| |
| |||||||
Log-Analyse und Auswertung: Antivirus Vista 2010, av.exe, PC schreibt gelegentlich nicht+Fehlermeldung bei ProgWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.03.2010, 23:35
| #1 |
 |  Antivirus Vista 2010, av.exe, PC schreibt gelegentlich nicht+Fehlermeldung bei Prog Hallo alle zusammen, ich hoffe ich mache soweit nicht all zu viele Fehler was die Beschreibungen angeht bzw. auch die Logfiles Angaben. Bei mir öffnet sich sofort nach Hochfahren des PC´s das Programm/Virus "Antivirus Vista 2010", ich habe dann bei Hijack eine Logfile auswertung gemacht und es wird mir angezeigt, das soweit wohl alles ok ist, abgesehen von einer Datei "av.exe. Und das ständig diese Antivirus Vista 2010 Fenster aufgehen, teilweise kann ich auch in Firefox nicht schreiben. Außerdem bekomme ich eine Antivirus Vista 2010 Fehlermeldung sobald ich ein Programm öffne. Was muß ich tun um diese Datei loszuwerden? Und vielen Dank schon mal!!! Ccleaner ausgefährt. Beim Malwarebytes wurde etwas gefunden „sdra64.exe“ das habe ich dann in die Quarantäne verschoben. Ansonsten alles ok. Logfile of random's system information tool 1.06 (written by random/random) Run by **** at 2010-03-03 23:30:26 Microsoft® Windows Vista™ Home Premium Service Pack 1 System drive C: has 49 GB (34%) free of 144 GB Total RAM: 3309 MB (72% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:15:22, on 03.03.2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Users\****\AppData\Local\av.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\TOSHIBA\Utilities\KeNotify.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\****\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\****.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'Default user') O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/707-44556-9400-3/4 (file missing) O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Update Service (gupdate1ca2f1b35d9e90) (gupdate1ca2f1b35d9e90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 8668 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Google Software Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-05-31 501384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-09-06 761840] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-04-25 4444160] "TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2007-03-29 411192] "HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2006-12-07 55416] "00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2007-05-22 538744] "KeNotify"=C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [2006-11-06 34352] "HWSetup"=\HWSetup.exe hwSetUP [] "SVPWUTIL"=C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [2006-03-22 438272] "NDSTray.exe"=NDSTray.exe [] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-04-19 861744] "Toshiba Registration"=C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [2007-05-04 571024] "ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-09-28 75136] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-05-26 85160] "Ulead AutoDetector v2"=C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [2007-08-02 95504] " Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.EXE [2007-04-11 56080] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] wlnotify.dll [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Users\****\AppData\Local\Temp\RarSFX0\StsInstall.exe"="C:\Users\****\AppData\Local\Temp\RarSFX0\StsInstall.exe:*:Enabled:StsInstall" "C:\Program Files\Steuer Manager\MAXTAX.exe"="C:\Program Files\Steuer Manager\MAXTAX.exe:*:Enabled:MAXTAX" "C:\Program Files\Steuer Manager\STMAXTAX.exe"="C:\Program Files\Steuer Manager\STMAXTAX.exe:*:Enabled:STMAXTAX" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .exe - open - "C:\Users\****\AppData\Local\av.exe" /START "%1" %* ======List of files/folders created in the last 1 months====== 2010-03-03 23:09:59 ----D---- C:\rsit 2010-03-03 19:12:37 ----A---- C:\Windows\system32\PerfStringBackup.TMP 2010-03-03 18:08:00 ----D---- C:\Program Files\Enigma Software Group 2010-03-03 13:27:42 ----A---- C:\Windows\system32\coclean.exe 2010-03-03 13:04:20 ----D---- C:\Program Files\Avery 2010-02-26 10:01:09 ----D---- C:\Users\****\AppData\Roaming\Malwarebytes 2010-02-26 10:00:11 ----D---- C:\ProgramData\Malwarebytes 2010-02-26 10:00:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-02-19 17:03:45 ----A---- C:\Windows\Iedit_.INI 2010-02-19 16:52:44 ----D---- C:\Users\****\AppData\Roaming\Ulead Systems 2010-02-19 16:46:15 ----D---- C:\ProgramData\Corel 2010-02-19 16:32:50 ----D---- C:\Program Files\Corel 2010-02-11 18:22:09 ----D---- C:\Users\****\AppData\Roaming\vlc 2010-02-11 17:57:18 ----H---- C:\Users\****\AppData\Roaming\swk.ini 2010-02-05 13:42:36 ----D---- C:\Program Files\Sony Ericsson ======List of files/folders modified in the last 1 months====== 2010-03-03 23:28:27 ----D---- C:\Program Files\Mozilla Firefox 2010-03-03 23:01:35 ----D---- C:\Windows\Prefetch 2010-03-03 23:00:31 ----D---- C:\Windows\System32 2010-03-03 23:00:31 ----D---- C:\Windows\inf 2010-03-03 22:57:01 ----D---- C:\Windows\Tasks 2010-03-03 22:55:44 ----D---- C:\Windows\Temp 2010-03-03 22:48:33 ----A---- C:\Windows\NeroDigital.ini 2010-03-03 18:10:10 ----D---- C:\Windows\system32\drivers 2010-03-03 18:08:00 ----D---- C:\Program Files 2010-03-03 17:50:42 ----D---- C:\Windows 2010-03-03 13:28:20 ----RSD---- C:\Windows\Fonts 2010-03-03 13:04:38 ----SHD---- C:\Windows\Installer 2010-03-03 13:03:44 ----SHD---- C:\System Volume Information 2010-03-02 17:51:17 ----D---- C:\Users\****\AppData\Roaming\Vso 2010-02-28 14:49:44 ----D---- C:\Users\****\AppData\Roaming\dvdcss 2010-02-27 18:21:33 ----D---- C:\Downloads 2010-02-26 10:44:06 ----D---- C:\Program Files\Full Tilt Poker 2010-02-26 10:10:46 ----D---- C:\Windows\system32\catroot2 2010-02-26 10:00:11 ----D---- C:\ProgramData 2010-02-26 09:46:01 ----D---- C:\Windows\winsxs 2010-02-22 21:22:21 ----D---- C:\Program Files\ICQ6.5 2010-02-19 16:52:34 ----HD---- C:\Program Files\InstallShield Installation Information 2010-02-19 16:46:05 ----D---- C:\Program Files\Common Files\Ulead Systems 2010-02-19 16:32:50 ----D---- C:\ProgramData\Ulead Systems 2010-02-12 21:24:21 ----D---- C:\Windows\system32\MAGIX 2010-02-12 21:07:01 ----D---- C:\Program Files\MAGIX 2010-02-12 21:06:58 ----D---- C:\ProgramData\MAGIX 2010-02-12 20:57:56 ----D---- C:\Program Files\Common Files 2010-02-12 20:42:44 ----D---- C:\Users\****\AppData\Roaming\MAGIX 2010-02-12 20:35:58 ----A---- C:\Windows\mgxoschk.ini 2010-02-12 20:17:39 ----D---- C:\Windows\system32\Tasks 2010-02-10 19:31:13 ----D---- C:\Program Files\Google ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632] R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2008-05-13 64000] R2 ACEDRV09;ACEDRV09; \??