06 12:03:37 | 000,020,992 | ---- | C] () -- C:\Users\Gisela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/04/09 06:00:58 | 000,028,672 | ---- | C] () -- C:\Windows\System32\VendorCmdRW.dll [2009/03/30 06:22:41 | 000,102,776 | ---- | C] () -- C:\Users\Gisela\AppData\Local\GDIPFONTCACHEV1.DAT [2009/03/30 05:17:26 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2009/03/30 05:17:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2009/03/30 05:17:26 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2009/03/30 05:17:26 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2008/08/13 06:59:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2008/08/13 06:59:34 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2008/08/13 06:59:34 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2008/08/13 06:59:34 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2008/08/13 06:59:34 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2008/08/13 06:59:34 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2008/08/13 06:51:12 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2008/08/13 06:36:31 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll [2008/08/13 06:36:30 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2008/08/13 06:36:29 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin [2008/08/13 06:36:27 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2008/08/13 05:51:33 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008/06/23 06:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2008/05/23 10:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml [2008/04/21 18:46:28 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008/04/21 18:45:02 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest [2008/01/21 03:21:48 | 001,418,806 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI [2008/01/21 03:21:25 | 000,618,442 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008/01/21 03:21:25 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008/01/21 03:21:25 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008/01/21 03:21:25 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008/01/20 21:34:22 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini [2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 07:44:53 | 000,366,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 07:35:51 | 000,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont [2006/11/02 07:35:51 | 000,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2006/11/02 07:35:51 | 000,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2006/11/02 07:35:51 | 000,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2006/11/02 07:33:57 | 000,197,632 | ---- | C] () -- C:\Windows\System32\ir32_32.dll [2006/11/02 05:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 05:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 05:24:31 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2006/11/02 05:23:31 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini [2006/11/02 05:23:31 | 000,000,144 | ---- | C] () -- C:\Windows\win.ini [2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006/11/02 02:10:37 | 000,053,536 | ---- | C] () -- C:\Windows\System32\dosx.exe [2006/11/02 02:10:02 | 000,000,718 | ---- | C] () -- C:\Windows\System32\mscdexnt.exe [2006/11/02 02:10:00 | 000,002,842 | ---- | C] () -- C:\Windows\System32\redir.exe [2006/11/02 02:09:59 | 000,069,886 | ---- | C] () -- C:\Windows\System32\edit.com [2006/11/02 02:09:59 | 000,019,694 | ---- | C] () -- C:\Windows\System32\GRAPHICS.COM [2006/11/02 02:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\share.exe [2006/11/02 02:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\fastopen.exe [2006/11/02 02:09:57 | 000,014,710 | ---- | C] () -- C:\Windows\System32\KB16.COM [2006/11/02 02:09:56 | 000,007,052 | ---- | C] () -- C:\Windows\System32\nlsfunc.exe [2006/11/02 02:09:55 | 000,039,274 | ---- | C] () -- C:\Windows\System32\mem.exe [2006/11/02 02:09:55 | 000,001,131 | ---- | C] () -- C:\Windows\System32\LOADFIX.COM [2006/11/02 02:09:53 | 000,011,753 | ---- | C] () -- C:\Windows\System32\setver.exe [2006/11/02 02:09:52 | 000,020,634 | ---- | C] () -- C:\Windows\System32\debug.exe [2006/11/02 02:09:51 | 000,008,424 | ---- | C] () -- C:\Windows\System32\exe2bin.exe [2006/11/02 02:09:50 | 000,012,642 | ---- | C] () -- C:\Windows\System32\edlin.exe [2006/11/02 02:09:49 | 000,050,648 | ---- | C] () -- C:\Windows\System32\COMMAND.COM [2006/11/02 02:09:49 | 000,012,498 | ---- | C] () -- C:\Windows\System32\append.exe [2006/11/02 02:09:45 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys [2006/11/02 02:09:44 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS [2006/11/02 02:09:44 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS [2006/11/02 02:09:42 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS [2006/11/02 02:09:41 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS [2006/11/02 02:09:40 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS [2006/11/02 02:09:38 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS [2006/11/02 02:09:35 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS [2006/11/02 02:09:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS [2006/11/02 02:09:29 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS [2006/11/02 02:09:26 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS [2006/11/02 02:09:24 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS [2006/11/02 02:09:23 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS [2006/11/02 02:09:22 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS [2006/11/02 02:09:20 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS [2006/11/02 01:25:08 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll ========== LOP Check ========== [2009/11/08 17:29:02 | 000,000,000 | ---D | M] -- C:\Users\Gisela\AppData\Roaming\DAEMON Tools Pro [2010/01/30 17:07:27 | 000,000,000 | ---D | M] -- C:\Users\Gisela\AppData\Roaming\DynaGeo [2011/07/12 16:20:18 | 000,000,000 | ---D | M] -- C:\Users\Gisela\AppData\Roaming\ICQ [2009/06/13 11:56:21 | 000,000,000 | ---D | M] -- C:\Users\Gisela\AppData\Roaming\OpenOffice.org [2010/07/04 10:50:26 | 000,000,000 | ---D | M] -- C:\Users\Gisela\AppData\Roaming\PhotoScape [2011/12/17 04:48:44 | 000,000,000 | ---D | M] -- C:\Users\Gisela\AppData\Roaming\QuickScan [2011/10/07 13:23:17 | 000,000,000 | ---D | M] -- C:\Users\Gisela\AppData\Roaming\ScanSoft [2010/10/06 03:18:30 | 000,000,000 | ---D | M] -- C:\Users\Gisela\AppData\Roaming\Thunderbird [2009/03/30 08:09:58 | 000,000,000 | ---D | M] -- C:\Users\Gisela\AppData\Roaming\Toshiba [2009/08/17 11:36:56 | 000,000,000 | ---D | M] -- C:\Users\Gisela\AppData\Roaming\Vodafone [2009/03/30 06:19:07 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten [2006/11/02 07:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2009/11/08 17:33:15 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Pro [2006/11/02 07:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2006/11/02 07:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2009/03/30 06:19:07 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente [2009/03/30 06:19:07 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten [2006/11/02 07:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2009/11/10 13:46:50 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ [2010/09/02 13:02:39 | 000,000,000 | ---D | M] -- C:\ProgramData\ScanSoft [2006/11/02 07:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2009/03/30 06:19:07 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü [2009/04/09 06:19:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp [2006/11/02 07:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2009/03/30 05:17:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Toshiba [2009/03/30 06:22:44 | 000,000,000 | ---D | M] -- C:\ProgramData\ToshibaEurope [2008/08/13 06:58:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems [2009/08/17 11:36:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Vodafone [2009/03/30 06:19:07 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen [2011/12/20 02:02:55 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 816 bytes -> C:\Windows\3727822075:83086625.exe < End of report > Extra.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12/20/2011 8:47:00 AM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Windows Vista (TM) Home Basic Service Pack 2 (Version = 6.0.6002) - Type = System Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74.37 Gb Total Space | 35.39 Gb Free Space | 47.59% Space Free | Partition Type: NTFS Drive D: | 73.21 Gb Total Space | 68.06 Gb Free Space | 92.95% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days Using ControlSet: ControlSet001 ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome () htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 () htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 () CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" () ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO "{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 30 "{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6 "{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite MFC-250C "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password "{5782EFD2-603D-4AFA-87EF-7CB54044839C}" = Winfunktion Mathematik plus 17 "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder "{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11 "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer "{A80AC620-12FA-11D5-B287-0050DA4BBA2C}" = Riding Star "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch "{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master "{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow! "{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1 "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP "DivX Setup.divx.com" = DivX-Setup "DynaGeo_is1" = DynaGeo 3.1f "Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1 "Google Chrome" = Google Chrome "HDMI" = Intel(R) Graphics Media Accelerator Driver "ICQToolbar" = ICQ Toolbar "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300 "Maple 12" = Maple 12 "Maxima-5.19.2_is1" = Maxima 5.19.2 "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MiKTeX 2.7" = MiKTeX 2.7 "Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de) "Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1) "myphotobook" = myphotobook 3.6 "NSS" = Norton Security Scan "PhotoScape" = PhotoScape "SynTPDeinstKey" = Synaptics Pointing Device Driver "TeXnicCenter_is1" = TeXnicCenter Version 1 Beta 7.50 "Uninstall_is1" = Uninstall 1.0.0.1 "Veoh Web Player Beta" = Veoh Web Player "VirtualCloneDrive" = VirtualCloneDrive "VLC media player" = VLC media player 0.9.9 "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinRAR archiver" = WinRAR "YTdetect" = Yahoo! Detect ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\Gisela_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "GeoGebra 4" = GeoGebra 4 < End of report > Larina
__________________ Alles, was lediglich wahrscheinlich ist, ist wahrscheinlich falsch. |
20.12.2011, 09:26 | #12 |
| unbekannter Virus, blockiert Antivir, MBAM, Otl etc. Hi, folgendes file auf usb-stick kopieren und wiedermit OLTPE starten und dann fixen lassen: Script auf CD oder USB-Stick kopieren, OTL starten und wie folgt vorgehen... (abgesicherter Modus mit Eingabeaufforderung OTL starten dann notepad aufrufen, Script laden und Inhalt der Codebox wie u. beschrieben in OTL kopieren)
Code:
ATTFilter :OTL DRV - [2011/12/20 01:56:30 | 000,000,000 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\3727822075 -- (fb0c32de) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O33 - MountPoints2\{001a1a62-8b4b-11de-a467-001e339f7ce2}\Shell - "" = AutoRun O33 - MountPoints2\{001a1a62-8b4b-11de-a467-001e339f7ce2}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{1e061b24-8e80-11de-9ff2-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1e061b24-8e80-11de-9ff2-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{2cf454e6-8c22-11de-a058-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{2cf454e6-8c22-11de-a058-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{5cbd67fb-ccb6-11de-bba6-85b1694fd61f}\Shell - "" = AutoRun O33 - MountPoints2\{5cbd67fb-ccb6-11de-bba6-85b1694fd61f}\Shell\AutoRun\command - "" = D:\setup.exe O33 - MountPoints2\{787d7a76-8b49-11de-a3d8-001e339f7ce2}\Shell - "" = AutoRun O33 - MountPoints2\{787d7a76-8b49-11de-a3d8-001e339f7ce2}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence [2011/12/16 16:53:24 | 000,000,000 | -HSD | C] -- C:\Users\Gisela\AppData\Local\fb0c32de [2011/12/17 02:59:57 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA% @Alternate Data Stream - 816 bytes -> C:\Windows\3727822075:83086625.exe [2011/12/17 03:58:38 | 000,000,000 | ---- | C] () -- C:\Windows\3727822075 [2011/12/17 03:57:52 | 000,048,016 | -HS- | C] () -- C:\Windows\System32\c_16283.nl_ :reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = dword:0x00 :Commands [emptytemp] [EMPTYFLASH] [Reboot]
Wenn möglich, danach (ohne Internetverbindung) gleich MAM ausführen und Fullscan... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
20.12.2011, 10:07 | #13 |
| unbekannter Virus, blockiert Antivir, MBAM, Otl etc. Hi, ich habe den Code in Custom Scans/Fixes eingefügt und auf Run Fix geklickt. Hat er wohl auch gemacht und dann kam die Aufforderung zum Reboot. Ich habe auf Yes geklickt, aber seitdem hat sich nichts mehr getan...(insbesondere kein Reboot) Larina
__________________ Alles, was lediglich wahrscheinlich ist, ist wahrscheinlich falsch. |
20.12.2011, 10:21 | #14 |
| unbekannter Virus, blockiert Antivir, MBAM, Otl etc. Hi, probiere den Reboot "per Hand"... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
20.12.2011, 10:30 | #15 |
| unbekannter Virus, blockiert Antivir, MBAM, Otl etc. Hi, der Bildschirm ist seit einigen Minuten gräulich und das Fenster mit 'Shut down Windows' ist immer noch da...ergo es tut sich auch hier nichts (auf Cancel gehen geht auch nicht...) Larina
__________________ Alles, was lediglich wahrscheinlich ist, ist wahrscheinlich falsch. |
Themen zu unbekannter Virus, blockiert Antivir, MBAM, Otl etc. |
antivir, avira, blockiert, explorer, fake-meldung, fehlermeldung, firefox, forum, gelöscht, gmer, hijack, hijackthis, home, laptop, ordner, programm, scan, seite, seiten, sekunden, system, temp, virus, vista, windows, windows vista home, windows vista home basic |