Windows fährt nach erstem Hochfahren automatisch runter

restless27 · 13.07.2010, 12:50

Hallo erstmal.

Ich bin neu hier im Forum und dies ist auch mein erster Beitrag. Es liegt bei mir nun folgendes Problem vor. Wenn ich den Laptop hochfahre (windows 7) dann kommt es manchmal vor,dass sobald er hochgefahren ist eine Meldung erscheint in der es dann heißt,dass "der computer in weniger als einer minute heruntergefahren wird". Dann startet er sich neu und das Problem taucht nicht mehr auf. Ich hab das System mal mit Spybot search and destroy gecheckt. Der hat Fake.AdobeUpdater und DoubleClick gefunden. Naja mal sehen was jetzt nach dem löschen dieser Beiden Funde passiert. Anbei noch das HijackThis File.

Könnte es sich um Sasser Virus handeln?

HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:48:50, on 13.07.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Users\Engin Basel\Downloads\HiJackThis204.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - HKCU\..\Run: [Getdo] rundll32.exe "C:\Users\Engin Basel\AppData\Roaming\Adobe\Update\flacor.dat""
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Samsung.PCSync] "C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [S60 PC Suite Tray] "C:\Program Files\Samsung\Samsung PC Studio 7\PCSuite.exe" -onlytray (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - hxxp://vexcast.com/download/vexcast.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\AVP11\mzvkbd3.dll,C:\PROGRA~2\AVP11\kloehk.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Program Files\Common Files\AVM\de_serv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\Partner.exe
O23 - Service: TOSHIBA Modem region select service (RSELSVC) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 10332 bytes

--- --- ---

cosinus · 13.07.2010, 15:54

Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

restless27 · 13.07.2010, 18:07

Ist das ok um einen ersten Befund zu machen??

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4308

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

13.07.2010 19:00:40
mbam-log-2010-07-13 (19-00-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 238788
Laufzeit: 1 Stunde(n), 3 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Program Files\pdfforge Toolbar\WidgiHelper.exe (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 13.07.2010 17:41:26 - Run 1
OTL by OldTimer - Version 3.2.9.0     Folder = C:\Users\\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,29 Gb Total Space | 57,95 Gb Free Space | 49,84% Space Free | Partition Type: NTFS
Drive D: | 116,21 Gb Total Space | 31,19 Gb Free Space | 26,84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: -TOSH
Current User Name: 
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\ \Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\ l\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
PRC - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Toshiba\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Toshiba\RSelect\RSelSvc.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\ \Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (NanoServiceMain) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (vvdsvc) -- C:\Windows\System32\nagasoft\vjocx.dll (NanJing Nagasoft Co, LTD.)
SRV - (Partner Service) -- C:\ProgramData\Partner\Partner.exe (Google Inc.)
SRV - (TMachInfo) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (RSELSVC) -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe (TOSHIBA Corporation)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (de_serv) -- C:\Program Files\Common Files\AVM\De_serv.exe (AVM Berlin)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBCCID) -- C:\Windows\System32\DRIVERS\RtsUCcid.sys File not found
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\Sandra.sys File not found
DRV - (RtsUIR) -- C:\Windows\System32\DRIVERS\Rts516xIR.sys File not found
DRV - (RSUSBSTOR) -- C:\Windows\System32\Drivers\RtsUStor.sys File not found
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys File not found
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek                                            )
DRV - (PSINAflt) -- C:\Windows\System32\drivers\PSINAflt.sys (Panda Security, S.L.)
DRV - (PSINProt) -- C:\Windows\System32\drivers\PSINProt.sys (Panda Security, S.L.)
DRV - (PSINKNC) -- C:\Windows\System32\drivers\PSINKNC.sys (Panda Security, S.L.)
DRV - (PSINProc) -- C:\Windows\System32\drivers\PSINProc.sys (Panda Security, S.L.)
DRV - (PSINFile) -- C:\Windows\System32\drivers\PSINFile.sys (Panda Security, S.L.)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                           )
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\system32\DRIVERS\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) Brother WDM-Treiber (seriell) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (FwLnk) -- C:\Windows\system32\DRIVERS\FwLnk.sys (TOSHIBA Corporation)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (gtstusbser) -- C:\Windows\System32\drivers\gtstusbser.sys (Option N.V.)
DRV - (nmwcdsa) -- C:\Windows\System32\drivers\nmwcdsa.sys (Nokia)
DRV - (nmwcdsacm) -- C:\Windows\System32\drivers\nmwcdsacm.sys (Nokia)
DRV - (nmwcdsacj) -- C:\Windows\System32\drivers\nmwcdsacj.sys (Nokia)
DRV - (nmwcdsac) -- C:\Windows\System32\drivers\nmwcdsac.sys (Nokia)
DRV - (AVMUNET) -- C:\Windows\System32\drivers\avmunet.sys (AVM GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.daemon-search.com/startpage
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.04.13 14:45:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.30 14:19:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.04 11:49:55 | 000,000,000 | ---D | M]
 