\C:\Windows\system32\drivers\ACEDRV09.sys [2008-11-18 110304] R2 acedrv10;acedrv10; \??\C:\Windows\system32\drivers\acedrv10.sys [2007-07-27 330144] R2 acehlp10;acehlp10; \??\C:\Windows\system32\drivers\acehlp10.sys [2007-07-27 251680] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-11-25 56816] R2 LBeepKE;LBeepKE; C:\Windows\System32\Drivers\LBeepKE.sys [2007-04-11 10640] R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-02-28 694784] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-16 2602496] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208] R3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-25 1771944] R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832] R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112] R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2008-07-26 25624] R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-09-07 47360] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-19 8192] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-12-25 67072] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-04-19 186552] R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128] R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-01-24 290304] R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2008-03-25 41472] R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-05-23 29696] S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2008-01-19 93696] S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2008-01-19 93696] S3 CHIPDRIVE USB SmartCardReader;CHIPDRIVE USB SmartCardReader; C:\Windows\system32\DRIVERS\TwkUsb2K.sys [2005-09-19 35275] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 LVRS;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs.sys [2008-07-26 627864] S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2008-07-26 41752] S3 LVUVC;Logitech QuickCam E3500(UVC); C:\Windows\system32\DRIVERS\lvuvc.sys [2008-07-26 4658584] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver; \??\C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 17536] S3 StillCam;Treiber für serielle Digitalkamera; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-19 9216] S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2008-04-23 131712] S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2007-11-29 36608] S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2008-03-19 74112] S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612] S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2008-01-22 54144] S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2008-05-23 41856] S3 TpChoice;Touch Pad Detection Filter driver; C:\Windows\system32\DRIVERS\TpChoice.sys [] S3 TWKSER2K;CHIPDRIVE Serial SmartCardReader; C:\Windows\system32\DRIVERS\TWKSER2K.sys [2004-08-25 185611] S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088] S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328] S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2007-01-18 219392] S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2007-01-18 211072] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216] R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-05-16 602112] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960] R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904] R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040] R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864] R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920] R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656] R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-05-17 114688] R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688] R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2007-03-29 427576] R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2008-05-22 120168] S2 gupdate1ca2f1b35d9e90;Google Update Service (gupdate1ca2f1b35d9e90); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-06 133104] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-06 194032] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-01-05 33800] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] -----------------EOF----------------- |
|
04.03.2010, 07:38
| #2 |
  | Antivirus Vista 2010, av.exe, PC schreibt gelegentlich nicht+Fehlermeldung bei Prog Hi,
__________________die Probleme beim Öffnen von Anwendungen kommen davon: Code:
ATTFilter .exe - open - "C:\Users\****\AppData\Local\av.exe" /START "%1" %*
Eigentlich sollte aber MAM im Fullscanmodus das Teil beseitigen können und auch alle verbogenen Einträge zurückbiegen können... Hat MAM das Teil schon gelöscht? (Dann müssten nur die Einträge zurückgebogen werden)? Probiere das hier mal: Open-command für exe zurücksetzen Speichere den nachfolgenden Text über den Editor (Start->Ausführen notepad) auf dem Desktop unter dem Namen SetExe.reg (wichtig : nicht unter der Erweiterung "TXT"). Dann mit Doppelklick auf die Datei ausführen, Abfrage abnicken! Code:
ATTFilter Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command]
[-HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
[-HKEY_CLASSES_ROOT\secfile]
