Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Trojaner Calfnu.sys taucht wieder auf

Trojaner Calfnu.sys taucht wieder auf


Plagegeister aller Art und deren Bekämpfung: Trojaner Calfnu.sys taucht wieder auf

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.05.2010, 20:45   #1
relaxingdave
 
Trojaner Calfnu.sys taucht wieder auf - Standard

Trojaner Calfnu.sys taucht wieder auf


Hallo!
Nachdem ich bereits die Anleitungen aus dem forum zur Entfernung des Trojaners Malware Doc (http://www.trojaner-board.de/83172-a...entfernen.html) ausgeführt habe, und diesen folgend auch den malwarebytes' antimalware eingesetzt habe, wird immer noch ein Trojaner bei jeder Reinigung und Neustart angezeigt. Die Geschwindigkeit des Rechners ist deutlich herabgesetzt.
Was kann ich dagegen tun, dass er immer wieder neu auftaucht?

hier die log datei:

Für eure Hilfe wäre ich sehr dankbar! Viele Grüße, David

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4057

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

01.05.2010 21:37:09
mbam-log-2010-05-01 (21-37-09).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 123631
Laufzeit: 14 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\system32\Drivers\calfnu.sys (Rootkit.Agent) -> No action taken.
Geändert von relaxingdave (01.05.2010 um 21:08 Uhr)

Alt 01.05.2010, 21:17   #2
StLB
/// Helfer-Team
 
Trojaner Calfnu.sys taucht wieder auf - Standard

Trojaner Calfnu.sys taucht wieder auf


Hi und !


Ja, Antimalware Doctor & co haben zumeist noch ein Rootkit im Gepäck.

Für einen besseren Einblick in dein Systembitte mal mit OTL scannen:


Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Danach bitte einen Rootkitscan mit GMER durchführen.
__________________

__________________
Alt 02.05.2010, 12:29   #3
relaxingdave
 
Trojaner Calfnu.sys taucht wieder auf - Standard

Trojaner Calfnu.sys taucht wieder auf


Vielen Dank für deine Hilfe! Ich habe den Scan durchgeführt mit OTL, ohne Probleme. Als ich danach mit GMER den Scan startete, alle Programme und Virenscanner waren ausgeschaltet, kam plötzlich ein blauer Bildschirm mit irgendeiner Fehlermeldung, die icch mir nicht genau angeschaut habe, da ich einfach nur schnell neu hochfahren wollte. Jetzt zeigt sich im Windows Vista nur noch die Leiste mit den Icons am oberen Bildschirmrand, Desktop-Icons, Start-Leiste etc. werden nicht angezeigt.

Muss ich noch etwas anderes vor dem Scan mit GMER beachten oder finden sich in den Logdateien von OTL schon andere Fehler?

Hier die beiden Logdateien:

OTL logfile created on: 02.05.2010 11:13:59 - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Users\Tina\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,28 Gb Total Space | 92,37 Gb Free Space | 41,93% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,04 Gb Free Space | 50,43% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TINA-PC
Current User Name: Tina
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Tina\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Programme\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\Programme\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wermgr.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Digital Line Detect\DLG.exe (Avanquest Software )


========== Modules (SafeList) ==========

MOD - C:\Users\Tina\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (GoogleDesktopManager-110309-193829) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe ()
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (UDXTTM6010) -- C:\Windows\System32\drivers\UDXTTM6010.sys ()
DRV - (TTHID) -- C:\Windows\System32\drivers\Cinergy_Hybrid_XE_HID.sys (DTV-DVB)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (VST_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3081021
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3081021
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "hxxp://www.sueddeutsche.de/"
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.19
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.01.07 19:39:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.30 09:13:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.30 09:13:20 | 000,000,000 | ---D | M]

