|
Plagegeister aller Art und deren Bekämpfung: AV maleware virus - PC save? log analyseWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
12.07.2010, 14:18 | #1 |
| AV maleware virus - PC save? log analyse hallo Forum, ich hatte am WE die AV security alert sache auf dem notebook.... hat immer "versuchte" daten angezeigt, dann hab ich mich hier durchgelsen, dann erst den rkil.. malewarebyte und CCleaner gemacht, halt nach dieser Anleitung: http://www.trojaner-board.de/86690-a...entfernen.html nun kommen die meldungen nicht mehr, auch die Pronoseite geht nimmer auf aber meine frage nun, is mein PC sicher?? muss ich den noch platt machen?? kann mir eventuell jemand den log überprüfen?? (wenn ja welchen?? maleware, otl ? und vorallem wo?? ach ja, so sachen wie im live messenger Profile anschauen kann ich nicht mehr, auf geht die wetter anzeige von win7 (minitasks oder wie die dinger heißen nicht mehr ich hab mal meine fotos , videos und musik und auch Dokumente gespeichert, (auf DVD) wie hoch is die wahrscheinlichkeit das die auch verseucht sind?? und... is das netzwerk sicher?? kann so maleware über den router auf andere PC?? Lan verbunden bin ich sorry für die störung, aber ich bin ein noob kann echt nich viel am PC vorallem nix systemtechnisches |
12.07.2010, 18:28 | #2 | |||
/// Winkelfunktion /// TB-Süch-Tiger™ | AV maleware virus - PC save? log analyseZitat:
Zitat:
Zitat:
Natürlich alle behalten, denn Datendateien wie Musik, Bilder und Videos sind idR ungefährliche Formate!
__________________ |
12.07.2010, 19:53 | #3 |
| AV maleware virus - PC save? log analyse Malwarebytes' Anti-Malware 1.46
__________________Malwarebytes Datenbank Version: 4301 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 12.07.2010 18:31:18 mbam-log-2010-07-12 (18-31-18).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|) Durchsuchte Objekte: 327813 Laufzeit: 49 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
12.07.2010, 19:55 | #4 |
| AV maleware virus - PC save? log analyse OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.07.2010 20:52:11 - Run 2 OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Andy\Downloads 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 88,28 Gb Free Space | 59,23% Space Free | Partition Type: NTFS Drive D: | 147,58 Gb Total Space | 117,36 Gb Free Space | 79,52% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ANDY-NB Current User Name: Andy Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety "{1D5F34D0-6329-4D92-B81A-E24E9028910C}" = Crystal Reports Basic Runtime German Language Pack for Visual Studio 2008 (x64) "{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64) "{5783F2D7-8001-0407-0102-0060B0CE6BBA}" = AutoCAD 2010 - Deutsch "{5783F2D7-8001-0407-1102-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - Deutsch "{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 Tools "{7ECA1AEA-2B61-3DE6-8276-6A9A2693F111}" = Microsoft Device Emulator (64 Bit) Version 3.0 - DEU "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools "{AC888A60-9557-3B74-B52B-F353D01BD544}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools "{ACD875CC-A146-3125-8F99-D3766F46FD86}" = Visual Studio .NET Prerequisites - English "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "{C31A4909-9C18-3121-AAD4-EAD92013B6E5}" = Microsoft Visual Studio 2008 Remote Debugger - DEU "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F68310EC-B615-4044-B7D7-1A6349758D42}" = Microsoft SQL Server VSS Writer "{F90F5A11-53E6-4045-ACB1-BC03D71FB06C}" = Microsoft SQL Server Native Client "AutoCAD 2010 - Deutsch" = AutoCAD 2010 - Deutsch "AutoCAD 2010 - Deutsch Version 2" = AutoCAD 2010 - Deutsch Version 2 "Microsoft Visual Studio 2008 Remote Debugger - DEU" = Microsoft Visual Studio 2008 Remote Debugger - DEU [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}" = Microsoft SQL Server Compact 3.5 DEU "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU "{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist "{1C3ADB5F-750E-4453-AC98-B75C5323845C}" = Microsoft SQL Server Compact 3.5 for Devices DEU "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime "{3924C3E7-C440-4B23-9740-9A9EC0545F21}" = Crystal Reports Basic German Language Pack for Visual Studio 2008 "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{445174EA-3D3A-308E-84AD-446127E71441}" = Microsoft Visual Studio 2008 Professional Edition - DEU "{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU "{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{5DB161C0-7C9C-41D7-8DA1-CB112F60946B}" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "{639A1206-C073-495E-B17C-EE4E6BD7264C}" = MAHLE Screensaver "{6733975E-52C9-4624-805D-36A4F79F7BBB}" = MDESIGN Roloff-Matek Edition "{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar "{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}" = Windows