Anleitung&Download hier: http://www.trojaner-board.de/51187-malwarebytes-anti-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Fullscan und alles bereinigen lassen! Log posten. OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop * Doppelklick auf die OTL.exe * Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen * Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output * Unter Extra Registry, wähle bitte Use SafeList * Klicke nun auf Run Scan links oben * Wenn der Scan beendet wurde werden 2 Logfiles erstellt * Poste die Logfiles hier in den Thread. chris
__________________ |
|
04.03.2010, 14:33
| #3 |
| | Antivirus Vista 2010, av.exe, PC schreibt gelegentlich nicht+Fehlermeldung bei Prog Hallo,
__________________habe jetzt alles soweit erledigt. 1. setexe.reg 2. MAM durchlaufen lassen, hier der Log Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3510 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 04.03.2010 14:00:13 mbam-log-2010-03-04 (14-00-13).txt Scan-Methode: Vollständiger Scan (C:\|D:\|) Durchsuchte Objekte: 233790 Laufzeit: 1 hour(s), 32 minute(s), 29 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) ___________________________ dann mit OTL und hier die Logs: OTL logfile created on: 04.03.2010 14:24:32 - Run 2 OTL by OldTimer - Version 3.1.33.0 Folder = C:\Users\****\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free 7,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 140,86 Gb Total Space | 72,44 Gb Free Space | 51,43% Space Free | Partition Type: NTFS Drive D: | 90,56 Gb Total Space | 72,34 Gb Free Space | 79,89% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded Drive I: | 14,91 Gb Total Space | 11,97 Gb Free Space | 80,24% Space Free | Partition Type: FAT32 Computer Name: **** Current User Name: **** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\****\AppData\Local\av.exe () PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION) PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.) PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.) PRC - C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe (Logitech Inc.) PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe () PRC - C:\Windows\System32\PSIService.exe () PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\****\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll (Microsoft Corporation) MOD - C:\Windows\Temp\logishrd\LVPrcInj01.dll (Logitech Inc.) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Inc.) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ACEDRV09) -- C:\Windows\System32\drivers\ACEDRV09.sys (Protect Software GmbH) DRV - (LVUVC) Logitech QuickCam E3500(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (acehlp10) -- C:\Windows\System32\drivers\acehlp10.sys (Protect Software GmbH) DRV - (acedrv10) -- C:\Windows\System32\drivers\ACEDRV10.sys (Protect Software GmbH) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (LBeepKE) -- C:\Windows\System32\drivers\LBeepKE.sys (Logitech Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments) DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION) DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV - (MTOnlPktAlyX) -- C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (CHIPDRIVE USB SmartCardReader) -- C:\Windows\System32\drivers\TwkUsb2K.sys (SCM Microsystems Inc.) DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (TWKSER2K) -- C:\Windows\System32\drivers\TWKSER2K.sys (SCM Microsystems Inc.) DRV - (TwkMs) -- C:\Windows\System32\drivers\TWKMS.sys (Towitoko AG) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.de/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.19 09:19:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.02.19 09:19:20 | 000,000,000 | ---D | M] [2008.10.09 14:29:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2009.10.04 11:06:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\j61jx8uf.default\extensions [2010.02.24 11:51:31 | 000,000,961 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\FireFox\Profiles\j61jx8uf.default\searchplugins\icqplugin-1.xml [2009.09.04 21:16:29 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\FireFox\Profiles\j61jx8uf.default\searchplugins\icqplugin-2.xml [2009.09.11 10:29:50 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\FireFox\Profiles\j61jx8uf.default\searchplugins\icqplugin-3.xml [2009.03.01 13:02:44 | 000,000,944 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\FireFox\Profiles\j61jx8uf.default\searchplugins\icqplugin.xml [2009.10.14 08:23:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009.08.24 20:25:19 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.08.24 20:25:19 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2009.08.24 20:25:19 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.08.24 20:25:19 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.08.24 20:25:19 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.03.03 18:08:54 | 000,000,743 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [HWSetup] File not found O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION) O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe () O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NDSTray.exe] File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.) O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.03.04 12:29:16 | 000,552,960 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2010.03.03 23:09:59 | 000,000,000 | ---D | C] -- C:\rsit [2010.03.03 18:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2010.03.03 13:04:20 | 000,000,000 | ---D | C] -- C:\Program Files\Avery [2010.02.26 10:01:09 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes [2010.02.26 10:00:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.02.26 10:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.02.26 10:00:10 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.02.26 10:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.02.19 16:52:44 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Ulead Systems [2010.02.19 16:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel [2010.02.19 16:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\Corel [2010.02.12 20:59:04 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\C_XtremePhoto [2010.02.12 20:42:32 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\MAGIX [2010.02.12 20:42:28 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Xara [2010.02.12 20:33:59 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\MAGIX-Fotobuch [2010.02.11 18:22:09 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\vlc [2010.02.05 13:42:36 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson [2009.09.07 10:27:57 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\****\AppData\Roaming\pcouffin.sys [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.03.04 14:27:48 | 002,621,440 | -HS- | M] () -- C:\Users\****\NTUSER.DAT [2010.03.04 14:21:15 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.03.04 14:12:49 | 000,008,340 | -HS- | M] () -- C:\Users\****\AppData\Local\58La0 [2010.03.04 13:31:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.03.04 13:04:10 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010.03.04 12:39:45 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.03.04 12:39:45 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.03.04 12:29:16 | 000,552,960 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2010.03.04 12:26:25 | 000,000,335 | ---- | M] () -- C:\Users\****\Desktop\SetExe.reg [2010.03.04 12:24:59 | 000,124,928 | ---- | M] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.04 12:22:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.03.04 08:39:56 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.03.04 08:39:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.03.04 00:17:24 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.03.04 00:17:23 | 000,524,288 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.03.04 00:17:23 | 000,065,536 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.03.04 00:17:12 | 003,587,603 | -H-- | M] () -- C:\Users\****\AppData\Local\IconCache.db [2010.03.03 23:11:49 | 124,108,800 | ---- | M] () -- C:\Users\****\Documents\archive.pst [2010.03.03 23:09:38 | 000,781,909 | ---- | M] () -- C:\Users\****\Desktop\RSIT.exe [2010.03.03 22:53:29 | 000,693,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.03.03 18:08:17 | 000,001,004 | ---- | M] () -- C:\Users\Public\Desktop\SpyHunter.lnk [2010.03.03 17:35:37 | 000,000,680 | ---- | M] () -- C:\Users\****\AppData\Local\d3d9caps.dat [2010.03.03 17:14:26 | 000,197,120 | -HS- | M] () -- C:\Users\****\AppData\Local\av.exe [2010.03.03 14:00:58 | 000,224,904 | ---- | M] () -- C:\Users\****\AppData\Local\GDIPFONTCACHEV1.DAT [2010.03.03 13:27:42 | 000,027,648 | ---- | M] () -- C:\Windows\System32\coclean.exe [2010.03.02 17:51:17 | 000,001,044 | ---- | M] () -- C:\Users\****\AppData\Roaming\vso_ts_preview.xml [2010.02.26 10:35:27 | 000,000,783 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.02.20 15:08:27 | 000,001,679 | ---- | M] () -- C:\Users\****\Desktop\SpiderSolitaire - Verknüpfung.lnk [2010.02.19 17:03:45 | 000,000,030 | ---- | M] () -- C:\Windows\Iedit_.INI [2010.02.19 16:49:26 | 000,001,834 | ---- | M] () -- C:\Users\Public\Desktop\PhotoImpact X3.lnk [2010.02.12 20:35:58 | 000,007,277 | ---- | M] () -- C:\Windows\mgxoschk.ini [2010.02.12 20:17:24 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk [2010.02.11 17:59:55 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010.02.11 17:57:18 | 000,000,036 | -H-- | M] () -- C:\Users\****\AppData\Roaming\swk.ini [2010.02.11 17:48:00 | 000,000,091 | ---- | M] () -- C:\Users\****\AppData\Roaming\default.pls [2010.02.10 19:31:43 | 000,002,038 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.03.04 12:26:25 | 000,000,335 | ---- | C] () -- C:\Users\****\Desktop\SetExe.reg [2010.03.03 23:09:36 | 000,781,909 | ---- | C] () -- C:\Users\****\Desktop\RSIT.exe [2010.03.03 22:53:29 | 000,693,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2010.03.03 18:08:17 | 000,001,004 | ---- | C] () -- C:\Users\Public\Desktop\SpyHunter.lnk [2010.03.03 17:35:37 | 000,000,680 | ---- | C] () -- C:\Users\****\AppData\Local\d3d9caps.dat [2010.03.03 17:14:27 | 000,008,340 | -HS- | C] () -- C:\Users\****\AppData\Local\58La0 [2010.03.03 17:14:26 | 000,197,120 | -HS- | C] () -- C:\Users\****\AppData\Local\av.exe [2010.03.03 13:27:42 | 000,027,648 | ---- | C] () -- C:\Windows\System32\coclean.exe [2010.02.26 10:35:27 | 000,000,783 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.02.19 17:03:45 | 000,000,030 | ---- | C] () -- C:\Windows\Iedit_.INI [2010.02.19 16:49:26 | 000,001,834 | ---- | C] () -- C:\Users\Public\Desktop\PhotoImpact X3.lnk [2010.02.11 17:59:55 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010.02.11 17:57:18 | 000,000,036 | -H-- | C] () -- C:\Users\****\AppData\Roaming\swk.ini [2010.02.10 19:31:43 | 000,002,038 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2009.10.13 12:29:40 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2009.10.03 17:44:26 | 000,000,198 | ---- | C] () -- C:\Windows\scummvm.ini [2009.09.26 11:47:43 | 000,001,086 | ---- | C] () -- C:\Windows\HBCIKRNL.INI [2009.09.07 11:25:11 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI [2009.09.07 11:22:48 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll [2009.09.07 11:20:11 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.09.07 10:29:30 | 000,001,044 | ---- | C] () -- C:\Users\****\AppData\Roaming\vso_ts_preview.xml [2009.09.07 10:29:08 | 000,000,034 | ---- | C] () -- C:\Users\****\AppData\Roaming\pcouffin.log [2009.09.07 10:27:57 | 000,087,608 | ---- | C] () -- C:\Users\****\AppData\Roaming\inst.exe [2009.09.07 10:27:57 | 000,007,887 | ---- | C] () -- C:\Users\****\AppData\Roaming\pcouffin.cat [2009.09.07 10:27:57 | 000,001,144 | ---- | C] () -- C:\Users\****\AppData\Roaming\pcouffin.inf [2009.09.06 20:14:35 | 000,000,097 | ---- | C] () -- C:\Windows\WirelessFTP.INI [2009.03.22 00:34:20 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2009.03.22 00:32:09 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2009.03.07 