[2010.07.13 03:30:19 | 000,000,000 | ---D | M] -- C:\Users\ \AppData\Roaming\mozilla\Extensions
[2010.07.13 13:37:29 | 000,000,000 | ---D | M] -- C:\Users\ \AppData\Roaming\mozilla\Firefox\Profiles\1pvqrnrk.default\extensions
[2010.07.13 04:04:12 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\1pvqrnrk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.07.13 17:31:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010.06.26 10:03:55 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.06.26 10:03:55 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.06.26 10:03:55 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.06.26 10:03:55 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.06.26 10:03:55 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.07.13 13:05:21 | 000,411,980 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	123haustiereundmehr.com
O1 - Hosts: 14234 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range37 ([*] in Lokales Intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} hxxp://vexcast.com/download/vexcast.cab (VodClient Control Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0f66630f-efb6-11de-8671-001e33fa83ec}\Shell - "" = AutoRun
O33 - MountPoints2\{0f66630f-efb6-11de-8671-001e33fa83ec}\Shell\AutoRun\command - "" = F:\preinst.exe -- File not found
O33 - MountPoints2\{df1f39f2-efc9-11de-8e94-001e33fa83ec}\Shell - "" = AutoRun
O33 - MountPoints2\{df1f39f2-efc9-11de-8e94-001e33fa83ec}\Shell\AutoRun\command - "" = F:\preinst.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\QsSetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.13 17:38:08 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\ \Desktop\OTL.exe
[2010.07.13 14:00:42 | 000,000,000 | ---D | C] -- C:\Users\ \AppData\Roaming\Malwarebytes
[2010.07.13 14:00:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.07.13 14:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.13 14:00:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.07.13 14:00:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.07.02 22:33:58 | 000,000,000 | ---D | C] -- C:\Users\ \AppData\Roaming\Broken Sword 2.5
[2010.07.02 22:31:25 | 000,016,400 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys
[2010.07.02 22:31:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2010.07.02 22:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2010.07.02 22:30:57 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010.07.02 22:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2010.07.02 22:30:25 | 000,000,000 | ---D | C] -- C:\Users\ \AppData\Roaming\Logitech
[2010.07.02 22:30:25 | 000,000,000 | ---D | C] -- C:\Users\ \AppData\Roaming\Logishrd
[2010.07.02 22:29:30 | 000,267,880 | ---- | C] (Realtek                                            ) -- C:\Windows\System32\drivers\Rt86win7.sys
[2010.07.02 22:26:57 | 000,000,000 | ---D | C] -- C:\Program Files\Broken Sword 2.5
[2010.06.25 20:40:10 | 000,000,000 | ---D | C] -- C:\Users\  \Documents\My Games
[2010.06.25 20:38:08 | 000,000,000 | ---D | C] -- C:\Users\ \AppData\Roaming\Microsoft Games
[2010.06.24 20:38:14 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2010.06.24 20:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010.06.24 20:37:30 | 000,000,000 | ---D | C] -- C:\Users\ \AppData\Roaming\DAEMON Tools Lite
[2010.06.24 20:34:25 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010.06.23 16:01:51 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.06.23 16:01:51 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.06.23 16:01:51 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.06.23 12:54:03 | 000,000,000 | ---D | C] -- C:\Users\ \AppData\Roaming\WinSplit
[2010.06.23 12:45:50 | 000,000,000 | ---D | C] -- C:\Users\ \AppData\Roaming\Apple Computer
[2010.06.23 12:28:47 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010.06.23 12:28:45 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010.06.23 12:28:45 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.06.23 12:28:45 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010.06.20 15:16:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2010.06.17 23:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\AC3Filter
[2010.06.17 23:01:08 | 000,000,000 | ---D | C] -- C:\Users\ \AppData\Roaming\Media Player Classic
[2010.06.16 14:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010.06.16 14:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.13 17:43:19 | 007,602,176 | ---- | M] () -- C:\Users\\NTUSER.DAT