[2009.01.07 20:00:11 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\mozilla\Extensions
[2010.05.01 18:30:31 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\mozilla\Firefox\Profiles\60v1eaok.default\extensions
[2009.09.02 18:12:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tina\AppData\Roaming\mozilla\Firefox\Profiles\60v1eaok.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.01.08 17:34:01 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Tina\AppData\Roaming\mozilla\Firefox\Profiles\60v1eaok.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.05.01 16:04:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tina\AppData\Roaming\mozilla\Firefox\Profiles\60v1eaok.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009.03.29 01:06:57 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\mozilla\Firefox\Profiles\60v1eaok.default\extensions\moveplayer@movenetworks.com
[2010.05.01 18:30:31 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2008.10.28 18:09:41 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com
[2009.09.05 11:11:22 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.09.05 11:11:22 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.09.05 11:11:22 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.09.05 11:11:22 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.09.05 11:11:22 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (WsftpBrowserHelper Class) - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Programme\Ipswitch\WS_FTP Pro\wsbho2k0.dll (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Users\Tina\Downloads\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Users\Tina\Downloads\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Tina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{23356064-fc2c-11dd-9e66-00219bf1c37d}\Shell\AutoRun\command - "" = F:\f9o8o.exe -- File not found
O33 - MountPoints2\{23356064-fc2c-11dd-9e66-00219bf1c37d}\Shell\open\Command - "" = F:\f9o8o.exe -- File not found
O33 - MountPoints2\{7271ee57-a818-11de-b199-00219bf1c37d}\Shell\AutoRun\command - "" = F:\9fo3ar0j.exe -- File not found
O33 - MountPoints2\{7271ee57-a818-11de-b199-00219bf1c37d}\Shell\open\Command - "" = F:\9fo3ar0j.exe -- File not found
O33 - MountPoints2\{7271ee5a-a818-11de-b199-00219bf1c37d}\Shell - "" = AutoRun
O33 - MountPoints2\{7271ee5a-a818-11de-b199-00219bf1c37d}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{74e6fea8-46e5-11de-b962-00219bf1c37d}\Shell - "" = AutoRun
O33 - MountPoints2\{74e6fea8-46e5-11de-b962-00219bf1c37d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{bce4170f-a138-11dd-839b-00219bf1c37d}\Shell\AutoRun\command - "" = F:\
O33 - MountPoints2\{bce4170f-a138-11dd-839b-00219bf1c37d}\Shell\open\Command - "" = rundll32.exe .\\egs.dll,InstallM
O33 - MountPoints2\{d3dca406-e7ec-11de-88d5-00219bf1c37d}\Shell\AutoRun\command - "" = F:\1hqup.exe -- File not found
O33 - MountPoints2\{d3dca406-e7ec-11de-88d5-00219bf1c37d}\Shell\open\Command - "" = F:\1hqup.exe -- File not found
O33 - MountPoints2\{ed19b55a-1ae4-11de-b04e-00219bf1c37d}\Shell\AutoRun\command - "" = F:\86.exe -- File not found
O33 - MountPoints2\{ed19b55a-1ae4-11de-b04e-00219bf1c37d}\Shell\open\Command - "" = F:\86.exe -- File not found
O33 - MountPoints2\{f1e10bad-60c9-11de-88d1-00225f28680c}\Shell\AutoRun\command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{f1e10bad-60c9-11de-88d1-00225f28680c}\Shell\Explore\Command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{f1e10bad-60c9-11de-88d1-00225f28680c}\Shell\Open\Command - "" = AutoRun\AutoStart.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.05.02 11:12:32 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.exe
[2010.05.01 18:09:18 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\Malwarebytes
[2010.05.01 18:09:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.05.01 18:09:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.01 18:09:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.05.01 18:09:03 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.05.01 18:08:36 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Tina\Desktop\herbert.exe
[2010.05.01 16:38:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.05.01 16:26:05 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2010.05.01 16:26:00 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover
[2010.05.01 16:26:00 | 000,000,000 | ---D | C] -- C:\Users\Tina\Favorites\Documents\Simply Super Software
[2010.05.01 16:26:00 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\Simply Super Software
[2010.05.01 16:26:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010.05.01 16:04:16 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\QuickScan
[2010.05.01 15:36:23 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\40874611E4AC3C3E476D03CE41B39B45
[2010.04.26 07:23:38 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.04.26 07:20:57 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010.04.26 07:20:52 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010.04.25 13:13:46 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.25 13:13:44 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.25 13:13:35 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.25 13:13:02 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.04.25 13:13:00 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.04.25 13:13:00 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.04.25 13:13:00 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.04.25 13:12:59 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.04.25 13:12:59 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010.04.25 13:12:58 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.04.25 13:12:58 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.04.25 13:12:58 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.04.25 13:12:57 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.04.25 13:12:56 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.04.25 13:12:45 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm

========== Files - Modified Within 30 Days ==========

[2010.05.02 11:18:50 | 002,883,584 | -HS- | M] () -- C:\Users\Tina\ntuser.dat
[2010.05.02 11:17:26 | 000,823,808 | ---- | M] () -- C:\Windows\System32\drivers\calfnu.sys
[2010.05.02 11:12:39 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.exe
[2010.05.02 11:00:00 | 000,621,346 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.05.02 11:00:00 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.05.02 11:00:00 | 000,123,686 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.05.02 11:00:00 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.05.02 10:59:59 | 001,426,634 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.05.02 10:58:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.02 10:56:03 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.05.02 10:54:26 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.02 10:54:18 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.05.02 10:54:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.02 10:36:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.02 10:36:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.02 10:35:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.02 10:35:29 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.01 22:35:22 | 000,524,288 | -HS- | M] () -- C:\Users\Tina\ntuser.dat{0bc4c7dc-1dd3-11de-a45c-00219bf1c37d}.TMContainer00000000000000000001.regtrans-ms
[2010.05.01 22:35:22 | 000,065,536 | -HS- | M] () -- C:\Users\Tina\ntuser.dat{0bc4c7dc-1dd3-11de-a45c-00219bf1c37d}.TM.blf
[2010.05.01 22:35:11 | 001,836,655 | -H-- | M] () -- C:\Users\Tina\AppData\Local\IconCache.db
[2010.05.01 18:40:27 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8B3CFEA5-C076-4772-BBB3-1CE35D568D7B}.job
[2010.05.01 18:08:44 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tina\Desktop\herbert.exe
[2010.05.01 18:04:54 | 000,363,520 | ---- | M] () -- C:\Users\Tina\Desktop\rkill.com
[2010.05.01 15:36:06 | 000,163,840 | ---- | M] () -- C:\Windows\Gnyxoa.exe
[2010.05.01 12:12:01 | 000,379,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.25 13:04:45 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