11:14:27 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2009.03.07 10:40:07 | 000,000,095 | ---- | C] () -- C:\Users\****\AppData\Local\fusioncache.dat [2009.01.12 22:24:24 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI [2008.12.19 22:51:03 | 000,000,091 | ---- | C] () -- C:\Users\****\AppData\Roaming\default.pls [2008.12.18 11:02:16 | 000,287,744 | ---- | C] () -- C:\Windows\uno364mi.dll [2008.12.18 11:02:16 | 000,109,568 | ---- | C] () -- C:\Windows\vos364mi.dll [2008.12.18 11:02:16 | 000,091,648 | ---- | C] () -- C:\Windows\osl364mi.dll [2008.12.18 11:02:16 | 000,000,137 | ---- | C] () -- C:\Windows\uno.ini [2008.12.18 11:01:56 | 000,000,955 | ---- | C] () -- C:\Program Files\INSTALL.LOG [2008.11.18 19:37:19 | 000,016,098 | ---- | C] () -- C:\Windows\German2.ini [2008.11.14 00:29:02 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2008.11.12 20:47:06 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib [2008.11.11 19:37:24 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.11.11 19:37:20 | 000,124,928 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.11.10 17:41:42 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.10.08 16:26:11 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2008.10.08 16:26:11 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2008.10.08 16:26:11 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2008.10.08 16:26:11 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2008.07.26 08:25:02 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2007.12.21 16:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2007.05.31 15:05:10 | 000,007,277 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.05.31 14:32:33 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2007.05.31 14:20:33 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll [2007.05.31 13:56:27 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.05.31 13:49:39 | 000,000,291 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2007.05.31 13:48:33 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.11.23 12:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll [2005.07.22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll [2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI ========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:44807EFA < End of report > OTL Extras logfile created on: 04.03.2010 14:24:32 - Run 2 OTL by OldTimer - Version 3.1.33.0 Folder = C:\Users\****\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free 7,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 140,86 Gb Total Space | 72,44 Gb Free Space | 51,43% Space Free | Partition Type: NTFS Drive D: | 90,56 Gb Total Space | 72,34 Gb Free Space | 79,89% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded Drive I: | 14,91 Gb Total Space | 11,97 Gb Free Space | 80,24% Space Free | Partition Type: FAT32 Computer Name: **** Current User Name: **** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe (Deutsche Telekom AG, T-Com) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG, T-Com) htmlfile [opennew] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG, T-Com) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3365477959-3707311364-2408371514-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Users\****\AppData\Local\Temp\RarSFX0\StsInstall.exe" = C:\Users\****\AppData\Local\Temp\RarSFX0\StsInstall.exe:*:Enabled:StsInstall -- File not found "C:\Program Files\Steuer Manager\MAXTAX.exe" = C:\Program Files\Steuer Manager\MAXTAX.exe:*:Enabled:MAXTAX -- File not found "C:\Program Files\Steuer Manager\STMAXTAX.exe" = C:\Program Files\Steuer Manager\STMAXTAX.exe:*:Enabled:STMAXTAX -- File not found ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{479C61E6-5A42-49F4-9141-455EBD1FB6DD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{65336FF8-3BEF-46DA-BE4E-EA83AA2FCADD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6B5D9F41-2AE5-4CB6-B6DF-3BAB236642A1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6DEB3B8B-0185-4047-ABA9-661C15BE95B0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{88326BA4-F8DE-4AFA-9D2D-F53FF653D77D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{894AE3BD-2776-4223-8DED-5F0577967A74}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{B35BFDCD-7F48-4D71-AA46-D36FF81F6E40}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{FCED810B-4EA6-49E8-94B1-FD1F1D988C8C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01BB34DF-8ED5-4AA6-BC90-02076CCDAD61}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{1A72BC91-0C09-47E6-AAA4-6E0C7C7E9B4F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1A98B8E1-7214-4D9F-B8E2-6794F49355B5}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{24EBDA42-8577-40F4-ABBC-9327138D47EE}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{2B6DDCB6-51B7-421D-9AFC-0415379D5787}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{50C5514E-DC1B-471B-AEBA-3DCA102E0F1D}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{B407878B-6396-4C49-B682-740ECEF17505}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{DEAB9D95-CC9C-48A8-832C-181FDB854715}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{FC378DF2-91F9-48B7-828D-6CA088928782}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "TCP Query User{617EABD0-254C-4276-A85D-430D1985B110}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{A076B4C7-DDEF-46BF-BBDE-E8AE660315C0}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{D3479BFE-3DE0-4822-8275-96002B2868F8}C:\program files\t-online\t-online_software_6\internet-telefon\phone.exe" = protocol=6 | dir=in | app=c:\program files\t-online\t-online_software_6\internet-telefon\phone.exe | "UDP Query User{6207143C-24C5-4588-83EE-D4F23707E776}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{97DC27DC-7C08-4453-AC49-25C04C509E3C}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{C1D2989F-8CDD-400D-B25C-333338CC6288}C:\program files\t-online\t-online_software_6\internet-telefon\phone.exe" = protocol=17 | dir=in | app=c:\program files\t-online\t-online_software_6\internet-telefon\phone.