[2010.07.13 17:38:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\\Desktop\OTL.exe
[2010.07.13 17:36:01 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3059090290-2168174768-4257991694-1000UA.job
[2010.07.13 17:33:54 | 000,016,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.13 17:33:54 | 000,016,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.13 17:29:13 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.07.13 17:26:23 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.13 17:26:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.13 17:26:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.13 17:26:13 | 2312,101,888 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.13 15:21:41 | 010,815,208 | -H-- | M] () -- C:\Users\\AppData\Local\IconCache.db
[2010.07.13 14:15:52 | 000,000,264 | ---- | M] () -- C:\Windows\System32\PSUNCpl.dat
[2010.07.13 14:00:34 | 000,000,968 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.13 13:10:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.13 13:05:21 | 000,411,980 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.07.13 03:13:50 | 000,000,970 | ---- | M] () -- C:\Windows\Mobile Partner Manager.INI
[2010.07.12 18:18:37 | 000,027,136 | ---- | M] () -- C:\Users\\Desktop\Budapest.doc
[2010.07.11 02:36:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3059090290-2168174768-4257991694-1000Core.job
[2010.07.10 19:24:47 | 000,017,408 | ---- | M] () -- C:\Users\\AppData\Local\WebpageIcons.db
[2010.07.06 23:47:15 | 000,093,304 | ---- | M] () -- C:\Users\\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.07.04 16:43:46 | 000,381,384 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.07.02 22:31:25 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys
[2010.07.02 22:27:10 | 000,001,000 | ---- | M] () -- C:\Users\Public\Desktop\Broken Sword 2.5.lnk
[2010.07.02 22:12:59 | 001,158,729 | ---- | M] () -- C:\Users\\Desktop\BF25.pdf
[2010.07.01 14:52:06 | 000,044,544 | ---- | M] () -- C:\Users\\Desktop\Abnehmen Info.doc
[2010.06.30 23:22:45 | 001,527,504 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.30 23:22:45 | 000,664,634 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.06.30 23:22:45 | 000,624,776 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.30 23:22:45 | 000,134,770 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.06.30 23:22:45 | 000,110,414 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.30 14:19:47 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.06.27 23:06:19 | 000,408,643 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100713-130521.backup
[2010.06.24 21:51:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.06.24 21:51:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010.06.23 00:15:12 | 000,408,517 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100627-230619.backup
[2010.06.19 02:54:46 | 000,024,064 | ---- | M] () -- C:\Users\\Desktop\Microsoft Word-Dokument (neu).doc
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.07.13 14:15:52 | 000,000,264 | ---- | C] () -- C:\Windows\System32\PSUNCpl.dat
[2010.07.13 14:00:34 | 000,000,968 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.12 18:15:49 | 000,027,136 | ---- | C] () -- C:\Users\\Desktop\Budapest.doc
[2010.07.02 22:29:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.07.02 22:27:10 | 000,001,000 | ---- | C] () -- C:\Users\Public\Desktop\Broken Sword 2.5.lnk
[2010.07.02 22:12:59 | 001,158,729 | ---- | C] () -- C:\Users\\Desktop\BF25.pdf
[2010.07.01 14:48:08 | 000,044,544 | ---- | C] () -- C:\Users\\Desktop\Abnehmen Info.doc
[2010.06.24 21:51:50 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010.06.24 21:51:50 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010.06.19 02:45:39 | 000,024,064 | ---- | C] () -- C:\Users\\Desktop\Microsoft Word-Dokument (neu).doc
[2010.06.17 23:03:06 | 000,497,664 | ---- | C] () -- C:\Windows\System32\ac3filter.acm
[2010.06.17 22:58:55 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.03.17 19:26:13 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.12.04 02:32:56 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.12.04 02:02:09 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.10.30 14:32:22 | 000,000,970 | ---- | C] () -- C:\Windows\Mobile Partner Manager.INI
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:55F44B88
< End of report >