Mobile 5.0 SDK R2 for Pocket PC "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime "{90120000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2007 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_Access_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_Access_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}_PRJPRO_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}_VISPRO_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_Access_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_Access_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_Access_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}_PRJPRO_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}_VISPRO_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007 "{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007 "{90120000-0021-0407-0000-0000000FF1CE}_VisualWebDeveloper_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_Access_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_PRJPRO_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_VISPRO_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0407-1000-0000000FF1CE}_Access_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0407-1000-0000000FF1CE}_PRJPRO_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0407-1000-0000000FF1CE}_VISPRO_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007 "{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2) "{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007 "{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2) "{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007 "{90120000-0054-0407-0000-0000000FF1CE}_VISPRO_{60CC0F2D-BFA0-4851-903D-809D876DD87B}" = Microsoft Office Visio 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_Access_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}_PRJPRO_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}_VISPRO_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}_VisualWebDeveloper_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007 "{90120000-00B4-0407-0000-0000000FF1CE}_PRJPRO_{16809599-3C53-4A9A-A7E2-74A6D0D2C007}" = Microsoft Office Project 2007 Service Pack 2 (SP2) "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2 "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008 "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B1060346-9388-4C5B-AA52-176C39819E43}" = Microsoft .NET Compact Framework 2.0 SP2 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D475588F-91C9-365E-AB40-D588111DD7C4}" = MSDN Library for Visual Studio 2008 - DEU "{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components "{DA7F48EF-5F56-45FE-9169-3B8159A7A323}" = Windows Mobile 5.0 SDK R2 for Smartphone "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree "{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Akamai" = Akamai NetSession Interface "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free Studio_is1" = Free Studio version 4.2 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008 "Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime "Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack "Microsoft Visual Studio 2008 Professional Edition - DEU" = Microsoft Visual Studio 2008 Professional Edition - DEU "Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10) "MSDN Library für Visual Studio 2008 - DEU" = MSDN Library für Visual Studio 2008 - DEU "PokerStars" = PokerStars "PRJPRO" = Microsoft Office Project Professional 2007 "Pro/ENGINEER Schools Edition Release Wildfire 4.0 Datecode M092" = Pro/ENGINEER Schools Edition Release Wildfire 4.0 Datecode M092 "Uninstall_is1" = Uninstall 1.0.0.1 "VirtualCloneDrive" = VirtualCloneDrive "VISPRO" = Microsoft Office Visio Professional 2007 "Visual Basic 6.0 Professional Edition (deu)" = Microsoft Visual Basic 6.0 Professional Edition (Deutsch) "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime "Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component "WebPost" = Microsoft Web Publishing Wizard 1.53 "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Facebook Plug-In" = Facebook Plug-In ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12.07.2010 06:59:44 | Computer Name = Andy-NB | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 12.07.2010 07:02:03 | Computer Name = Andy-NB | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 12.07.2010 09:47:38 | Computer Name = Andy-NB | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 12.07.2010 09:48:09 | Computer Name = Andy-NB | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 12.07.2010 09:57:18 | Computer Name = Andy-NB | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 12.07.2010 09:57:32 | Computer Name = Andy-NB | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 12.07.2010 11:23:31 | Computer Name = Andy-NB | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 12.07.2010 11:23:52 | Computer Name = Andy-NB | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 12.07.2010 12:15:48 | Computer Name = Andy-NB | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 12.07.2010 12:16:10 | Computer Name = Andy-NB | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . [ System Events ] Error - 11.03.2010 11:11:11 | Computer Name = Andy-NB | Source = Service Control Manager | ID = 7000 Description = Der Dienst "TOSHIBA Web Camera Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 12.03.2010 03:18:09 | Computer Name = Andy-NB | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 12.03.2010 03:18:09 | Computer Name = Andy-NB | Source = atikmdag | ID = 43029 Description = Display is not active Error - 12.03.2010 03:18:17 | Computer Name = Andy-NB | Source = Service Control Manager | ID = 7000 Description = Der Dienst "TOSHIBA Web Camera Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 12.03.2010 13:41:59 | Computer Name = Andy-NB | Source = atikmdag | ID = 43029 Description = Display is not active Error - 13.03.2010 03:35:24 | Computer Name = Andy-NB | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 13.03.2010 03:35:24 | Computer Name = Andy-NB | Source = atikmdag | ID = 43029 Description = Display is not active Error - 13.03.2010 03:35:32 | Computer Name = Andy-NB | Source = Service Control Manager | ID = 7000 Description = Der Dienst "TOSHIBA Web Camera Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 13.03.2010 10:30:31 | Computer Name = Andy-NB | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 13.03.2010 10:30:31 | Computer Name = Andy-NB | Source = atikmdag | ID = 43029 Description = Display is not active < End of report > |
12.07.2010, 20:48 | #5 |
| AV maleware virus - PC save? log analyse OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.07.2010 20:52:11 - Run 2 OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Andy\Downloads 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 88,28 Gb Free Space | 59,23% Space Free | Partition Type: NTFS Drive D: | 147,58 Gb Total Space | 117,36 Gb Free Space | 79,52% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ANDY-NB Current User Name: Andy Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Andy\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.) PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) ========== Modules (SafeList) ========== MOD - C:\Users\Andy\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation) SRV:64bit: - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation) SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation) SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation) SRV - (Akamai) -- c:\program files (x86)\common files\akamai\rswin_3725.dll () SRV - (fsssvc) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.) ========== Driver Services (SafeList) ========== DRV:64bit: - (USBCCID) -- C:\Windows\SysNative\DRIVERS\RtsUCcid.sys File not found DRV:64bit: - (RtsUIR) -- C:\Windows\SysNative\DRIVERS\Rts516xIR.sys File not found DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation) DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation) DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation) DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation) DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 91 52 62 1F 70 4A CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.06.25 18:20:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.07.04 21:01:03 | 000,000,000 | ---D | M] [2009.10.11 15:02:46 | 000,000,000 | -H-D | M] -- C:\Users\Andy\AppData\Roaming\Mozilla\Extensions [2010.02.20 10:23:36 | 000,000,000 | -H-D | M] -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\4oyh888l.default\extensions [2010.02.14 13:43:00 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\4oyh888l.default\extensions\de-DE@dictionaries.addons.mozilla.org [2009.12.12 14:40:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.06.25 18:20:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.06.25 18:20:02 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.06.25 18:20:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.06.25 18:20:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.06.25 18:20:02 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.11.14 19:36:37 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O33 - MountPoints2\{5b79776d-b64f-11de-94de-001e654983b4}\Shell - "" = AutoRun O33 - MountPoints2\{5b79776d-b64f-11de-94de-001e654983b4}\Shell\AutoRun\command - "" = F:\pushinst.