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3 "{0323731F-5EFF-C9AE-B398-6077AE9C67D9}" = Catalyst Control Center Localization Chinese Standard "{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}" = SpyHunter "{084D94A9-D67E-D41B-6B4E-B6A481384D27}" = CCC Help Finnish "{0A8DA20B-1F01-D1C5-A24F-91EEE7A94A59}" = Catalyst Control Center Localization Korean "{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3 "{0FEBE468-714C-9191-D5D0-9D117BAE0A55}" = Skins "{10004416-C81D-E8DB-5E92-5990D66F0B6D}" = Catalyst Control Center Localization Danish "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series" = Canon MX860 series MP Drivers "{11D49772-0D06-0B31-DC09-CE413F9B0C93}" = CCC Help Chinese Traditional "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3 "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1 "{22721B8E-8D36-C102-8C79-925C221DD9B4}" = Catalyst Control Center Localization Russian "{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information "{24A9C9A9-9749-0206-1E7E-BD32AA946D35}" = Catalyst Control Center Graphics Full New "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program "{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder "{2D1B9BD2-C430-C5D6-6A40-BD00956F9CA4}" = Catalyst Control Center Graphics Previews Vista "{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6 "{34E2872D-1493-25E6-FBD8-98FCC1A96645}" = CCC Help Portuguese "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam "{3BF34856-1A5F-2AD8-7D50-66BE8A82B5C1}" = CCC Help Spanish "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager "{45F00029-0A50-43AA-497A-67EFFF1E06F7}" = CCC Help Swedish "{478A4948-C6E9-E3BE-6353-ECCA1DD65CF4}" = Catalyst Control Center Localization Czech "{5034E4E7-A8E7-7BCA-0014-1534C77A7A5C}" = Catalyst Control Center Localization Turkish "{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password "{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "{52EC92CA-771A-F8C8-95A2-37AFB43798B7}" = Catalyst Control Center Localization Spanish "{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper "{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "{64FA2F4C-F61D-9A7C-318D-711C63308A61}" = CCC Help German "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72E710CD-51E2-D3BA-108C-F00C54E5B7B0}" = CCC Help Japanese "{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.8.0.193 "{77077FFF-8831-470F-9627-E86F06A50CCD}" = Avery Wizard 3.1 "{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree "{796A8F45-C24A-F0C7-2114-FAABC5DA8367}" = Catalyst Control Center Graphics Full Existing "{79A4C5D0-EF1A-752A-43F9-C4E79341628A}" = Catalyst Control Center Localization Italian "{7AC09EE2-08B0-7C97-B8ED-961C58AA9E96}" = Catalyst Control Center Localization Greek "{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7BD5E0A6-DB75-B763-CE09-0D883E97F5DF}" = Catalyst Control Center Localization Thai "{7CF70E3E-BDC7-5F46-F806-49D8D104A0E3}" = CCC Help Danish "{7D61830A-1867-6DFA-11FE-A64752B4658D}" = CCC Help Greek "{80FEE630-084D-50F6-9FC8-75757A87F015}" = Catalyst Control Center Localization Polish "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer "{8E8780B8-2924-B51D-976B-59EE97713659}" = CCC Help Russian "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{95AEBA1F-23F4-3751-73FA-CFCFB962F789}" = CCC Help Polish "{977D59F6-C638-B0AC-5CE4-D6A615D62033}" = Catalyst Control Center Localization Dutch "{98FB128F-1462-6AF5-471C-4512232E9478}" = ccc-core-static "{9954B400-AEB7-638D-E753-BB4ECE1064EE}" = CCC Help English "{9A1EFCBB-5E3C-7E13-2AAD-7AFA4FD9DBD9}" = Catalyst Control Center Localization Swedish "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver "{A73730D7-1D88-3DAB-9A3B-3959093347CC}" = CCC Help Chinese Standard "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA898D01-D4E3-43C6-8E25-70CA660B9F16}" = CHIPDRIVE extern/intern/micro treiber 3.1 "{AAD49C89-CA9D-911E-0407-8EE0521EA24D}" = CCC Help Dutch "{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch "{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0 "{B388231D-672A-4169-A3DF-BD80266252AB}" = StarMoney "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{BF49AD34-C4F3-115A-CACE-E06EA0B59EDC}" = CCC Help Korean "{C3075CFB-4EFE-AD80-587A-3FB74338A44D}" = Catalyst Control Center Localization Finnish "{C705D235-051D-B65E-DAF2-E4D104F640A6}" = CCC Help Norwegian "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{C985DD31-E62E-E121-D918-E7CDE78B523B}" = Catalyst Control Center Core Implementation "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{CEDFF4EA-DFCF-312A-773A-4F743AAF78E2}" = Catalyst Control Center Localization Japanese "{D55BA1E9-0517-C325-00BD-B68087923AE9}" = CCC Help Hungarian "{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8 "{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI "{DD3D3F5A-BFB9-CEC4-1A86-619E7FF83300}" = Catalyst Control Center Localization Chinese Traditional "{DE64DACB-B8EA-BF73-EB87-67C22FFA0C52}" = ccc-utility "{E1B530E5-3515-AC68-CA75-0932BA837A1A}" = CCC Help Thai "{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.14 "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe "{E54F065A-4DCB-1875-222D-CF27620AF646}" = Catalyst Control Center Localization Portuguese "{E6802BDF-0F93-6DB7-E542-B1B36BAA9FFF}" = Catalyst Control Center Localization French "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E858ECF5-7644-33F3-EBE5-1A6D4E606F5B}" = CCC Help Turkish "{EA6DCFC6-BCA2-D901-7417-19261C50802A}" = Catalyst Control Center Localization Hungarian "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F6527F8D-F203-CD41-7D39-2C6FBB91DCAD}" = CCC Help Italian "{FBB22939-6AAD-A6EB-5AA1-BAA166F2D032}" = CCC Help Czech "{FDC08E4B-F82B-6183-D0B5-A5F89678AB82}" = Catalyst Control Center Graphics Light "{FE890808-EE76-63DF-6D0E-4609D2520DF0}" = Catalyst Control Center Localization German "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "{FEDD8B8B-6EA0-A35C-6CB4-06F1AF4D7769}" = Catalyst Control Center Localization Norwegian "{FF62A079-FE47-C34A-AB88-C61CA838B007}" = CCC Help French "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Canon MX860 series Benutzerregistrierung" = Canon MX860 series Benutzerregistrierung "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "CanonMyPrinter" = Canon Utilities My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "CCleaner" = CCleaner (remove only) "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "Free Studio_is1" = Free Studio version 4.2 "Google Updater" = Google Updater "HijackThis" = HijackThis 2.0.2 "InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3 "InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort "InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "InstallShield_{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver "InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers. "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "lvdrivers_11.80" = Logitech QuickCam-Treiberpaket "MAGIX Music Maker 15 Premium Download-Version D" = MAGIX Music Maker 15 Premium Download-Version 15.0.1.5 (D) "MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8) "MP Navigator EX 2.1" = Canon MP Navigator EX 2.1 "ProtectDisc Driver 10" = ProtectDisc Helper Driver 10 "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "SynTPDeinstKey" = Synaptics Pointing Device Driver "TOSHIBA Software Modem" = TOSHIBA Software Modem "TreeSize Free_is1" = TreeSize Free V2.3.3 "Uninstall_is1" = Uninstall 1.0.0.1 "VirtualCloneDrive" = VirtualCloneDrive "VLC media player" = VLC media player 1.0.5 "Windows Media Encoder 9" = Windows Media Encoder 9-Reihe "WinRAR archiver" = WinRAR "Yahoo! Toolbar" = Yahoo! Toolbar "YInstHelper" = Yahoo! Install Manager ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12.02.2010 06:25:06 | Computer Name = **** | Source = Google Update | ID = 20 Description = Error - 13.02.2010 03:57:25 | Computer Name = **** | Source = Windows Search Service | ID = 3024 Description = Error - 13.02.2010 14:25:05 | Computer Name = **** | Source = Google Update | ID = 20 Description = Error - 14.02.2010 10:25:06 | Computer Name = **** | Source = Google Update | ID = 20 Description = Error - 14.02.2010 11:25:06 | Computer Name = **** | Source = Google Update | ID = 20 Description = Error - 14.02.2010 12:25:06 | Computer Name = **** | Source = Google Update | ID = 20 Description = Error - 14.02.2010 13:25:06 | Computer Name = **** | Source = Google Update | ID = 20 Description = Error - 14.02.2010 14:25:07 | Computer Name = **** | Source = Google Update | ID = 20 Description = Error - 14.02.2010 15:25:06 | Computer Name = **** | Source = Google Update | ID = 20 Description = Error - 15.02.2010 09:25:06 | Computer Name = **** | Source = Google Update | ID = 20 Description = [ Media Center Events ] Error - 03.01.2009 09:42:56 | Computer Name = **** | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 03.01.2009 09:43:51 | Computer Name = **** | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 07.02.2010 11:17:11 | Computer Name = **** | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide [ System Events ] Error - 10.03.2009 19:40:55 | Computer Name = **** | Source = HTTP | ID = 15016 Description = Error - 10.03.2009 19:41:26 | Computer Name = **** | Source = Service Control Manager | ID = 7000 Description = Error - 11.03.2009 02:35:05 | Computer Name = **** | Source = DCOM | ID = 10010 Description = Error - 12.03.2009 19:27:18 | Computer Name = **** | Source = HTTP | ID = 15016 Description = Error - 12.03.2009 19:27:48 | Computer Name = **** | Source = Service Control Manager | ID = 7000 Description = Error - 15.03.2009 19:35:37 | Computer Name = **** | Source = HTTP | ID = 15016 Description = Error - 15.03.2009 19:36:11 | Computer Name = **** | Source = Service Control Manager | ID = 7000 Description = Error - 15.03.2009 23:26:22 | Computer Name = **** | Source = DCOM | ID = 10010 Description = Error - 16.03.2009 19:53:12 | Computer Name = **** | Source = HTTP | ID = 15016 Description = Error - 16.03.2009 19:53:45 | Computer Name = **** | Source = Service Control Manager | ID = 7000 Description = < End of report > Antivirus Vista 2010 ist immer noch da und macht mir das Leben schwer!  Danke schonmal |
|
04.03.2010, 15:15
| #4 |
| | Antivirus Vista 2010, av.exe, PC schreibt gelegentlich nicht+Fehlermeldung bei Prog Hi, ja, und zwar hier: [2010.03.03 17:14:26 | 000,197,120 | -HS- | C] () -- C:\Users\****\AppData\Local\av.exe Also (Achtung: Ersetze die "****" durch den richtigen Pfad): Anleitung Avenger (by swandog46) 1.) Lade dir das Tool Avenger und speichere es auf dem Desktop:  2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist. Kopiere nun folgenden Text in das weiße Feld: (bei -> "input script here") Code:
ATTFilter Files to delete:
C:\Users\****\AppData\Local\av.exe
4.) Um den Avenger zu starten klicke auf -> Execute Dann bestätigen mit "Yes" das der Rechner neu startet! 5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board. Führe ggf. danach noch mal die SetExe.reg durch... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
04.03.2010, 15:44
| #5 |
| | Antivirus Vista 2010, av.exe, PC schreibt gelegentlich nicht+Fehlermeldung bei Prog So .... das hier der Report: Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\Users\Kathrin\AppData\Local\av.exe" deleted successfully. Completed script processing. ******************* Finished! Terminate. D.h. "av.exe" ist weg. Es kommt auch keine Meldung bzg Viren, Trojaner etc mehr. Dafür kurz eine andere Frage jetzt hat sich plötzlich das Windows Updatefenster geöffnet. Ist das ok, oder ist das wieder ein "Fake"?? Hatte mal gelesen das diese "Fake-Progs" das auch machen. Vorerst tausend Dank für deine Hilfe und einen schönen Nachmittag noch!!  Link |
|
04.03.2010, 15:53
| #6 |
| | Antivirus Vista 2010, av.exe, PC schreibt gelegentlich nicht+Fehlermeldung bei Prog OH und noch etwas vergessen: Kann ich die ganzen Progs wieder löschen, bzw. in vom Desktop runter nehmen??? Danke! |