========== Files Created - No Company Name ==========

[2010.05.01 18:04:52 | 000,363,520 | ---- | C] () -- C:\Users\Tina\Desktop\rkill.com
[2010.05.01 16:26:05 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010.05.01 16:26:05 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2010.05.01 16:26:05 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2010.05.01 16:26:05 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2010.05.01 15:36:45 | 000,163,840 | ---- | C] () -- C:\Windows\Gnyxoa.exe
[2010.05.01 15:36:34 | 000,823,808 | ---- | C] () -- C:\Windows\System32\drivers\calfnu.sys
[2010.05.01 15:36:22 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.04.25 13:04:45 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2009.05.22 16:58:13 | 000,596,896 | ---- | C] () -- C:\Windows\System32\drivers\UDXTTM6010.sys
[2008.11.01 21:38:47 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008.11.01 21:38:47 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2008.11.01 21:38:45 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.11.01 21:38:44 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.11.01 21:38:44 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008.11.01 21:38:43 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.10.21 12:07:48 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008.10.21 12:07:48 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008.10.21 12:07:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008.10.21 12:07:48 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008.10.21 12:07:48 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008.10.21 12:07:45 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008.10.21 02:33:44 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >




EXTRAS:

OTL Extras logfile created on: 02.05.2010 11:13:59 - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Users\Tina\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,28 Gb Total Space | 92,37 Gb Free Space | 41,93% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,04 Gb Free Space | 50,43% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TINA-PC
Current User Name: Tina
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03BF2BFE-D920-4E70-81CE-AEECD64AA7BB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1A204ADC-BBF3-4A05-BF4E-B309F21D76EE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{23E1D9AA-5930-45DD-A14C-07B945A280F8}" = lport=137 | protocol=17 | dir=in | app=system |
"{35B1F461-B79D-4BD2-85AF-3755AAB7F3B4}" = rport=138 | protocol=17 | dir=out | app=system |
"{3F81CF22-D891-4970-AC14-ECE576782FDD}" = lport=139 | protocol=6 | dir=in | app=system |
"{560FB45C-83B7-4F7C-9EF8-927D958BE95A}" = rport=137 | protocol=17 | dir=out | app=system |
"{5C3AEF0C-7CC4-46AF-B75D-7BF3A97F2ABC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{6CB032F5-484B-4894-B016-CB24744D492F}" = rport=445 | protocol=6 | dir=out | app=system |
"{8AC7B46A-1F05-477F-BC47-5C0232793356}" = rport=139 | protocol=6 | dir=out | app=system |
"{BC7CBC3E-AA7C-4997-A268-80B159816300}" = lport=445 | protocol=6 | dir=in | app=system |
"{EA619EF2-70C5-4BD5-B18E-22B4EAA0EBD4}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F0FB2A-3E3E-4DFE-9541-9BD0749CD9D5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0263FEC4-A1DF-4717-A450-864A905DED00}" = protocol=6 | dir=in | app=c:\program files\terratec home cinema\cinergydvr.exe |
"{0525C170-4B91-46CD-A487-9D6E375DC7A5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B60A45B-D50A-49F0-AFF9-1A8B8C51C0F5}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{0E492CE5-76AD-4CDB-B1F3-8A089F7806CC}" = protocol=6 | dir=in | app=c:\program files\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{18E2A12F-1DAB-4176-B084-6EC4F7D2CBDA}" = protocol=17 | dir=in | app=c:\program files\terratec home cinema\cinergydvr.exe |
"{1B2EFB01-1F05-46B8-90FA-DBA2FC024341}" = protocol=17 | dir=in | app=c:\users\tina\appdata\local\temp\{d2771496-2946-4520-bbec-c6de9759bbef}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{21832259-5E48-4AD4-B90C-B1792A066AC3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2260A97E-7817-46A9-A87A-3F7B2FB42AE9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{29E2EDA5-AC21-4E27-AA0B-D72883094B2D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{376E31DB-C666-4EA6-A805-D6B713635F12}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{44F9F07A-7CAC-4C77-B694-3A12783CBA35}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4530ECFB-C3A0-49AE-81B9-B99AA56DBC85}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{474F5F18-A064-434F-9029-03FADA4E705D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{518FE508-D5C8-4E0F-9D48-1B25714EE43E}" = protocol=6 | dir=in | app=c:\users\tina\appdata\local\temp\{d2771496-2946-4520-bbec-c6de9759bbef}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{58FB1199-4AF6-4EAF-BD97-379053E118A5}" = protocol=17 | dir=in | app=c:\program files\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{5E972AE4-4A6A-4495-882F-4AB920509125}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{696942F2-A48F-48BB-9803-AA5A2EA9D94D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{71A681CA-85A2-48A6-9CA4-1575D6AD0662}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{863B1324-8BA8-40AE-97A2-980CD0727757}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A5369D62-AA31-4DAC-A668-8297E63A7916}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A5F7B08F-799A-4B8A-9DEB-35B4584DF0C1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B845A3F1-3755-46D6-ACCB-692B57C05CEC}" = protocol=6 | dir=in | app=c:\program files\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe |
"{BCFD71F6-035F-4415-9866-487277537823}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D98666E1-EBE8-422A-A11D-79688D23D7EC}" = protocol=17 | dir=in | app=c:\program files\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe |
"{DED2864A-7C7F-44EB-AC38-5523BA9E4842}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EB9AD8C4-7081-48D6-B630-9EBB1B48F63E}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{FC3DAC26-CE85-4374-8D0A-8AC4B71378DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FE27F6A0-644D-46A6-845C-D1720C1BF8E2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{04921344-82AE-4628-9896-026172BF4F46}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{13637332-188D-478E-B746-825C32139E12}C:\users\tina\downloads\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\users\tina\downloads\icq6.5\icq.exe |
"TCP Query User{229231DA-5C79-44FF-8BBE-AC634B193828}C:\users\tina\downloads\icq6\icq.exe" = protocol=6 | dir=in | app=c:\users\tina\downloads\icq6\icq.exe |
"TCP Query User{5B4DBD95-96BA-4C25-A7A4-C9F80848FBAE}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"TCP Query User{716A7FEE-4D68-4007-B7EB-0021895DB284}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{83383367-E625-417A-AF1B-95CD805896B4}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{FB96AF07-C195-4F2A-A864-BC39883374B1}C:\users\tina\downloads\icq6\icq.exe" = protocol=6 | dir=in | app=c:\users\tina\downloads\icq6\icq.exe |
"UDP Query User{1D6F3616-811B-4C2D-B903-0EF6ECD54CA4}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{2333B116-EDDE-45E8-A5FB-C4EA46DEA536}C:\users\tina\downloads\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\users\tina\downloads\icq6.5\icq.exe |
"UDP Query User{3E66AB84-FD63-4EC6-AB34-A9BCCC2074AC}C:\users\tina\downloads\icq6\icq.exe" = protocol=17 | dir=in | app=c:\users\tina\downloads\icq6\icq.exe |
"UDP Query User{5D60D18E-4EBB-43AC-A0E3-F40F822D5F9D}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{CE02FDDF-37C9-4D68-A192-51DE9747AEE7}C:\users\tina\downloads\icq6\icq.exe" = protocol=17 | dir=in | app=c:\users\tina\downloads\icq6\icq.exe |
"UDP Query User{F2158CC1-D558-4313-94C8-D0E1A7A96467}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{FA88583C-96CD-4891-B2E5-28D8CF815BD8}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Pro
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11b Network Adapter" = Dienstprogramm für Dell Wireless WLAN Karte
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GoToAssist" = GoToAssist 8.0.0.514
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.1.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"OpenVPN" = OpenVPN 2.1_rc15
"Picasa 3" = Picasa 3
"PROPLUS" = Microsoft Office Professional Plus 2007
"Trojan Remover_is1" = Trojan Remover 6.8.1
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"Zattoo" = Zattoo 3.3.4 Beta

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26.04.2010 01:15:56 | Computer Name = Tina-PC | Source = WinMgmt | ID = 10
Description =

Error - 27.04.2010 17:37:39 | Computer Name = Tina-PC | Source = WinMgmt | ID = 10
Description =

Error - 28.04.2010 02:39:54 | Computer Name = Tina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung bcmwltry.exe, Version 4.170.77.13, Zeitstempel
0x4835b392, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x01ad6d1b, Prozess-ID 0x6a4, Anwendungsstartzeit
01cae69d8f4cb38e.

Error - 28.04.2010 02:40:07 | Computer Name = Tina-PC | Source = WinMgmt | ID = 10
Description =

Error - 28.04.2010 08:22:13 | Computer Name = Tina-PC | Source = WinMgmt | ID = 10
Description =

Error - 29.04.2010 09:49:03 | Computer Name = Tina-PC | Source = WinMgmt | ID = 10
Description =

Error - 30.04.2010 12:08:20 | Computer Name = Tina-PC | Source = WinMgmt | ID = 10
Description =

Error - 01.05.2010 06:13:40 | Computer Name = Tina-PC | Source = WinMgmt | ID = 10
Description =

Error - 01.05.2010 09:36:24 | Computer Name = Tina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Gvb.exe, Version 2.2.37.0, Zeitstempel 0x4ba3a52d,
fehlerhaftes Modul msvcrt.dll, Version 7.0.6001.18000, Zeitstempel 0x4791a727,
Ausnahmecode 0xc0000005, Fehleroffset 0x00011ffe, Prozess-ID 0x878, Anwendungsstartzeit
01cae9333e0c3600.