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.12 12:46:37 | 000,061,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys [2010.07.12 12:46:37 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live [2010.07.12 12:46:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2010.07.12 12:46:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework [2010.07.12 12:45:19 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll [2010.07.12 12:45:19 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll [2010.07.11 12:35:44 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Malwarebytes [2010.07.11 12:35:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.07.11 12:35:36 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.07.11 12:35:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.07.11 12:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.07.11 11:40:55 | 000,000,000 | ---D | C] -- C:\Users\Andy\Desktop\77 [2010.07.11 11:16:14 | 000,000,000 | ---D | C] -- C:\Users\Andy\Desktop\6666 [2010.07.11 10:23:56 | 000,000,000 | ---D | C] -- C:\Users\Andy\Desktop\555 [2010.07.11 09:36:36 | 000,000,000 | ---D | C] -- C:\Users\Andy\Desktop\backup [2010.07.11 09:34:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner [2010.07.11 02:54:41 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\tnncxqtyy [2010.07.10 17:05:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2010.07.10 17:05:01 | 000,000,000 | ---D | C] -- C:\Programme\Realtek [2010.07.10 17:04:53 | 001,596,416 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkHDM64.dll [2010.07.10 17:04:53 | 001,270,784 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RHDMEx64.dll [2010.07.10 17:04:53 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DHT64.dll [2010.07.10 17:04:53 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DAA64.dll [2010.07.10 17:04:53 | 000,202,016 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys [2010.07.10 17:04:53 | 000,047,104 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RHCoInst64.dll [2010.07.10 17:04:52 | 000,611,360 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2010.07.10 17:04:52 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2010.07.10 17:04:52 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2010.07.10 17:04:52 | 000,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2010.07.10 17:04:52 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2010.07.10 17:04:51 | 001,603,104 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2010.07.10 17:04:51 | 001,356,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2010.07.10 17:04:51 | 001,167,904 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll [2010.07.10 17:04:51 | 000,417,824 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2010.07.10 17:04:51 | 000,332,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2010.07.10 17:04:51 | 000,311,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2010.07.10 17:04:51 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2010.07.10 17:04:51 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2010.07.10 17:04:51 | 000,294,400 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2010.07.10 17:04:51 | 000,166,400 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll [2010.07.10 17:04:51 | 000,149,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2010.07.10 17:04:51 | 000,108,032 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll [2010.07.10 17:04:51 | 000,063,008 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll [2010.07.10 17:04:49 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2010.07.10 17:04:48 | 000,831,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2010.06.21 13:49:44 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Facebook ========== Files - Modified Within 30 Days ========== [2010.07.12 20:50:58 | 002,359,296 | -HS- | M] () -- C:\Users\Andy\ntuser.dat [2010.07.12 12:44:59 | 000,000,020 | ---- | M] () -- C:\Windows\,ô¹ [2010.07.12 09:06:48 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.12 09:06:48 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.12 09:03:56 | 001,619,686 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.07.12 09:03:56 | 000,700,836 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.07.12 09:03:56 | 000,653,898 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.07.12 09:03:56 | 000,150,040 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.07.12 09:03:56 | 000,121,210 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.07.12 08:59:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.07.12 08:59:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.07.12 08:59:16 | 3193,597,952 | -HS- | M] () -- C:\hiberfil.sys [2010.07.12 02:08:12 | 000,796,242 | -H-- | M] () -- C:\Users\Andy\AppData\Local\IconCache.db [2010.07.11 13:18:23 | 000,026,112 | ---- | M] () -- C:\Users\Andy\Desktop\Malwarebytes.doc [2010.07.11 12:35:39 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.11 09:34:17 | 000,001,011 | ---- | M] () -- C:\Users\Andy\Desktop\CCleaner.lnk [2010.07.11 03:14:13 | 000,000,039 | ---- | M] () -- C:\Windows\vbaddin.ini [2010.07.04 