Freemail-Account verschickt ebenfalls Spam-mails

celtic · 30.12.2011, 09:50

Schönen guten Tag,
mir ist in den letzten Tagen aufgefallen bzw. wurde mir zugetragen, dass ich Spam-Mails über meine e-Mail Adresse bei freemail versenden würde. Es wurden Spam-Mails an alle Personen gesendet mit denen ich Mail-Verkehr hatte, an mein gesamtes Adressbuch und an mich selbst!?
Naja wie auch immer. Ich hab nun auf einigen Seiten gelesen, dass das ein web.de-Problem sein könnte, da dies wohl im Mo so extrem gehäuft vorkommt. Angeblich wollte web.de sich nicht dazu äußern bzw. sind die wohl momentan nicht in der Lage das zu verhindern.
Ich habe mich dennoch auch hier umgesehen und Malwarebytes und Eset durchlaufen lassen.
Hier die Ergebnisse:

Malwarebytes:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2011.12.30.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
chrissi-pissi :: USP-RULES [Administrator]

Schutz: Aktiviert

30.12.2011 03:06:01
mbam-log-2011-12-30 (03-06-01).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 390516
Laufzeit: 2 Stunde(n), 19 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bet365poker (PUP.Casino) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\William Hill Poker (PUP.Casino) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|00235313 (Trojan.Agent) -> Daten: C:\ProgramData\00235313\00235313.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\ProgramData\00235313 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 4
C:\Poker\Poker at bet365\_SetupPoker_3f8b.exe (PUP.Casino) -> Keine Aktion durchgeführt.
C:\Poker\William Hill Poker\_SetupPoker_a072a_de.exe (PUP.Casino) -> Keine Aktion durchgeführt.
C:\Windows\Temp\fcebd646926a47fb8ce57784d818a8a9\SkypeSetup.exe (Trojan.FakeInstaller) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\chrissi-pissi\AppData\Roaming\avdrn.dat (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

ESET (leider nur Ergebnis/Funde)

Code:

ATTFilter

 C:\Users\chrissi-pissi\AppData\Local\Temp\plugtmp-1\plugin-	PDF/Exploit.Pidief.PHD.Gen trojan
C:\Users\chrissi-pissi\AppData\Roaming\toolplugin\toolbar.dll	Win32/Adware.ToolPlugin application

Wäre nett, wenn sich das jemand mal anschaut und mir dann sagt, woran ich bin und was ich noch machen kann.
Vielen Dank bereits im Voraus.

MfG
celtic

cosinus · 30.12.2011, 21:11

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

celtic · 31.12.2011, 01:47

Nein, ich habe Malwarebytes zum ersten Mal benutzt.

cosinus · 31.12.2011, 15:34

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

celtic · 31.12.2011, 16:15

So, ich habe ESET noch einmal ausgeführt.
Hier das log:

Code:

ATTFilter

 ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e31b3a1d0072cd4098cecaaaccf16988
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-31 07:52:38
# local_time=2011-12-31 08:52:38 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 5082 162843181 0 0
# compatibility_mode=8192 67108863 100 0 89032 89032 0 0
# scanned=179671
# found=1
# cleaned=0
# scan_time=7504
C:\Users\chrissi-pissi\AppData\Roaming\toolplugin\toolbar.dll	Win32/Adware.ToolPlugin application (unable to clean)	00000000000000000000000000000000	I

Hoffe das hilft weiter.

MfG
celtic

cosinus · 02.01.2012, 10:41

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

celtic · 03.01.2012, 17:09

Getan wie vorgeschlagen.
Hier der Inhalt aus OTL.txt:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 03.01.2012 05:29:45 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\chrissi-pissi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 49,83% Memory free
5,94 Gb Paging File | 4,70 Gb Available in Paging File | 79,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,89 Gb Total Space | 79,73 Gb Free Space | 53,55% Space Free | Partition Type: NTFS
Drive E: | 147,73 Gb Total Space | 143,31 Gb Free Space | 97,01% Space Free | Partition Type: NTFS
 
Computer Name: USP-RULES | User Name: chrissi-pissi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.02 20:34:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\chrissi-pissi\Desktop\OTL.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.12.14 12:23:34 | 001,212,224 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2011.12.14 12:23:32 | 001,514,304 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2011.09.02 15:44:22 | 000,018,432 | ---- | M] () -- C:\Users\chrissi-pissi\AppData\LocalLow\Picasa\IE\PicasaUpdater.exe
PRC - [2011.06.15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009.04.21 16:36:06 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) -- C:\Programme\Toshiba TEMPRO\TemproSvc.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.07.18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008.06.24 10:06:14 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2008.05.09 11:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008.04.24 18:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008.04.24 12:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2008.04.16 23:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008.04.08 14:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.02.06 14:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.17 16:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007.11.21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006.08.23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2008.09.16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2008.03.06 10:14:54 | 005,121,912 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2007.12.25 12:03:40 | 000,015,184 | ---- | M] () -- C:\Programme\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2007.12.14 21:40:00 | 000,090,112 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006.10.10 10:44:16 | 000,009,728 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006.10.07 11:57:04 | 000,053,248 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.12.14 12:23:32 | 001,514,304 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.09.02 15:44:22 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\chrissi-pissi\AppData\LocalLow\Picasa\IE\PicasaUpdater.exe -- (PicasaUpdater)
SRV - [2011.04.27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.11.08 22:04:26 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009.04.21 16:36:06 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2008.07.18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008.04.24 18:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008.04.16 23:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008.04.16 15:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Programme\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008.02.06 14:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007.11.21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006.08.23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.01.02 22:53:03 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6DE60DA6-BE37-44AE-9679-9DE6F21C3D82}\MpKslf824e8e3.sys -- (MpKslf824e8e3)
DRV - [2011.12.12 19:31:38 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.04.27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010.11.08 22:04:26 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009.04.11 05:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2008.07.29 05:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.07.18 18:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008.07.15 19:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008.04.28 16:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008.04.15 09:05:08 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.11.09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2006.11.28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.20 13:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006.10.18 10:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://fussball.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://fussball.de/"
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
 
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@powerchallenge.com/PowerLoader: C:\Users\CHRISS~1\AppData\LocalLow\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.30 18:42:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.30 18:42:19 | 000,000,000 | ---D | M]
 