Error - 01.05.2010 09:38:20 | Computer Name = Tina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung gotnewupdate.exe, Version 0.0.0.0, Zeitstempel
0x4bd9d130, fehlerhaftes Modul kernel32.dll, Version 6.0.6001.18215, Zeitstempel
0x49953395, Ausnahmecode 0xc0000005, Fehleroffset 0x000bf395, Prozess-ID 0x148c,
Anwendungsstartzeit 01cae9334c0b6eb0.

[ Broadcom Wireless LAN Events ]
Error - 01.05.2010 09:40:05 | Computer Name = Tina-PC | Source = WLAN-Tray | ID = 0
Description = 15:40:05, Sat, May 01, 10 Error - User "" does not have administrative
privileges on this system

Error - 01.05.2010 09:40:05 | Computer Name = Tina-PC | Source = WLAN-Tray | ID = 0
Description = 15:40:05, Sat, May 01, 10 Error - User "" does not have administrative
privileges on this system

Error - 01.05.2010 11:45:40 | Computer Name = Tina-PC | Source = WLAN-Tray | ID = 0
Description = 17:45:40, Sat, May 01, 10 Error - User "" does not have administrative
privileges on this system

Error - 01.05.2010 11:45:40 | Computer Name = Tina-PC | Source = WLAN-Tray | ID = 0
Description = 17:45:40, Sat, May 01, 10 Error - User "" does not have administrative
privileges on this system

Error - 01.05.2010 14:43:45 | Computer Name = Tina-PC | Source = WLAN-Tray | ID = 0
Description = 20:43:45, Sat, May 01, 10 Error - User "" does not have administrative
privileges on this system

Error - 01.05.2010 14:43:45 | Computer Name = Tina-PC | Source = WLAN-Tray | ID = 0
Description = 20:43:45, Sat, May 01, 10 Error - User "" does not have administrative
privileges on this system

Error - 01.05.2010 15:08:59 | Computer Name = Tina-PC | Source = WLAN-Tray | ID = 0
Description = 21:08:59, Sat, May 01, 10 Error - User "" does not have administrative
privileges on this system

Error - 01.05.2010 15:09:00 | Computer Name = Tina-PC | Source = WLAN-Tray | ID = 0
Description = 21:09:00, Sat, May 01, 10 Error - User "" does not have administrative
privileges on this system

Error - 01.05.2010 16:35:16 | Computer Name = Tina-PC | Source = WLAN-Tray | ID = 0
Description = 22:35:16, Sat, May 01, 10 Error - User "" does not have administrative
privileges on this system

Error - 01.05.2010 16:35:16 | Computer Name = Tina-PC | Source = WLAN-Tray | ID = 0
Description = 22:35:16, Sat, May 01, 10 Error - User "" does not have administrative
privileges on this system

[ Media Center Events ]
Error - 05.11.2008 13:50:42 | Computer Name = Tina-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide


Error - 09.11.2008 11:58:23 | Computer Name = Tina-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center
Guide

Error - 06.03.2009 07:19:43 | Computer Name = Tina-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide


Error - 16.03.2009 15:04:59 | Computer Name = Tina-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide


Error - 23.03.2009 05:56:09 | Computer Name = Tina-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide


Error - 30.05.2009 06:16:50 | Computer Name = Tina-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide


[ System Events ]
Error - 01.05.2010 14:44:04 | Computer Name = Tina-PC | Source = DCOM | ID = 10010
Description =

Error - 01.05.2010 14:44:12 | Computer Name = Tina-PC | Source = DCOM | ID = 10010
Description =

Error - 01.05.2010 14:45:34 | Computer Name = Tina-PC | Source = HTTP | ID = 15016
Description =

Error - 01.05.2010 14:46:16 | Computer Name = Tina-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 01.05.2010 15:10:24 | Computer Name = Tina-PC | Source = HTTP | ID = 15016
Description =

Error - 01.05.2010 15:11:39 | Computer Name = Tina-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 01.05.2010 16:17:31 | Computer Name = Tina-PC | Source = bowser | ID = 8003
Description =

Error - 02.05.2010 04:35:58 | Computer Name = Tina-PC | Source = HTTP | ID = 15016
Description =

Error - 02.05.2010 04:36:41 | Computer Name = Tina-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 02.05.2010 04:55:16 | Computer Name = Tina-PC | Source = Service Control Manager | ID = 7032
Description =


< End of report >




Für weitere Hilfen wär ich sehr dankbar!