21:01:04 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.06.29 17:51:59 | 000,203,269 | ---- | M] () -- C:\Users\Andy\Desktop\zulassungsantrag_dt.pdf [2010.06.29 13:37:14 | 000,053,760 | ---- | M] () -- C:\Users\Andy\Desktop\77\Documents\bild mari bew..doc [2010.06.21 22:59:37 | 000,596,992 | ---- | M] () -- C:\Users\Andy\Desktop\77\Documents\BMW Group.doc [2010.06.19 21:49:14 | 000,043,520 | ---- | M] () -- C:\Users\Andy\Desktop\77\Documents\anmeldung.doc ========== Files Created - No Company Name ========== [2010.07.12 12:44:58 | 000,000,020 | ---- | C] () -- C:\Windows\,ô¹ [2010.07.11 13:18:22 | 000,026,112 | ---- | C] () -- C:\Users\Andy\Desktop\Malwarebytes.doc [2010.07.11 12:35:39 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.11 09:34:17 | 000,001,011 | ---- | C] () -- C:\Users\Andy\Desktop\CCleaner.lnk [2010.07.10 17:04:53 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX1.dat [2010.07.10 17:04:53 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX0.dat [2010.06.29 13:37:13 | 000,053,760 | ---- | C] () -- C:\Users\Andy\Desktop\77\Documents\bild mari bew..doc [2010.06.21 22:59:36 | 000,596,992 | ---- | C] () -- C:\Users\Andy\Desktop\77\Documents\BMW Group.doc [2010.06.19 21:49:13 | 000,043,520 | ---- | C] () -- C:\Users\Andy\Desktop\77\Documents\anmeldung.doc [2010.06.14 08:46:01 | 000,203,269 | ---- | C] () -- C:\Users\Andy\Desktop\zulassungsantrag_dt.pdf [2010.03.14 23:51:28 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.03.14 23:51:28 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2009.10.11 21:10:11 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.10.11 17:02:48 | 000,001,082 | ---- | C] () -- C:\Windows\ODBC.INI [2009.10.11 14:54:30 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [1998.06.10 01:00:00 | 000,015,120 | ---- | C] () -- C:\Windows\SysWow64\REPUTIL.DLL ========== LOP Check ========== [2009.11.14 20:08:52 | 000,000,000 | -H-D | M] -- C:\Users\Andy\AppData\Roaming\Autodesk [2009.11.14 17:41:39 | 000,000,000 | -H-D | M] -- C:\Users\Andy\AppData\Roaming\Blitware [2010.06.21 13:49:45 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Facebook [2009.10.11 17:54:26 | 000,000,000 | -H-D | M] -- C:\Users\Andy\AppData\Roaming\PTC [2009.12.14 18:26:23 | 000,000,000 | -H-D | M] -- C:\Users\Andy\AppData\Roaming\toshiba [2009.10.11 13:13:49 | 000,000,000 | -H-D | M] -- C:\Users\Andy\AppData\Roaming\WinBatch [2009.12.13 05:48:05 | 000,000,468 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job [2010.07.10 17:09:42 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Cake Poker:MID < End of report > |
12.07.2010, 20:53 | #6 |
| AV maleware virus - PC save? log analyse ach ja.. ich hab ja ncih mal ne ahnung wie man format c: macht auf meim notebook is auch die platte auch irgendwei in 2 teile geteilt.. eine c: und eine d: für recovery und so.. da keine CD dabei war .. is n Toshiba satelit L550 das mit dem Formta C: hab ich früher schon einmal bei anderen PC versucht... war aber nix habs nie hin bekommen |
12.07.2010, 21:39 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | AV maleware virus - PC save? log analyse Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Außerdem musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577 O33 - MountPoints2\{5b79776d-b64f-11de-94de-001e654983b4}\Shell - "" = AutoRun O33 - MountPoints2\{5b79776d-b64f-11de-94de-001e654983b4}\Shell\AutoRun\command - "" = F:\pushinst.exe -- File not found [2010.07.11 02:54:41 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\tnncxqtyy [2010.07.10 17:04:49 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2010.07.12 12:44:59 | 000,000,020 | ---- | M] () -- C:\Windows\,ô¹ [2010.07.10 17:04:53 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX1.dat [2010.07.10 17:04:53 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX0.dat @Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Cake Poker:MID :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
12.07.2010, 22:45 | #8 |
| AV maleware virus - PC save? log analyse ich hab keine ahung ob ich das richtig gemacht hab... hab ersten nix gesterntes gefunden und 2. wusste ich nich wirklcih was cih machen muss... hab dein Text mal in OTL kopiert und auf "fix" gedrückt und dann kamm dies dabei raus: All processes killed ========== OTL ========== HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b79776d-b64f-11de-94de-001e654983b4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5b79776d-b64f-11de-94de-001e654983b4}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b79776d-b64f-11de-94de-001e654983b4}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5b79776d-b64f-11de-94de-001e654983b4}\ not found. File F:\pushinst.exe not found. C:\Users\Andy\AppData\Local\tnncxqtyy folder moved successfully. C:\Program Files (x86)\Temp folder moved successfully. C:\Windows\,ô¹ moved