[2010.01.17 13:08:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chrissi-pissi\AppData\Roaming\mozilla\Extensions
[2011.12.30 10:33:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chrissi-pissi\AppData\Roaming\mozilla\Firefox\Profiles\l1fgr8de.default\extensions
[2010.02.11 11:52:00 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\chrissi-pissi\AppData\Roaming\mozilla\Firefox\Profiles\l1fgr8de.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011.09.20 16:58:39 | 000,000,000 | ---D | M] (Picasa) -- C:\Users\chrissi-pissi\AppData\Roaming\mozilla\Firefox\Profiles\l1fgr8de.default\extensions\picasa@google.com
[2011.10.28 17:12:57 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\chrissi-pissi\AppData\Roaming\mozilla\Firefox\Profiles\l1fgr8de.default\extensions\welcome@toolmin.com
[2011.12.11 20:43:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.20 00:59:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.11.01 17:47:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\CHRISSI-PISSI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L1FGR8DE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2009.09.02 12:44:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.12.11 20:43:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.08 11:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\mozilla firefox\plugins\npmidas.dll
[2011.12.11 20:43:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.11 20:43:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.11 20:43:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.11 20:43:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.28 17:12:57 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src
[2011.12.11 20:43:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.11 20:43:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Picasa) - {AAA4C1FB-CF94-420D-9EB4-B3D9148BA73F} - C:\Users\chrissi-pissi\AppData\LocalLow\Picasa\IE\Picasa.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\chrissi-pissi\AppData\Roaming\toolplugin\toolbar.dll ()
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba TEMPRO] C:\Programme\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON SX100 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [feedreader.exe] C:\Program Files\FeedReader30\feedreader.exe ()
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\chrissi-pissi\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\chrissi-pissi\Desktop\PartyPoker.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} hxxp://www.powerchallenge.com/applet/PowerLoader.cab (PowerLoader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game14.zylom.com/activex/zylomgamesplayer.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A6F9E93-03EA-4FC4-8D6B-5AC10ECEF4F8}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FECDCAF8-78A3-4A20-8A59-0FB8306D1E59}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O27 - HKLM IFEO\icq.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{19644983-e3b0-11df-a5c1-001e339dfb8f}\Shell - "" = AutoRun
O33 - MountPoints2\{19644983-e3b0-11df-a5c1-001e339dfb8f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.dvacm - C:\Programme\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.02 20:34:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\chrissi-pissi\Desktop\OTL.exe
[2011.12.30 10:25:13 | 000,000,000 | ---D | C] -- C:\Users\chrissi-pissi\Desktop\Tools
[2011.12.30 10:06:13 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011.12.30 10:06:12 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.12.30 10:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2011.12.30 10:05:33 | 000,000,000 | ---D | C] -- C:\Users\chrissi-pissi\AppData\Roaming\TuneUp Software
[2011.12.30 10:05:14 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012
[2011.12.30 10:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011.12.30 10:03:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011.12.30 07:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.12.30 02:46:57 | 000,000,000 | ---D | C] -- C:\Users\chrissi-pissi\AppData\Roaming\Malwarebytes
[2011.12.30 02:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.30 02:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.30 02:46:39 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.30 02:46:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.19 03:00:44 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2011.12.14 16:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2009.06.16 13:03:56 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.03 05:06:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.03 04:58:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.03 03:06:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.03 02:27:43 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.03 02:27:43 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.02 20:34:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\chrissi-pissi\Desktop\OTL.exe
[2012.01.01 08:54:14 | 000,630,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.01 08:54:14 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.01 08:54:14 | 000,127,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.01 08:54:14 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.16 17:35:08 | 000,293,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.14 12:23:40 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011.12.14 12:23:22 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.30 10:06:04 | 000,001,882 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2011.11.03 14:59:47 | 000,002,712 | ---- | C] () -- C:\Windows\System32\AVRedirector.ini
[2011.11.03 14:59:47 | 000,001,392 | ---- | C] () -- C:\Windows\System32\AVRedirectorOff.ini
[2011.09.20 17:01:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.05.01 23:58:32 | 000,032,608 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2010.02.09 15:33:12 | 000,000,020 | ---- | C] () -- C:\Users\chrissi-pissi\AppData\Roaming\sgcpom.dat
[2009.10.21 13:48:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.10.21 13:48:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.16 13:03:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dossec.dll
[2009.05.11 17:18:47 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.05.11 17:18:47 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.03.22 16:12:00 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009.03.22 16:12:00 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009.03.22 16:12:00 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009.03.22 16:12:00 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009.03.22 16:12:00 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009.03.22 16:12:00 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009.03.22 16:12:00 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009.03.22 16:12:00 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009.03.22 16:12:00 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009.03.22 16:12:00 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2009.03.22 16:12:00 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009.03.22 16:12:00 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009.03.22 16:12:00 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009.03.22 16:12:00 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009.03.22 16:12:00 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009.03.22 16:12:00 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2009.03.22 16:12:00 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2009.03.22 16:12:00 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009.03.22 16:12:00 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009.03.22 16:10:59 | 000,000,025 | ---- | C] () -- C:\Windows\CDESX100DEFGIPS.ini
[2009.03.14 16:36:53 | 000,033,280 | ---- | C] () -- C:\Users\chrissi-pissi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.09 22:02:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.03.09 19:28:31 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009.03.09 19:28:31 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009.03.09 19:28:31 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009.03.09 19:28:31 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008.08.12 18:27:59 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.08.12 18:27:59 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.08.12 18:27:59 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.08.12 18:27:59 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.08.12 18:27:59 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.08.12 18:27:59 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008.08.12 18:19:41 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008.08.12 18:04:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008.08.12 18:04:47 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008.08.12 18:04:45 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.08.12 18:04:44 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008.08.12 17:21:44 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.04.24 18:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008.04.24 18:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008.04.24 18:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008.04.24 18:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008.04.24 18:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008.04.24 18:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2008.01.21 08:15:58 | 000,630,842 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,127,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,293,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,598,096 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,105,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2010.02.11 21:22:10 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\art2
[2011.11.03 14:59:40 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\AVSoftware
[2011.12.15 06:17:17 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Feedreader
[2011.09.28 04:32:49 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\ICQ
[2010.02.11 21:22:10 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Meridian93
[2009.03.09 21:27:41 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\myphotobook
[2009.08.21 14:29:50 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\PlayFirst
[2009.12.15 13:20:28 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Skip-Bo
[2011.10.28 17:12:56 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\toolplugin
[2011.12.30 10:05:33 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\TuneUp Software
[2009.05.04 21:46:32 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Zylom
[2011.12.31 17:29:52 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.03.20 19:47:16 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Adobe
[2011.03.15 00:50:41 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Apple Computer
[2010.02.11 21:22:10 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\art2
[2011.11.03 14:59:40 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\AVSoftware
[2010.03.12 18:57:35 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\DivX
[2011.12.15 06:17:17 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Feedreader
[2009.03.09 21:40:40 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Google
[2011.09.28 04:32:49 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\ICQ
[2009.05.04 21:46:32 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Identities
[2009.03.09 20:39:15 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\InstallShield
[2009.03.09 20:50:17 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Macromedia
[2011.12.30 02:46:57 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Media Center Programs
[2010.02.11 21:22:10 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Meridian93
[2011.12.30 07:42:20 | 000,000,000 | --SD | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Microsoft
[2010.01.17 13:08:38 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Mozilla
[2011.04.22 18:38:38 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Mozilla-Cache
[2009.03.09 21:27:41 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\myphotobook
[2009.08.21 14:29:50 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\PlayFirst
[2009.12.15 13:20:28 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Skip-Bo
[2011.12.30 18:19:50 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Skype
[2011.10.20 00:51:13 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\skypePM
[2011.10.28 17:12:56 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\toolplugin
[2011.12.30 10:05:33 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\TuneUp Software
[2009.04.20 11:19:34 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\WinRAR
[2009.10.07 13:05:29 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Yahoo!
[2009.05.04 21:46:32 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Zylom
 