David
__________________
Alt 02.05.2010, 13:13   #4
StLB
/// Helfer-Team
 
Trojaner Calfnu.sys taucht wieder auf - Standard

Trojaner Calfnu.sys taucht wieder auf


Kannst du OTL auf deinem PC noch starten? Oder geht das auch nicht mehr?
Ansonsten evtl im abgesicherten Modus das hier probieren:

Fixen mit OTL
  • Starte bitte die OTL.exe.
    Vista-User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:OTL
O13 - gopher Prefix: missing
O33 - MountPoints2\{23356064-fc2c-11dd-9e66-00219bf1c37d}\Shell\AutoRun\command - "" = F:\f9o8o.exe -- File not found
O33 - MountPoints2\{23356064-fc2c-11dd-9e66-00219bf1c37d}\Shell\open\Command - "" = F:\f9o8o.exe -- File not found
O33 - MountPoints2\{7271ee57-a818-11de-b199-00219bf1c37d}\Shell\AutoRun\command - "" = F:\9fo3ar0j.exe -- File not found
O33 - MountPoints2\{7271ee57-a818-11de-b199-00219bf1c37d}\Shell\open\Command - "" = F:\9fo3ar0j.exe -- File not found
O33 - MountPoints2\{7271ee5a-a818-11de-b199-00219bf1c37d}\Shell - "" = AutoRun
O33 - MountPoints2\{7271ee5a-a818-11de-b199-00219bf1c37d}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{74e6fea8-46e5-11de-b962-00219bf1c37d}\Shell - "" = AutoRun
O33 - MountPoints2\{74e6fea8-46e5-11de-b962-00219bf1c37d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{bce4170f-a138-11dd-839b-00219bf1c37d}\Shell\AutoRun\command - "" = F:\
O33 - MountPoints2\{bce4170f-a138-11dd-839b-00219bf1c37d}\Shell\open\Command - "" = rundll32.exe .\\egs.dll,InstallM
O33 - MountPoints2\{d3dca406-e7ec-11de-88d5-00219bf1c37d}\Shell\AutoRun\command - "" = F:\1hqup.exe -- File not found
O33 - MountPoints2\{d3dca406-e7ec-11de-88d5-00219bf1c37d}\Shell\open\Command - "" = F:\1hqup.exe -- File not found
O33 - MountPoints2\{ed19b55a-1ae4-11de-b04e-00219bf1c37d}\Shell\AutoRun\command - "" = F:\86.exe -- File not found
O33 - MountPoints2\{ed19b55a-1ae4-11de-b04e-00219bf1c37d}\Shell\open\Command - "" = F:\86.exe -- File not found
O33 - MountPoints2\{f1e10bad-60c9-11de-88d1-00225f28680c}\Shell\AutoRun\command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{f1e10bad-60c9-11de-88d1-00225f28680c}\Shell\Explore\Command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{f1e10bad-60c9-11de-88d1-00225f28680c}\Shell\Open\Command - "" = AutoRun\AutoStart.exe
:Services
:Reg
:Files
C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
C:\Windows\System32\drivers\calfnu.sys
C:\Windows\Gnyxoa.exe
:Commands
[purity]
[emptytemp]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Run Fix Button.
  • Klick auf .
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere nun den Inhalt hier in Deinen Thread

Danach bitte einen VollScan mit Malwarebytes durchführen.
__________________
Gruß, Julian

Kein Support per PM!
Spendemöglichkeit: Make a Donation

Alt 02.05.2010, 18:53   #5
relaxingdave
 
Trojaner Calfnu.sys taucht wieder auf - Standard

Trojaner Calfnu.sys taucht wieder auf


Starten funktionierte ohne größere Probleme, im normalen Modus habe ich die beschriebenen Anweisungen ausgeführt. Dies ist die Logdatei:
Danke!