|
04.03.2010, 17:31
| #7 | ||
| | Antivirus Vista 2010, av.exe, PC schreibt gelegentlich nicht+Fehlermeldung bei Prog Hi, die Programme kannst du wieder deinstallieren/löschen... Eine Sache noch: Zitat:
und Zitat:
Code:
ATTFilter :reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = dword:0x00
chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
04.03.2010, 18:04
| #8 |
| | Antivirus Vista 2010, av.exe, PC schreibt gelegentlich nicht+Fehlermeldung bei Prog OK, hier die results von OTL: ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring" | dword:0x00 /E : value set successfully! OTL by OldTimer - Version 3.1.33.0 log created on 03042010_175418 Diese Datei "58La0" ist auch nicht sichtbar im Ordner. Soll ich die auch mit Avenger löschen, sowie die av.exe? Und dann noch mal nen Log hier reinstellen? Danke!!!!!! |
|
05.03.2010, 07:23
| #9 |
| | Antivirus Vista 2010, av.exe, PC schreibt gelegentlich nicht+Fehlermeldung bei Prog Hi, würde ich empfehlen, koscher ist die Datei ganz sicher nicht! Oder wie folgt verfahren: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\Users\Kathrin\AppData\Local\58La0
Falls die Datei erkannt wird, kannst Du sie immer noch mit Avenger "entsorgen"... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
05.03.2010, 10:34
| #10 |
| | Antivirus Vista 2010, av.exe, PC schreibt gelegentlich nicht+Fehlermeldung bei Prog Morgen, hier die Logs: 58La0 Antivirus Version letzte aktualisierung Ergebnis a-squared 4.5.0.50 2010.03.05 - AhnLab-V3 5.0.0.2 2010.03.04 - AntiVir 8.2.1.180 2010.03.05 - Antiy-AVL 2.0.3.7 2010.03.05 - Authentium 5.2.0.5 2010.03.05 - Avast 4.8.1351.0 2010.03.04 - Avast5 5.0.332.0 2010.03.04 - AVG 9.0.0.730 2010.03.04 - BitDefender 7.2 2010.03.05 - CAT-QuickHeal 10.00 2010.03.05 - ClamAV 0.96.0.0-git 2010.03.05 - Comodo 4091 2010.02.28 - DrWeb 5.0.1.12222 2010.03.05 - eSafe 7.0.17.0 2010.03.04 - eTrust-Vet 35.2.7341 2010.03.05 - F-Prot 4.5.1.85 2010.03.04 - F-Secure 9.0.15370.0 2010.03.05 - Fortinet 4.0.14.0 2010.03.04 - GData 19 2010.03.05 - Ikarus T3.1.1.80.0 2010.03.05 - Jiangmin 13.0.900 2010.03.05 - K7AntiVirus 7.10.990 2010.03.04 - Kaspersky 7.0.0.125 2010.03.05 - McAfee 5910 2010.03.04 - McAfee+Artemis 5910 2010.03.04 - McAfee-GW-Edition 6.8.5 2010.03.04 - Microsoft 1.5502 2010.03.05 - NOD32 4917 2010.03.05 - Norman 6.04.08 2010.03.04 - nProtect 2009.1.8.0 2010.03.05 - Panda 10.0.2.2 2010.03.04 - PCTools 7.0.3.5 2010.03.04 - Prevx 3.0 2010.03.05 - Rising 22.37.04.03 2010.03.05 - Sophos 4.51.0 2010.03.05 - Sunbelt 5756 2010.03.05 - Symantec 20091.2.0.41 2010.03.05 - TheHacker 6.5.1.7.221 2010.03.05 - TrendMicro 9.120.0.1004 2010.03.05 - VBA32 3.12.12.2 2010.03.05 - ViRobot 2010.3.5.2214 2010.03.05 - VirusBuster 5.0.27.0 2010.03.04 - weitere Informationen File size: 8344 bytes MD5...: c61c6c4275cf790baca3694e22854731 SHA1..: 678089106aff390bc7967d7342d6f6bffca74524 SHA256: b306ff103548ac09b8fc46018e3973e3471dcf57cf95d867422a70185d44b873 ssdeep: 192:S+OwGjktsNu75uSsNaIIJOinKmdwMWni53dm0I:1F0k6WuyIIRKmCM13lI PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set - sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned pdfid.: - trid..: Unknown! d3d9caps.dat (wurde auch um die gleiche Uhrzeit wie av.exe erstellt) Antivirus Version letzte aktualisierung Ergebnis a-squared 4.5.0.50 2010.03.05 - AhnLab-V3 5.0.0.2 2010.03.04 - AntiVir 8.2.1.180 2010.03.05 - Antiy-AVL 2.0.3.7 2010.03.05 - Authentium 5.2.0.5 2010.03.05 - Avast 4.8.1351.0 2010.03.04 - Avast5 5.0.332.0 2010.03.04 - AVG 9.0.0.730 2010.03.04 - BitDefender 7.2 2010.03.05 - CAT-QuickHeal 10.00 2010.03.05 - ClamAV 0.96.0.0-git 2010.03.05 - Comodo 4091 2010.02.28 - DrWeb 5.0.1.12222 2010.03.05 - eSafe 7.0.17.0 2010.03.04 - eTrust-Vet 35.2.7341 2010.03.05 - F-Prot 4.5.1.85 2010.03.04 - F-Secure 9.0.15370.0 2010.03.05 - Fortinet 4.0.14.0 2010.03.04 - GData 19 2010.03.05 - Ikarus T3.1.1.80.0 2010.03.05 - Jiangmin 13.0.900 2010.03.05 - K7AntiVirus 7.10.990 2010.03.04 - Kaspersky 7.0.0.125 2010.03.05 - McAfee 5910 2010.03.04 - McAfee+Artemis 5910 2010.03.04 - McAfee-GW-Edition 6.8.5 2010.03.04 - Microsoft 1.5502 2010.03.05 - NOD32 4917 2010.03.05 - Norman 6.04.08 2010.03.04 - nProtect 2009.1.8.0 2010.03.05 - Panda 10.0.2.2 2010.03.04 - PCTools 7.0.3.5 2010.03.04 - Prevx 3.0 2010.03.05 - Rising 22.37.04.03 2010.03.05 - Sophos 4.51.0 2010.03.05 - Sunbelt 5756 2010.03.05 - Symantec 20091.2.0.41 2010.03.05 - TheHacker 6.5.1.7.221 2010.03.05 - TrendMicro 9.120.0.1004 2010.03.05 - VBA32 3.12.12.2 2010.03.05 - ViRobot 2010.3.5.2214 2010.03.05 - VirusBuster 5.0.27.0 2010.03.04 - weitere Informationen File size: 680 bytes MD5...: 5b49bf686acfc4a0d06444274edb9074 SHA1..: baae1ea2246702e425cb42f7bae2a0eef8dcbd0d SHA256: ec916b1f1cff474d6322c72554a308c20c77d8c239d84dd80ee700b900f55099 ssdeep: 3:tnu0GwFLlPKuwt/1lFl+s//1CltBlljlll/Dll:/PN/Qms1Cl PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set - pdfid.: - trid..: Targa bitmap (Original TGA Format) (63.6%) MS Flight Simulator Aircraft Performance Info (36.3%) sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned Soll ich beide "entfernen"? Danke!!!!! |
|
05.03.2010, 12:05
| #11 |
| | Antivirus Vista 2010, av.exe, PC schreibt gelegentlich nicht+Fehlermeldung bei Prog Hi, die "d3d9caps.dat" sollte zu DirectX gehören, das andere würde ich mal löschen... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
| Themen zu Antivirus Vista 2010, av.exe, PC schreibt gelegentlich nicht+Fehlermeldung bei Prog |
| agere systems, antivir guard, antivirus, avgntflt.sys, avira, bho, browser, desktop, device driver, ebay, enigma, excel, fehler, firefox, google, gservice, gupdate, hdaudio.sys, hijack, hijackthis, hkus\s-1-5-18, home, home premium, installation, local\temp, malwarebytes' anti-malware, mozilla, programdata, proxy, rarsfx0, realtek, registry, saver, software, staropen, start menu, svchost.exe, system, usb, usbvideo.sys, vista, windows, wireless lan |
Linear-Darstellung