< %APPDATA%\*.exe /s >
[2007.01.01 17:01:24 | 000,009,728 | ---- | M] () -- C:\Users\chrissi-pissi\AppData\Roaming\myphotobook\xtras\localVista.exe
[2007.01.08 09:34:46 | 000,006,656 | ---- | M] () -- C:\Users\chrissi-pissi\AppData\Roaming\myphotobook\xtras\localXP.exe
[2006.12.21 12:16:20 | 000,021,504 | ---- | M] (Optimum X) -- C:\Users\chrissi-pissi\AppData\Roaming\myphotobook\xtras\shellExecute.exe
[2006.12.21 12:16:14 | 000,009,216 | ---- | M] () -- C:\Users\chrissi-pissi\AppData\Roaming\myphotobook\xtras\sleep.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2008.03.25 04:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_3e1ecd89\AGP440.sys
[2008.03.25 04:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.22142_none_ba734aead7ed1bb6\AGP440.sys
[2008.03.26 04:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_e4087235\AGP440.sys
[2008.03.26 04:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20800_none_b8b64d46daa7e57a\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 07:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2008.04.15 17:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008.04.15 17:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008.04.15 17:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys
[2008.04.15 17:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\Temp\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:BC6FE71D
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:1969F3F5
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:E71141D2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E6E9EB6C

< End of report >

--- --- ---

Es wurde noch eine weitere Datei erstellt und zwar Extras.txt. Soll ich die auch posten?

MfG
celtic

cosinus · 03.01.2012, 20:29

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..keyword.URL: "http://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "http://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
[2011.10.28 17:12:57 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\chrissi-pissi\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\chrissi-pissi\Desktop\PartyPoker.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{19644983-e3b0-11df-a5c1-001e339dfb8f}\Shell - "" = AutoRun
O33 - MountPoints2\{19644983-e3b0-11df-a5c1-001e339dfb8f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:BC6FE71D
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:1969F3F5
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:E71141D2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E6E9EB6C

:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

celtic · 04.01.2012, 14:10

Ich habe den Fix ausführen lassen.
Danach funktionierte allerdings kein Windows-externes Programm (z.B. Feed-Reader) mehr und vor allem die Dienste, die für die WLan-Verbindung zuständig sind und die Windows-Firewall waren hinüber. Habe daraufhin eine Systemwiderherstellung machen müssen.
Hier dennoch das Fix-Log:

Code:

ATTFilter

 All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
Prefs.js: "Search the web" removed from browser.search.defaultenginename
Prefs.js: "Search the web" removed from browser.search.order.1
Prefs.js: "Search the web" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL
C:\Users\chrissi-pissi\AppData\Roaming\Mozilla\FireFox\Profiles\l1fgr8de.default\user.js moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\Search the web.src moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\cfFncEnabler.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007\ deleted successfully.
C:\Programme\Bonjour\mdnsNSP.dll moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19644983-e3b0-11df-a5c1-001e339dfb8f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19644983-e3b0-11df-a5c1-001e339dfb8f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19644983-e3b0-11df-a5c1-001e339dfb8f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19644983-e3b0-11df-a5c1-001e339dfb8f}\ not found.
File G:\LaunchU3.exe -a not found.
ADS C:\ProgramData\TEMP:BC6FE71D deleted successfully.
ADS C:\ProgramData\TEMP:1969F3F5 deleted successfully.
ADS C:\ProgramData\TEMP:E71141D2 deleted successfully.
ADS C:\ProgramData\TEMP:E6E9EB6C deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: chrissi-pissi
->Temp folder emptied: 23454160 bytes
->Temporary Internet Files folder emptied: 25204182 bytes
->Java cache emptied: 15392194 bytes
->FireFox cache emptied: 1002197295 bytes
->Flash cache emptied: 893503 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 39568128 bytes
RecycleBin emptied: 162 bytes
 
Total Files Cleaned = 1.055,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01032012_204105

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

MfG
celtic

cosinus · 04.01.2012, 18:34

Zitat:

Danach funktionierte allerdings kein Windows-externes Programm (z.B. Feed-Reader) mehr und vor allem die Dienste, die für die WLan-Verbindung zuständig sind und die Windows-Firewall waren hinüber. Habe daraufhin eine Systemwiderherstellung machen müssen.

Schon merkwürdig, denn ich hab keine systemrelevanten Sachen gefixt.

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

celtic · 05.01.2012, 23:59

So hier ist es:

Code:

ATTFilter

 23:44:14.0537 4860	TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
23:44:14.0646 4860	============================================================
23:44:14.0646 4860	Current date / time: 2012/01/05 23:44:14.0646
23:44:14.0646 4860	SystemInfo:
23:44:14.0646 4860	
23:44:14.0646 4860	OS Version: 6.0.6002 ServicePack: 2.0
23:44:14.0646 4860	Product type: Workstation
23:44:14.0646 4860	ComputerName: USP-RULES
23:44:14.0646 4860	UserName: chrissi-pissi
23:44:14.0646 4860	Windows directory: C:\Windows
23:44:14.0646 4860	System windows directory: C:\Windows
23:44:14.0646 4860	Processor architecture: Intel x86
23:44:14.0646 4860	Number of processors: 2
23:44:14.0646 4860	Page size: 0x1000
23:44:14.0646 4860	Boot type: Normal boot
23:44:14.0646 4860	============================================================
23:44:15.0098 4860	Initialize success
23:44:23.0257 3768	============================================================
23:44:23.0257 3768	Scan started
23:44:23.0257 3768	Mode: Manual; SigCheck; TDLFS; 
23:44:23.0257 3768	============================================================
23:44:23.0897 3768	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
23:44:24.0099 3768	ACPI - ok
23:44:24.0271 3768	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
23:44:24.0318 3768	adp94xx - ok
23:44:24.0380 3768	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
23:44:24.0396 3768	adpahci - ok
23:44:24.0505 3768	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
23:44:24.0521 3768	adpu160m - ok
23:44:24.0567 3768	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
23:44:24.0583 3768	adpu320 - ok
23:44:24.0739 3768	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
23:44:24.0801 3768	AFD - ok
23:44:25.0004 3768	AgereSoftModem  (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
23:44:25.0098 3768	AgereSoftModem - ok
23:44:25.0223 3768	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
23:44:25.0238 3768	agp440 - ok
23:44:25.0269 3768	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
23:44:25.0285 3768	aic78xx - ok
23:44:25.0316 3768	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
23:44:25.0332 3768	aliide - ok
23:44:25.0441 3768	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
23:44:25.0457 3768	amdagp - ok
23:44:25.0488 3768	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
23:44:25.0503 3768	amdide - ok
23:44:25.0550 3768	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
23:44:25.0613 3768	AmdK7 - ok
23:44:25.0706 3768	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
23:44:25.0769 3768	AmdK8 - ok
23:44:25.0909 3768	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
23:44:25.0925 3768	arc - ok
23:44:25.0971 3768	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
23:44:25.0987 3768	arcsas - ok
23:44:26.0065 3768	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
23:44:26.0127 3768	AsyncMac - ok
23:44:26.0190 3768	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
23:44:26.0221 3768	atapi - ok
23:44:26.0330 3768	athr            (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
23:44:26.0424 3768	athr - ok
23:44:26.0627 3768	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
23:44:26.0705 3768	Beep - ok
23:44:26.0814 3768	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
23:44:26.0876 3768	blbdrive - ok
23:44:27.0001 3768	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
23:44:27.0063 3768	bowser - ok
23:44:27.0188 3768	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
23:44:27.0297 3768	BrFiltLo - ok
23:44:27.0422 3768	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
23:44:27.0485 3768	BrFiltUp - ok
23:44:27.0547 3768	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
23:44:27.0750 3768	Brserid - ok
23:44:27.0875 3768	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
23:44:27.0984 3768	BrSerWdm - ok
23:44:28.0031 3768	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
23:44:28.0155 3768	BrUsbMdm - ok
23:44:28.0296 3768	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
23:44:28.0389 3768	BrUsbSer - ok
23:44:28.0467 3768	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
23:44:28.0561 3768	BTHMODEM - ok
23:44:28.0655 3768	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
23:44:28.0717 3768	cdfs - ok
23:44:28.0842 3768	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
23:44:28.0904 3768	cdrom - ok
23:44:28.0982 3768	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
23:44:29.0029 3768	circlass - ok
23:44:29.0123 3768	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
23:44:29.0138 3768	CLFS - ok
23:44:29.0263 3768	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
23:44:29.0325 3768	CmBatt - ok
23:44:29.0403 3768	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
23:44:29.0419 3768	cmdide - ok
23:44:29.0481 3768	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
23:44:29.0497 3768	Compbatt - ok
23:44:29.0575 3768	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
23:44:29.0591 3768	crcdisk - ok
23:44:29.0622 3768	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
23:44:29.0669 3768	Crusoe - ok
23:44:29.0778 3768	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
23:44:29.0840 3768	DfsC - ok
23:44:30.0027 3768	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
23:44:30.0043 3768	disk - ok
23:44:30.0121 3768	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
23:44:30.0183 3768	drmkaud - ok
23:44:30.0293 3768	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
23:44:30.0355 3768	DXGKrnl - ok
23:44:30.0386 3768	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
23:44:30.0449 3768	E1G60 - ok
23:44:30.0558 3768	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
23:44:30.0573 3768	Ecache - ok
23:44:30.0667 3768	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
23:44:30.0698 3768	elxstor - ok
23:44:30.0807 3768	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
23:44:30.0854 3768	ErrDev - ok
23:44:30.0917 3768	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
23:44:30.0979 3768	exfat - ok
23:44:31.0073 3768	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
23:44:31.0119 3768	fastfat - ok
23:44:31.0166 3768	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
23:44:31.0229 3768	fdc - ok
23:44:31.0322 3768	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
23:44:31.0338 3768	FileInfo - ok
23:44:31.0369 3768	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
23:44:31.0416 3768	Filetrace - ok
23:44:31.0463 3768	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
23:44:31.0525 3768	flpydisk - ok
23:44:31.0650 3768	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
23:44:31.0665 3768	FltMgr - ok
23:44:31.0728 3768	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
23:44:31.0775 3768	Fs_Rec - ok
23:44:31.0899 3768	FwLnk           (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
23:44:31.0931 3768	FwLnk - ok
23:44:31.0977 3768	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
23:44:31.0993 3768	gagp30kx - ok
23:44:32.0087 3768	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:44:32.0102 3768	GEARAspiWDM - ok
23:44:32.0258 3768	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
23:44:32.0414 3768	HdAudAddService - ok
23:44:32.0461 3768	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:44:32.0555 3768	HDAudBus - ok
23:44:32.0679 3768	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
23:44:32.0773 3768	HidBth - ok
23:44:32.0804 3768	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
23:44:32.0898 3768	HidIr - ok
23:44:32.0991 3768	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
23:44:33.0054 3768	HidUsb - ok
23:44:33.0101 3768	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
23:44:33.0132 3768	HpCISSs - ok
23:44:33.0241 3768	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
23:44:33.0303 3768	HTTP - ok
23:44:33.0413 3768	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
23:44:33.0428 3768	i2omp - ok
23:44:33.0491 3768	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
23:44:33.0537 3768	i8042prt - ok
23:44:33.0647 3768	iaStor          (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
23:44:33.0709 3768	iaStor - ok
23:44:33.0756 3768	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
23:44:33.0771 3768	iaStorV - ok
23:44:33.0943 3768	igfx            (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys
23:44:34.0115 3768	igfx - ok
23:44:34.0239 3768	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
23:44:34.0255 3768	iirsp - ok
23:44:34.0364 3768	IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
23:44:34.0505 3768	IntcAzAudAddService - ok
23:44:34.0676 3768	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
23:44:34.0692 3768	intelide - ok
23:44:34.0739 3768	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
23:44:34.0801 3768	intelppm - ok
23:44:34.0926 3768	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:44:34.0973 3768	IpFilterDriver - ok
23:44:35.0019 3768	IpInIp - ok
23:44:35.0066 3768	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
23:44:35.0113 3768	IPMIDRV - ok
23:44:35.0207 3768	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