--- --- ---

cosinus · 13.07.2010, 19:51

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O33 - MountPoints2\{0f66630f-efb6-11de-8671-001e33fa83ec}\Shell - "" = AutoRun
O33 - MountPoints2\{0f66630f-efb6-11de-8671-001e33fa83ec}\Shell\AutoRun\command - "" = F:\preinst.exe -- File not found
O33 - MountPoints2\{df1f39f2-efc9-11de-8e94-001e33fa83ec}\Shell - "" = AutoRun
O33 - MountPoints2\{df1f39f2-efc9-11de-8e94-001e33fa83ec}\Shell\AutoRun\command - "" = F:\preinst.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\QsSetup.exe -- File not found
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:55F44B88
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

restless27 · 13.07.2010, 20:13

Hi,

danke für die Ratschläge..anbei die neue log file von otl..hab es genauso durchgeführt wie von dir beschrieben..anschließend hat er nen neustart gemacht um dateien zu löschen...was haben wir jetzt eigentlich da genau gelöscht? war das ein gefährlicher virus? reicht avira anti vir für diese art von bedrohungen?

vielen dank

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f66630f-efb6-11de-8671-001e33fa83ec}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f66630f-efb6-11de-8671-001e33fa83ec}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f66630f-efb6-11de-8671-001e33fa83ec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f66630f-efb6-11de-8671-001e33fa83ec}\ not found.
File F:\preinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df1f39f2-efc9-11de-8e94-001e33fa83ec}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df1f39f2-efc9-11de-8e94-001e33fa83ec}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df1f39f2-efc9-11de-8e94-001e33fa83ec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df1f39f2-efc9-11de-8e94-001e33fa83ec}\ not found.
File F:\preinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\QsSetup.exe not found.
ADS C:\ProgramData\TEMP:55F44B88 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ich

User: ich
->Temp folder emptied: 137719233 bytes
->Temporary Internet Files folder emptied: 1043375 bytes
->Java cache emptied: 3277211 bytes
->FireFox cache emptied: 72790175 bytes
->Google Chrome cache emptied: 6233075 bytes
->Flash cache emptied: 11571 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 150983 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 211,00 mb

OTL by OldTimer - Version 3.2.9.0 log created on 07132010_210529

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 13.07.2010, 20:25

Ok, dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in smss.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte smss.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

restless27 · 13.07.2010, 21:08

Hi,

genau wie beschrieben durchgeführt...hier das Ergebnis:

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-07-12.06 -   13.07.2010  21:49:28.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.2940.2045 [GMT 2:00]
ausgeführt von:: c:\users\ \Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\pdfforge Toolbar\SearchSettings.dll
c:\windows\system32\%appdata%

.
(((((((((((((((((((((((   Dateien erstellt von 2010-06-13 bis 2010-07-13  ))))))))))))))))))))))))))))))
.