successfully. C:\Windows\SysNative\drivers\RTEQEX1.dat moved successfully. C:\Windows\SysNative\drivers\RTEQEX0.dat moved successfully. ADS C:\Program Files (x86)\Cake Poker:MID deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Andy ->Temp folder emptied: 272044526 bytes ->Temporary Internet Files folder emptied: 69784 bytes ->Java cache emptied: 61660606 bytes ->FireFox cache emptied: 66571694 bytes ->Flash cache emptied: 3919 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 57482 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 586596 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 382,00 mb OTL by OldTimer - Version 3.2.9.0 log created on 07122010_233823 Files\Folders moved on Reboot... C:\Users\Andy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Windows\temp\TMP000001FDFEE45EA1D9B36D7A not found! Registry entries deleted on Reboot... ^^sorry das ich so ne niete bin (ich bin ja schon froh das ich DV im studium bestandne haben ..so viele nuller und einser |
13.07.2010, 10:48 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | AV maleware virus - PC save? log analyse Das mit dem Ausgesternten hab ich immer vorsichtshalber drin, falls Einträge mit zensierten Benutzernamen drin sind. Da Du ein 64-Bit-Windows verwendest, sind wir mit unseren "Standardtools" schon am Ende, denn viele sind mit dem 64-Bit-Win nicht kompatibel. Ich brauch den Quarantäneordner OTL. Bitte folgendes machen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen! 2.) Ordner C:\_OTL in eine Datei zippen 3.) ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html 5.) Wenns erfolgreich war Bescheid sagen 6.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
13.07.2010, 13:48 | #10 |
| AV maleware virus - PC save? log analyse gemacht hab ichs.. aber obs erfolgreich war, kannst nur du mir sagen |
13.07.2010, 15:10 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | AV maleware virus - PC save? log analyse Hm, war doch nicht viel Interessantes drin. Aber seis drum. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
13.07.2010, 15:57 | #12 |
| AV maleware virus - PC save? log analyse was soll n da interessates drin sein?? aber stimmt schon, bei den ganzen sachen die ich hoch lad, könnten schon eigenlcih auch tolle infos drin sein wie passwörter login Name etc. also ob so leute wie ich wüsste was wir da machen wir sehen nur buchstabensuppe ^^den malewarelog hab ich doch scho gepostet naja. mach ich halt nochmal erst mal antispy installern |
13.07.2010, 17:41 | #13 |
| AV maleware virus - PC save? log analyse SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 07/13/2010 at 06:38 PM Application Version : 4.40.1002 Core Rules Database Version : 5190 Trace Rules Database Version: 3002 Scan type : Complete Scan Total Scan Time : 01:34:47 Memory items scanned : 663 Memory threats detected : 0 Registry items scanned : 16927 Registry threats detected : 0 File items scanned : 200590 File threats detected : 5 Adware.Tracking Cookie C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\andy@tradedoubler[1].txt C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\andy@atdmt[1].txt C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\andy@adtech[1].txt C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\andy@bs.serving-sys[1].txt C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\andy@serving-sys[2].txt hier mal der SuperAntiSpy log |
13.07.2010, 18:20 | #14 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ | AV maleware virus - PC save? log analyseZitat:
Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
13.07.2010, 20:56 | #15 |
| AV maleware virus - PC save? log analyse Malwarebytes' Anti-Malware 1.46 Malwarebytes Datenbank Version: 4301 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 13.07.2010 19:37:15 mbam-log-2010-07-13 (19-37-15).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|) Durchsuchte Objekte: 327701 Laufzeit: 52 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) ^^mich bitte nicht falsch verstehn, ich meinte nur, das die meisten leute wie ich, ja ncih mal wissen was wir hier machen, ich denk mal nich das ihr mich ausspioniert wollt... ich meinte nur, es is schon irgendwie leichtfertig wie, man mit manchen sachen umgeht, nur weil man sich nicht aus kennt ich glaub ja aber noch in das gute im menschen PS: soll ich das nun alles so lassen ? oder format c: noch durchführen (aber bedenkt bitte, dazu brauch ich dann auch ne anleitung ) ach ja, wenn ich hier etwas poste, dann läd der Browser, aber das bild bleib für immer weiß Geändert von AgentA (13.07.2010 um 21:06 Uhr) |
Themen zu AV maleware virus - PC save? log analyse |
alert, anzeige, ccleaner, dvd, forum, frage, gen, lan, live, log, maleware, messenger, musik, netzwerk, nicht mehr, noob, pc sicher?, router, security, security alert, störung, system, verseucht, virus, win7, wo? |