23:44:35.0269 3768	IPNAT - ok
23:44:35.0316 3768	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
23:44:35.0378 3768	IRENUM - ok
23:44:35.0472 3768	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
23:44:35.0503 3768	isapnp - ok
23:44:35.0565 3768	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
23:44:35.0597 3768	iScsiPrt - ok
23:44:35.0675 3768	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
23:44:35.0690 3768	iteatapi - ok
23:44:35.0737 3768	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
23:44:35.0753 3768	iteraid - ok
23:44:35.0846 3768	jswpslwf        (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys
23:44:35.0893 3768	jswpslwf - ok
23:44:35.0987 3768	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:44:36.0002 3768	kbdclass - ok
23:44:36.0049 3768	kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
23:44:36.0111 3768	kbdhid - ok
23:44:36.0205 3768	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
23:44:36.0252 3768	KSecDD - ok
23:44:36.0330 3768	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
23:44:36.0377 3768	lltdio - ok
23:44:36.0470 3768	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
23:44:36.0501 3768	LSI_FC - ok
23:44:36.0533 3768	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
23:44:36.0548 3768	LSI_SAS - ok
23:44:36.0642 3768	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
23:44:36.0673 3768	LSI_SCSI - ok
23:44:36.0735 3768	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
23:44:36.0798 3768	luafv - ok
23:44:36.0860 3768	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
23:44:36.0876 3768	MBAMProtector - ok
23:44:36.0969 3768	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
23:44:36.0985 3768	megasas - ok
23:44:37.0047 3768	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
23:44:37.0094 3768	MegaSR - ok
23:44:37.0172 3768	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
23:44:37.0235 3768	Modem - ok
23:44:37.0313 3768	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
23:44:37.0359 3768	monitor - ok
23:44:37.0437 3768	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
23:44:37.0453 3768	mouclass - ok
23:44:37.0484 3768	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
23:44:37.0531 3768	mouhid - ok
23:44:37.0593 3768	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
23:44:37.0609 3768	MountMgr - ok
23:44:37.0703 3768	MpFilter        (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
23:44:37.0734 3768	MpFilter - ok
23:44:37.0812 3768	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
23:44:37.0827 3768	mpio - ok
23:44:37.0905 3768	MpKsl5a4cd541 - ok
23:44:37.0983 3768	MpKsl6d126f6f   (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{63F75C40-ABE6-4C9F-A357-07DDA54F65A2}\MpKsl6d126f6f.sys
23:44:37.0999 3768	MpKsl6d126f6f - ok
23:44:38.0139 3768	MpNWMon         (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
23:44:38.0155 3768	MpNWMon - ok
23:44:38.0186 3768	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
23:44:38.0249 3768	mpsdrv - ok
23:44:38.0342 3768	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
23:44:38.0358 3768	Mraid35x - ok
23:44:38.0405 3768	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
23:44:38.0483 3768	MRxDAV - ok
23:44:38.0576 3768	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:44:38.0639 3768	mrxsmb - ok
23:44:38.0701 3768	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:44:38.0732 3768	mrxsmb10 - ok
23:44:38.0826 3768	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:44:38.0873 3768	mrxsmb20 - ok
23:44:38.0951 3768	msahci          (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
23:44:38.0966 3768	msahci - ok
23:44:39.0044 3768	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
23:44:39.0060 3768	msdsm - ok
23:44:39.0107 3768	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
23:44:39.0169 3768	Msfs - ok
23:44:39.0216 3768	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
23:44:39.0231 3768	msisadrv - ok
23:44:39.0356 3768	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
23:44:39.0403 3768	MSKSSRV - ok
23:44:39.0543 3768	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
23:44:39.0606 3768	MSPCLOCK - ok
23:44:39.0621 3768	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
23:44:39.0699 3768	MSPQM - ok
23:44:39.0809 3768	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
23:44:39.0824 3768	MsRPC - ok
23:44:39.0887 3768	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
23:44:39.0902 3768	mssmbios - ok
23:44:40.0027 3768	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
23:44:40.0089 3768	MSTEE - ok
23:44:40.0136 3768	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
23:44:40.0167 3768	Mup - ok
23:44:40.0277 3768	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
23:44:40.0323 3768	NativeWifiP - ok
23:44:40.0386 3768	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
23:44:40.0448 3768	NDIS - ok
23:44:40.0542 3768	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
23:44:40.0589 3768	NdisTapi - ok
23:44:40.0635 3768	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
23:44:40.0682 3768	Ndisuio - ok
23:44:40.0776 3768	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:44:40.0823 3768	NdisWan - ok
23:44:40.0869 3768	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
23:44:40.0932 3768	NDProxy - ok
23:44:41.0010 3768	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
23:44:41.0072 3768	NetBIOS - ok
23:44:41.0119 3768	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
23:44:41.0181 3768	netbt - ok
23:44:41.0291 3768	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
23:44:41.0306 3768	nfrd960 - ok
23:44:41.0353 3768	NisDrv          (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:44:41.0369 3768	NisDrv - ok
23:44:41.0493 3768	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
23:44:41.0556 3768	Npfs - ok
23:44:41.0603 3768	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
23:44:41.0665 3768	nsiproxy - ok
23:44:41.0805 3768	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
23:44:41.0868 3768	Ntfs - ok
23:44:41.0899 3768	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
23:44:41.0993 3768	ntrigdigi - ok
23:44:42.0071 3768	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
23:44:42.0133 3768	Null - ok
23:44:42.0195 3768	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
23:44:42.0211 3768	nvraid - ok
23:44:42.0242 3768	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
23:44:42.0273 3768	nvstor - ok
23:44:42.0351 3768	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
23:44:42.0367 3768	nv_agp - ok
23:44:42.0383 3768	NwlnkFlt - ok
23:44:42.0398 3768	NwlnkFwd - ok
23:44:42.0461 3768	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
23:44:42.0554 3768	ohci1394 - ok
23:44:42.0663 3768	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
23:44:42.0757 3768	Parport - ok
23:44:42.0804 3768	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
23:44:42.0819 3768	partmgr - ok
23:44:42.0851 3768	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
23:44:42.0960 3768	Parvdm - ok
23:44:43.0069 3768	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
23:44:43.0085 3768	pci - ok
23:44:43.0116 3768	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
23:44:43.0131 3768	pciide - ok
23:44:43.0178 3768	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
23:44:43.0209 3768	pcmcia - ok
23:44:43.0334 3768	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
23:44:43.0490 3768	PEAUTH - ok
23:44:43.0662 3768	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
23:44:43.0724 3768	PptpMiniport - ok
23:44:43.0740 3768	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
23:44:43.0802 3768	Processor - ok
23:44:43.0911 3768	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
23:44:43.0943 3768	PSched - ok
23:44:43.0989 3768	PxHelp20        (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
23:44:44.0005 3768	PxHelp20 - ok
23:44:44.0130 3768	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
23:44:44.0192 3768	ql2300 - ok
23:44:44.0286 3768	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
23:44:44.0301 3768	ql40xx - ok
23:44:44.0411 3768	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
23:44:44.0473 3768	QWAVEdrv - ok
23:44:44.0535 3768	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
23:44:44.0582 3768	RasAcd - ok
23:44:44.0645 3768	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:44:44.0707 3768	Rasl2tp - ok
23:44:44.0754 3768	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
23:44:44.0801 3768	RasPppoe - ok
23:44:44.0879 3768	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
23:44:44.0910 3768	RasSstp - ok
23:44:44.0988 3768	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
23:44:45.0035 3768	rdbss - ok
23:44:45.0113 3768	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:44:45.0175 3768	RDPCDD - ok
23:44:45.0253 3768	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
23:44:45.0300 3768	rdpdr - ok
23:44:45.0362 3768	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
23:44:45.0425 3768	RDPENCDD - ok
23:44:45.0471 3768	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