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23356064-fc2c-11dd-9e66-00219bf1c37d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23356064-fc2c-11dd-9e66-00219bf1c37d}\ not found.
File F:\f9o8o.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23356064-fc2c-11dd-9e66-00219bf1c37d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23356064-fc2c-11dd-9e66-00219bf1c37d}\ not found.
File F:\f9o8o.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7271ee57-a818-11de-b199-00219bf1c37d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7271ee57-a818-11de-b199-00219bf1c37d}\ not found.
File F:\9fo3ar0j.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7271ee57-a818-11de-b199-00219bf1c37d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7271ee57-a818-11de-b199-00219bf1c37d}\ not found.
File F:\9fo3ar0j.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7271ee5a-a818-11de-b199-00219bf1c37d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7271ee5a-a818-11de-b199-00219bf1c37d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7271ee5a-a818-11de-b199-00219bf1c37d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7271ee5a-a818-11de-b199-00219bf1c37d}\ not found.
File H:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74e6fea8-46e5-11de-b962-00219bf1c37d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74e6fea8-46e5-11de-b962-00219bf1c37d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74e6fea8-46e5-11de-b962-00219bf1c37d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74e6fea8-46e5-11de-b962-00219bf1c37d}\ not found.
File G:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bce4170f-a138-11dd-839b-00219bf1c37d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bce4170f-a138-11dd-839b-00219bf1c37d}\ not found.
File F:\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bce4170f-a138-11dd-839b-00219bf1c37d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bce4170f-a138-11dd-839b-00219bf1c37d}\ not found.
File rundll32.exe .\\egs.dll,InstallM not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3dca406-e7ec-11de-88d5-00219bf1c37d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3dca406-e7ec-11de-88d5-00219bf1c37d}\ not found.
File F:\1hqup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3dca406-e7ec-11de-88d5-00219bf1c37d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3dca406-e7ec-11de-88d5-00219bf1c37d}\ not found.
File F:\1hqup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed19b55a-1ae4-11de-b04e-00219bf1c37d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed19b55a-1ae4-11de-b04e-00219bf1c37d}\ not found.
File F:\86.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed19b55a-1ae4-11de-b04e-00219bf1c37d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed19b55a-1ae4-11de-b04e-00219bf1c37d}\ not found.
File F:\86.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1e10bad-60c9-11de-88d1-00225f28680c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1e10bad-60c9-11de-88d1-00225f28680c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1e10bad-60c9-11de-88d1-00225f28680c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1e10bad-60c9-11de-88d1-00225f28680c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1e10bad-60c9-11de-88d1-00225f28680c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1e10bad-60c9-11de-88d1-00225f28680c}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job moved successfully.
File move failed. C:\Windows\System32\drivers\calfnu.sys scheduled to be moved on reboot.
C:\Windows\Gnyxoa.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Tina
->Temp folder emptied: 227986355 bytes
->Temporary Internet Files folder emptied: 102989957 bytes
->Java cache emptied: 15175222 bytes
->FireFox cache emptied: 75732833 bytes
->Flash cache emptied: 345035 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 259942226 bytes
RecycleBin emptied: 751854259 bytes

Total Files Cleaned = 1.368,00 mb


OTL by OldTimer - Version 3.2.4.0 log created on 05022010_194240

Files\Folders moved on Reboot...
File\Folder C:\Windows\System32\drivers\calfnu.sys not found!
File\Folder C:\Users\Tina\AppData\Local\Temp\soa_0403.html not found!

Registry entries deleted on Reboot...


Alt 02.05.2010, 20:49   #6
relaxingdave
 
Trojaner Calfnu.sys taucht wieder auf - Standard

Trojaner Calfnu.sys taucht wieder auf


Beim Suchlauf mit Anti-Malware wurde wieder der übliche Trojaner gefunden, nach dem Neustart wird er aber vermutlich wieder auftauchen....

Alt 03.05.2010, 17:19   #7
relaxingdave
 
Trojaner Calfnu.sys taucht wieder auf - Standard

Trojaner Calfnu.sys taucht wieder auf


Der Trojaner ist nach dem Neustart wieder da, kann mir jemand weiterhelfen wie ich den beseitigen kann?

Wäre sehr dankbar,
Viele Grüße,

David

Alt 03.05.2010, 19:35   #8
StLB
/// Helfer-Team
 
Trojaner Calfnu.sys taucht wieder auf - Standard

Trojaner Calfnu.sys taucht wieder auf


Bitte mal diesen Rootkitscan durchführen:

Rootkitscan mit Sophos Anti-Rootkit
  • Lade Sophos Anti-Rootkit-Scanner herunter.
  • Für den Download ist eine Registrierung notwendig.
  • Installiere Sophos Anti-Rootkit mit einem Doppelklick auf sarsfx.exe
  • Vista User: Rechtsklick auf sarsfx.exe ---> „Als Administrator ausführen“
  • Akzeptiere die Lizenzbestimmungen und lasse das Programm in den vorgegebenen Pfad c:\programme\sophos\sophos anti-rootkit installieren.
  • Öffne in diesem Ordner schließlich sargui.exe, um das Programm zu starten.
  • Lasse unter Area alle Optionen angehakt und klicke auf Start Scan.
  • Wenn der Scan fertig, beende Sophos Anti-Rootkit.
  • Öffne den Explorer und gib in die Adresszeile ein: %temp%
  • In diesem Ordner findest du sarscan.log
  • Öffne sie mit dem Notepad und poste mir den Inhalt in dem Thread.
__________________
Gruß, Julian

Kein Support per PM!
Spendemöglichkeit: Make a Donation

Alt 03.05.2010, 22:10   #9
relaxingdave
 
Trojaner Calfnu.sys taucht wieder auf - Standard

Trojaner Calfnu.sys taucht wieder auf


Vielen Dank! Hier ist der logfile:

Sophos Anti-Rootkit Version 1.5.0 (c) 2009 Sophos Plc
Started logging on 03.05.2010 at 20:58:07
User "Tina" on computer "TINA-PC"
Windows version 6.0 SP 1.0 Service Pack 1 build 6001 SM=0x300 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Windows\System32\drivers\calfnu.sys
Hidden: file C:\Program Files\Google\Google Desktop Search\temp\_PREV_GoogleDesktopSetup.exe
Hidden: file C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe
Hidden: file C:\Program Files\Google\Google Desktop Search\GoogleDesktopUpdate.exe
Hidden: file C:\Program Files\VLCPortable\App\vlc\plugins\libqt4_plugin.dll
Hidden: file C:\Users\Tina\AppData\Local\Temp\soa_0403_wahlen_indonesien.html
Info: Starting disk scan of D: (NTFS).
Stopped logging on 03.05.2010 at 22:16:50

Alt 04.05.2010, 18:30   #10
relaxingdave
 
Trojaner Calfnu.sys taucht wieder auf - Standard

Trojaner Calfnu.sys taucht wieder auf


Wie kann ich jetzt weiter verfahren?

Wäre sehr dankbar für Eure Hilfe,

Güße, David

Alt 05.05.2010, 15:26   #11
relaxingdave
 
Trojaner Calfnu.sys taucht wieder auf - Standard

Trojaner Calfnu.sys taucht wieder auf


Ich würde dann jetzt formatieren, eine andere Möglichkeit scheint mir ja nicht zu bleiben, oder was würdet ihr empfehlen?

Vielen Dank, David

Antwort

Themen zu Trojaner Calfnu.sys taucht wieder auf
action, anti-malware, ausgeführt, bösartige, datei, dateien, entfernung, explorer, folge, forum, gen, geschwindigkeit, gesetzt, log, log datei, malware, malwarebytes, minute, neustart, rechners, service, system, system32, trojaners, version


« ICQ "Virus" | Virus 'HIDDENEXT/Crypted' und mehrere Trojaner »


Ähnliche Themen: Trojaner Calfnu.sys taucht wieder auf


  1. Auch nach Löschung taucht Trojaner wieder auf
    Log-Analyse und Auswertung - 06.04.2015 (21)
  2. TR/patched.ren.gen taucht immer wieder auf
    Log-Analyse und Auswertung - 08.03.2014 (14)
  3. C:\ProgramData\boost_interprocess taucht immer wieder auf
    Plagegeister aller Art und deren Bekämpfung - 27.02.2014 (5)
  4. EXP/FLASH.Straconn.Gen taucht immer wieder auf
    Plagegeister aller Art und deren Bekämpfung - 20.11.2013 (12)
  5. Windows 7: OfferMosquito taucht immer wieder auf.
    Log-Analyse und Auswertung - 02.11.2013 (9)
  6. Plus Hd taucht immer wieder auf+Deal Finder
    Plagegeister aller Art und deren Bekämpfung - 19.08.2013 (5)
  7. Avira zeigt Virus an, dieser taucht aber nach Löschversuch immer wieder auf. Trojaner vermutet.
    Log-Analyse und Auswertung - 18.02.2011 (1)
  8. TR/Spy.Gen taucht immer wieder auf !
    Plagegeister aller Art und deren Bekämpfung - 08.06.2010 (28)
  9. Trojaner taucht immer wieder auf!
    Plagegeister aller Art und deren Bekämpfung - 01.06.2009 (36)
  10. Trojaner taucht immer wieder auf
    Log-Analyse und Auswertung - 11.01.2009 (9)
  11. TR/Vundo taucht immer wieder auf..
    Mülltonne - 05.10.2008 (0)
  12. Trojaner taucht immer wieder auf, wenn ich icq runterlade
    Plagegeister aller Art und deren Bekämpfung - 20.02.2008 (12)
  13. iexplore.exe taucht immer wieder auf
    Log-Analyse und Auswertung - 24.01.2008 (3)
  14. iexplore.exe taucht immer wieder auf
    Log-Analyse und Auswertung - 26.04.2007 (1)
  15. BDS/Agent.YW taucht immer wieder auf
    Plagegeister aller Art und deren Bekämpfung - 29.06.2006 (4)
  16. spy taucht immer wieder auf...
    Plagegeister aller Art und deren Bekämpfung - 13.06.2005 (3)
  17. Trojaner TR/Dldr.Ist.15360.A taucht immer wieder auf
    Plagegeister aller Art und deren Bekämpfung - 17.01.2005 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner Calfnu.sys taucht wieder auf - Hallo! Nachdem ich bereits die Anleitungen aus dem forum zur Entfernung des Trojaners Malware Doc ( http://www.trojaner-board.de/83172-a...entfernen.html ) ausgeführt habe, und diesen folgend auch den malwarebytes' antimalware eingesetzt habe, wird - Trojaner Calfnu.sys taucht wieder auf...
Archiv
Du betrachtest: Trojaner Calfnu.sys taucht wieder auf auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131