23:44:45.0518 3768	RDPWD - ok
23:44:45.0690 3768	RMCAST          (eec7ee5675294b03e88aa868540007c1) C:\Windows\system32\DRIVERS\RMCAST.sys
23:44:45.0737 3768	RMCAST - ok
23:44:45.0768 3768	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
23:44:45.0830 3768	rspndr - ok
23:44:45.0939 3768	RTL8169         (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
23:44:46.0002 3768	RTL8169 - ok
23:44:46.0049 3768	RTSTOR          (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS
23:44:46.0095 3768	RTSTOR - ok
23:44:46.0189 3768	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
23:44:46.0205 3768	sbp2port - ok
23:44:46.0251 3768	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:44:46.0345 3768	secdrv - ok
23:44:46.0392 3768	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
23:44:46.0485 3768	Serenum - ok
23:44:46.0563 3768	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
23:44:46.0641 3768	Serial - ok
23:44:46.0673 3768	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
23:44:46.0735 3768	sermouse - ok
23:44:46.0782 3768	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
23:44:46.0829 3768	sffdisk - ok
23:44:46.0907 3768	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
23:44:46.0969 3768	sffp_mmc - ok
23:44:46.0985 3768	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
23:44:47.0047 3768	sffp_sd - ok
23:44:47.0094 3768	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
23:44:47.0172 3768	sfloppy - ok
23:44:47.0265 3768	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
23:44:47.0281 3768	sisagp - ok
23:44:47.0312 3768	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
23:44:47.0328 3768	SiSRaid2 - ok
23:44:47.0359 3768	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
23:44:47.0375 3768	SiSRaid4 - ok
23:44:47.0499 3768	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
23:44:47.0562 3768	Smb - ok
23:44:47.0624 3768	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
23:44:47.0640 3768	spldr - ok
23:44:47.0765 3768	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
23:44:47.0827 3768	srv - ok
23:44:47.0905 3768	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
23:44:47.0952 3768	srv2 - ok
23:44:47.0999 3768	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
23:44:48.0045 3768	srvnet - ok
23:44:48.0155 3768	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
23:44:48.0170 3768	swenum - ok
23:44:48.0217 3768	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
23:44:48.0233 3768	Symc8xx - ok
23:44:48.0311 3768	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
23:44:48.0342 3768	Sym_hi - ok
23:44:48.0404 3768	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
23:44:48.0420 3768	Sym_u3 - ok
23:44:48.0482 3768	SynTP           (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
23:44:48.0513 3768	SynTP - ok
23:44:48.0560 3768	tap0901         (11d34fc869f5bda29949fe3858380894) C:\Windows\system32\DRIVERS\tap0901.sys
23:44:48.0607 3768	tap0901 - ok
23:44:48.0716 3768	Tcpip           (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
23:44:48.0779 3768	Tcpip - ok
23:44:48.0857 3768	Tcpip6          (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
23:44:48.0903 3768	Tcpip6 - ok
23:44:48.0997 3768	tcpipreg        (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
23:44:49.0059 3768	tcpipreg - ok
23:44:49.0200 3768	tdcmdpst        (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
23:44:49.0247 3768	tdcmdpst - ok
23:44:49.0325 3768	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
23:44:49.0387 3768	TDPIPE - ok
23:44:49.0434 3768	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
23:44:49.0481 3768	TDTCP - ok
23:44:49.0559 3768	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
23:44:49.0605 3768	tdx - ok
23:44:49.0668 3768	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
23:44:49.0699 3768	TermDD - ok
23:44:49.0902 3768	tos_sps32       (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
23:44:49.0933 3768	tos_sps32 - ok
23:44:49.0980 3768	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:44:50.0027 3768	tssecsrv - ok
23:44:50.0136 3768	TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
23:44:50.0167 3768	TuneUpUtilitiesDrv - ok
23:44:50.0307 3768	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
23:44:50.0354 3768	tunmp - ok
23:44:50.0385 3768	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
23:44:50.0417 3768	tunnel - ok
23:44:50.0541 3768	TVALZ           (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
23:44:50.0557 3768	TVALZ - ok
23:44:50.0604 3768	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
23:44:50.0619 3768	uagp35 - ok
23:44:50.0682 3768	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
23:44:50.0729 3768	udfs - ok
23:44:50.0822 3768	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
23:44:50.0838 3768	uliagpkx - ok
23:44:50.0885 3768	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
23:44:50.0916 3768	uliahci - ok
23:44:50.0978 3768	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
23:44:50.0994 3768	UlSata - ok
23:44:51.0087 3768	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
23:44:51.0103 3768	ulsata2 - ok
23:44:51.0134 3768	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
23:44:51.0212 3768	umbus - ok
23:44:51.0321 3768	USBAAPL         (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
23:44:51.0368 3768	USBAAPL - ok
23:44:51.0399 3768	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
23:44:51.0446 3768	usbccgp - ok
23:44:51.0524 3768	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
23:44:51.0602 3768	usbcir - ok
23:44:51.0665 3768	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
23:44:51.0696 3768	usbehci - ok
23:44:51.0743 3768	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
23:44:51.0789 3768	usbhub - ok
23:44:51.0899 3768	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
23:44:51.0977 3768	usbohci - ok
23:44:52.0023 3768	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
23:44:52.0070 3768	usbprint - ok
23:44:52.0179 3768	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
23:44:52.0226 3768	usbscan - ok
23:44:52.0257 3768	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:44:52.0304 3768	USBSTOR - ok
23:44:52.0335 3768	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
23:44:52.0398 3768	usbuhci - ok
23:44:52.0523 3768	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
23:44:52.0585 3768	usbvideo - ok
23:44:52.0632 3768	UVCFTR          (237c444fbd1c697a2e3fa60f02c61f22) C:\Windows\system32\Drivers\UVCFTR_S.SYS
23:44:52.0663 3768	UVCFTR - ok
23:44:52.0803 3768	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
23:44:52.0866 3768	vga - ok
23:44:52.0897 3768	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
23:44:52.0959 3768	VgaSave - ok
23:44:53.0084 3768	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
23:44:53.0100 3768	viaagp - ok
23:44:53.0131 3768	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
23:44:53.0193 3768	ViaC7 - ok
23:44:53.0225 3768	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
23:44:53.0240 3768	viaide - ok
23:44:53.0349 3768	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
23:44:53.0381 3768	volmgr - ok
23:44:53.0427 3768	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
23:44:53.0459 3768	volmgrx - ok
23:44:53.0521 3768	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
23:44:53.0552 3768	volsnap - ok
23:44:53.0630 3768	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
23:44:53.0661 3768	vsmraid - ok
23:44:53.0739 3768	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
23:44:53.0833 3768	WacomPen - ok
23:44:53.0864 3768	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:44:53.0895 3768	Wanarp - ok
23:44:53.0911 3768	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:44:53.0942 3768	Wanarpv6 - ok
23:44:54.0036 3768	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
23:44:54.0051 3768	Wd - ok
23:44:54.0129 3768	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
23:44:54.0176 3768	Wdf01000 - ok
23:44:54.0317 3768	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
23:44:54.0379 3768	WmiAcpi - ok
23:44:54.0473 3768	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
23:44:54.0504 3768	WpdUsb - ok
23:44:54.0566 3768	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
23:44:54.0629 3768	ws2ifsl - ok
23:44:54.0722 3768	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:44:54.0785 3768	WUDFRd - ok
23:44:54.0847 3768	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:44:55.0752 3768	\Device\Harddisk0\DR0 - ok
23:44:55.0783 3768	Boot (0x1200)   (e92df5591b8280d6ed03b432699cf8d8) \Device\Harddisk0\DR0\Partition0
23:44:55.0799 3768	\Device\Harddisk0\DR0\Partition0 - ok
23:44:55.0814 3768	Boot (0x1200)   (b5fa31692f7413ff0607546f4154ba1d) \Device\Harddisk0\DR0\Partition1
23:44:55.0814 3768	\Device\Harddisk0\DR0\Partition1 - ok
23:44:55.0814 3768	============================================================
23:44:55.0814 3768	Scan finished
23:44:55.0814 3768	============================================================
23:44:55.0908 4492	Detected object count: 0
23:44:55.0908 4492	Actual detected object count: 0

Muss dazu sagen, dass sich das Problem mit den Spam-Mails bis jetzt nicht wieder aufgetreten ist. Vielleicht war die Prozedur und das Passwort ändern ja ausreichend. Aber schließlich sind sie der Profi und vllt. überseh ich ja auch was.

MfG
celtic

cosinus · 06.01.2012, 11:46

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

celtic · 06.01.2012, 19:53

Erledigt!

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-01-06.01 - chrissi-pissi 06.01.2012  16:43:41.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2939.1882 [GMT 1:00]
ausgeführt von:: c:\users\chrissi-pissi\Desktop\Tools\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\chrissi-pissi\AppData\Roaming\toolplugin\toolbar.dll
.
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-06 bis 2012-01-06  ))))))))))))))))))))))))))))))
.
.
2012-01-06 14:25 . 2011-11-21 01:47	6823496	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5477E8E1-E11E-4DBF-8A16-1BDB49422DDF}\mpengine.dll
2012-01-03 19:41 . 2012-01-03 19:41	--------	d-----w-	C:\_OTL
2011-12-31 05:22 . 2011-11-30 01:21	6823496	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{83DAEA07-F4E3-4629-87B7-D7418DCFEFBD}\mpengine.dll
2011-12-30 09:06 . 2011-12-14 11:23	21312	----a-w-	c:\windows\system32\authuitu.dll
2011-12-30 09:05 . 2011-12-30 09:05	--------	d-----w-	c:\users\chrissi-pissi\AppData\Roaming\TuneUp Software
2011-12-30 09:05 . 2011-12-30 09:06	--------	d-----w-	c:\program files\TuneUp Utilities 2012
2011-12-30 09:03 . 2011-12-30 09:06	--------	d-----w-	c:\programdata\TuneUp Software
2011-12-30 09:03 . 2011-12-30 09:03	--------	d-sh--w-	c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2011-12-30 06:03 . 2011-12-30 06:03	--------	d-----w-	c:\program files\ESET
2011-12-30 01:46 . 2011-12-30 01:46	--------	d-----w-	c:\users\chrissi-pissi\AppData\Roaming\Malwarebytes
2011-12-30 01:46 . 2011-12-30 01:46	--------	d-----w-	c:\programdata\Malwarebytes
2011-12-30 01:46 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-30 01:46 . 2011-12-30 01:46	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-12-19 02:00 . 2011-12-19 02:00	--------	d-----w-	c:\windows\CheckSur
2011-12-15 17:15 . 2011-11-04 14:54	1383424	----a-w-	c:\windows\system32\mshtml.tlb
2011-12-15 17:15 . 2011-10-20 14:08	389632	----a-w-	c:\windows\system32\html.iec
2011-12-15 17:15 . 2011-10-14 16:02	429056	----a-w-	c:\windows\system32\EncDec.dll
2011-12-15 17:14 . 2011-10-27 08:01	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-12-15 17:14 . 2011-10-27 08:01	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-12-15 17:14 . 2011-10-25 15:56	49152	----a-w-	c:\windows\system32\csrsrv.dll
2011-12-15 17:14 . 2011-11-08 12:10	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-12-14 15:58 . 2011-12-14 15:58	--------	d-----w-	c:\programdata\DivX
2011-12-09 14:26 . 2011-09-20 21:02	913280	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-12-09 14:26 . 2011-09-20 13:44	31232	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2011-12-09 14:26 . 2011-09-30 15:57	707584	----a-w-	c:\program files\Common Files\System\wab32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-14 11:23 . 2011-12-30 09:06	31552	----a-w-	c:\windows\system32\TURegOpt.exe
2011-11-23 13:37 . 2011-12-15 17:14	2043904	----a-w-	c:\windows\system32\win32k.sys
2011-11-21 01:47 . 2010-02-13 20:01	6823496	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-15 13:29 . 2010-01-14 10:12	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-11-08 14:42 . 2011-12-15 17:15	2048	----a-w-	c:\windows\system32\tzres.dll
2011-10-20 15:55 . 2011-12-15 17:15	834048	----a-w-	c:\windows\system32\wininet.dll
2011-12-11 19:43 . 2011-05-06 02:02	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AAA4C1FB-CF94-420D-9EB4-B3D9148BA73F}]
2011-09-02 14:44	269312	----a-w-	c:\users\chrissi-pissi\AppData\LocalLow\Picasa\IE\Picasa.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"EPSON SX100 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE" [2008-02-05 188928]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]
"feedreader.exe"="c:\program files\FeedReader30\feedreader.exe" [2009-03-29 2058240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2009-04-21 1045904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"MigAutil"=rundll32 "c:\windows\TEMP\NetPesvc.dll",CreateProcessNotify
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Toshiba Registration"=c:\program files\Toshiba\Registration\ToshibaRegistration.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Google EULA Launcher"=c:\program files\Google\Google EULA\GoogleEULALauncher.exe IE PA
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
NETSVCS BENÖTIGT REPARATUR - Derzeitig vorhandene Einträge:
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-06 04:49]
.
2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-06 04:49]
.
2012-01-06 c:\windows\Tasks\User_Feed_Synchronization-{08844B6D-CDC8-402B-8846-67B276A762DD}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://fussball.de/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} - hxxp://www.powerchallenge.com/applet/PowerLoader.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game14.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\chrissi-pissi\AppData\Roaming\Mozilla\Firefox\Profiles\l1fgr8de.default\
FF - prefs.js: browser.search.selectedEngine - Search the web
FF - prefs.js: browser.startup.homepage - hxxp://fussball.de/
FF - prefs.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: browser.search.selectedEngine - Search the web
FF - user.js: browser.search.order.1 - Search the web
FF - user.js: browser.search.defaultenginename - Search the web
FF - user.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
AddRemove-{E02D067B-1AD7-4016-A872-8665D223EDDD} - c:\users\chrissi-pissi\AppData\Local\{387B4D62-1EB1-47D1-88CD-6D794CF20A08}\anonymous web surfing.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\users\chrissi-pissi\AppData\LocalLow\Picasa\IE\PicasaUpdater.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
c:\windows\system32\conime.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\RtHDVCpl.exe
c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\TuneUp Utilities 2012\OneClickStarter.exe
c:\windows\system32\WerFault.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-06  17:02:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-06 16:01
.
Vor Suchlauf: 12 Verzeichnis(se), 81.585.037.312 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 81.547.563.008 Bytes frei
.
- - End Of File - - 0491DCBA4B23DCFCA18E56E170EF35B7

--- --- ---

MfG
celtic

cosinus · 06.01.2012, 20:03

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

celtic · 07.01.2012, 01:23

Auch erledigt.

GMER:
GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-01-07 01:10:19
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.LV01
Running: difqu600.exe; Driver: C:\WINDOWS\TEMP\pxtyypow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\DRIVERS\tos_sps32.sys  section is writeable [0x8A755480, 0x3C939, 0xE8000020]
.dsrt           C:\Windows\system32\DRIVERS\tos_sps32.sys  unknown last section [0x8A796900, 0x3CA, 0x48000040]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0    Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1    Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

--- --- ---

OSAM:
OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:44:57 on 06.01.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 8.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"TOSCDSPD.cpl" - "TOSHIBA" - C:\Windows\system32\TOSCDSPD.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"MpKsl5a4cd541" (MpKsl5a4cd541) - ? - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E14F9B7-6C21-4AF4-A608-D8E121242493}\MpKsl5a4cd541.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - C:\PROGRA~1\MI239C~1\shellext.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2012\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2012\SDShelEx-win32.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.6.0_06" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{4BFD075D-C36E-4F28-BB0A-5D472795197A} "PowerLoader Class" - "Power Challenge AB" - C:\Windows\Downloaded Program Files\PowerLoader.dll / hxxp://www.powerchallenge.com/applet/PowerLoader.cab
{233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10b.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} "{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}" - ? -   (File not found | COM-object registry key not found) / hxxp://game14.zylom.com/activex/zylomgamesplayer.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"Amazon.de" - ? - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home  (HTTP value)
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
"eBay - Der weltweite Online Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4  (HTTP value)
"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe
"PokerStars" - "PokerStars" - C:\Program Files\PokerStars\PokerStarsUpdate.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{AAA4C1FB-CF94-420D-9EB4-B3D9148BA73F} "Picasa" - "Google Inc." - C:\Users\chrissi-pissi\AppData\LocalLow\Picasa\IE\Picasa.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\chrissi-pissi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"feedreader.exe" - ? - "C:\Program Files\FeedReader30\feedreader.exe"
"ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4                                                                                                                                                                                                                     
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized                                                                                                                                                                                                            
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"00TCrdMain" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
"Camera Assistant Software" - "Chicony" - "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start                                                                                                                                                                                              
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"MSC" - "Microsoft Corporation" - "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"NDSTray.exe" - ? - NDSTray.exe  (File not found)
"SmoothView" - "TOSHIBA Corporation" - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
"topi" - "TOSHIBA" - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
"Toshiba TEMPRO" - "Toshiba Europe GmbH" - C:\Program Files\Toshiba TEMPRO\TemproTray.exe                                                                                                                                                                                                                           
"TPwrMain" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"ConfigFree Service" (ConfigFree Service) - "TOSHIBA CORPORATION" - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Jumpstart Wifi Protected Setup" (jswpsapi) - "Atheros Communications, Inc." - C:\Program Files\Jumpstart\jswpsapi.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"OpenVPN Service" (OpenVPNService) - ? - C:\Program Files\OpenVPN\bin\openvpnserv.exe  (File found, but it contains no detailed information)
"Picasa Updater" (PicasaUpdater) - ? - C:\Users\chrissi-pissi\AppData\LocalLow\Picasa\IE\PicasaUpdater.exe  (File found, but it contains no detailed information)
"SmartFaceVWatchSrv" (SmartFaceVWatchSrv) - "Toshiba" - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
"TOSHIBA Navi Support Service" (TNaviSrv) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
"TOSHIBA Optical Disc Drive Service" (TODDSrv) - "TOSHIBA Corporation" - C:\Windows\system32\TODDSrv.exe
"TOSHIBA Power Saver" (TosCoSrv) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
"TOSHIBA SMART Log Service" (TOSHIBA SMART Log Service) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code]

aswMBR:

Code:

ATTFilter

 aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-06 23:08:28
-----------------------------
23:08:28.791    OS Version: Windows 6.0.6002 Service Pack 2
23:08:28.791    Number of processors: 2 586 0xF0D
23:08:28.807    ComputerName: USP-RULES  UserName: 
23:08:30.413    Initialize success
23:09:59.419    AVAST engine defs: 12010601
23:11:10.306    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:11:10.321    Disk 0 Vendor: TOSHIBA_ LV01 Size: 305245MB BusType: 3
23:11:10.321    Disk 0 MBR read successfully
23:11:10.321    Disk 0 MBR scan
23:11:10.337    Disk 0 Windows VISTA default MBR code
23:11:10.353    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
23:11:10.399    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       152463 MB offset 3074048
23:11:10.446    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       151280 MB offset 315318272
23:11:10.477    Disk 0 scanning sectors +625140400
23:11:10.587    Disk 0 scanning C:\Windows\system32\drivers
23:11:30.336    Service scanning
23:11:31.194    Service MpKsldf98fede C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5DBB35DE-E082-4122-821C-41A329DC1D34}\MpKsldf98fede.sys **LOCKED** 32
23:11:31.210    Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
23:11:31.974    Modules scanning
23:11:40.273    Disk 0 trace - called modules:
23:11:40.383    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
23:11:40.398    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a5dac8]
23:11:40.414    3 CLASSPNP.SYS[8a5178b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x84ea9028]
23:11:41.194    AVAST engine scan C:\Windows
23:11:51.552    AVAST engine scan C:\Windows\system32
23:16:03.243    AVAST engine scan C:\Windows\system32\drivers
23:16:23.039    AVAST engine scan C:\Users\chrissi-pissi
23:24:18.808    Disk 0 MBR has been saved successfully to "C:\Users\chrissi-pissi\Desktop\MBR.dat"
23:24:18.839    The log file has been saved successfully to "C:\Users\chrissi-pissi\Desktop\aswMBR.txt"

MfG
celtic

30.12.2011, 21:11	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Freemail-Account verschickt ebenfalls Spam-mails Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind. __________________ __________________

Freemail-Account verschickt ebenfalls Spam-mails

Log-Analyse und Auswertung: Freemail-Account verschickt ebenfalls Spam-mails