2010-07-13 19:56 . 2010-07-13 19:58	--------	d-----w-	c:\users\ \AppData\Local\temp
2010-07-13 19:56 . 2010-07-13 19:56	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-07-13 19:05 . 2010-07-13 19:05	--------	d-----w-	C:\_OTL
2010-07-13 18:56 . 2010-07-13 18:56	--------	d-----w-	c:\windows\XSxS
2010-07-13 18:56 . 2010-07-13 18:56	--------	d-----w-	c:\program files\Xenocode
2010-07-13 12:15 . 2010-07-13 12:15	264	----a-w-	c:\windows\system32\PSUNCpl.dat
2010-07-13 12:00 . 2010-07-13 12:00	--------	d-----w-	c:\users\ \AppData\Roaming\Malwarebytes
2010-07-13 12:00 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-13 12:00 . 2010-07-13 12:00	--------	d-----w-	c:\programdata\Malwarebytes
2010-07-13 12:00 . 2010-07-13 12:00	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-07-13 12:00 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-07-13 11:12 . 2009-10-10 02:57	12800	----a-w-	c:\windows\system32\drivers\sffp_sd.sys
2010-07-02 20:33 . 2010-07-02 20:51	--------	d-----w-	c:\users\ \AppData\Roaming\Broken Sword 2.5
2010-07-02 20:31 . 2010-07-02 20:31	53248	----a-r-	c:\users\ \AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-07-02 20:31 . 2010-07-02 20:31	16400	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2010-07-02 20:30 . 2010-07-02 20:31	--------	d-----w-	c:\programdata\Logishrd
2010-07-02 20:30 . 2010-07-02 20:31	--------	d-----w-	c:\program files\Logitech
2010-07-02 20:30 . 2010-07-02 20:31	--------	d-----w-	c:\program files\Common Files\LogiShrd
2010-07-02 20:30 . 2010-07-02 20:31	--------	d-----w-	c:\users\ \AppData\Roaming\Logitech
2010-07-02 20:30 . 2010-07-02 20:30	--------	d-----w-	c:\users\ \AppData\Roaming\Logishrd
2010-07-02 20:29 . 2010-05-31 09:46	267880	----a-w-	c:\windows\system32\drivers\Rt86win7.sys
2010-07-02 20:29 . 2009-12-03 15:27	80416	----a-w-	c:\windows\system32\RtNicProp32.dll
2010-07-02 20:26 . 2010-07-02 20:27	--------	d-----w-	c:\program files\Broken Sword 2.5
2010-06-25 18:38 . 2010-06-25 18:38	--------	d-----w-	c:\users\ \AppData\Roaming\Microsoft Games
2010-06-24 18:57 . 2010-06-24 18:57	501936	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb9DFF.tmp.exe
2010-06-24 18:38 . 2010-06-24 18:38	--------	d-----w-	c:\program files\DAEMON Tools Toolbar
2010-06-24 18:37 . 2010-06-24 18:38	--------	d-----w-	c:\program files\DAEMON Tools Lite
2010-06-24 18:37 . 2010-06-24 18:39	--------	d-----w-	c:\users\ \AppData\Roaming\DAEMON Tools Lite
2010-06-24 18:34 . 2010-06-24 18:37	--------	d-----w-	c:\programdata\DAEMON Tools Lite
2010-06-23 14:01 . 2009-11-25 10:47	99176	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2010-06-23 14:01 . 2009-11-25 10:47	49472	----a-w-	c:\windows\system32\netfxperf.dll
2010-06-23 14:01 . 2009-11-25 10:47	297808	----a-w-	c:\windows\system32\mscoree.dll
2010-06-23 14:01 . 2009-11-25 10:47	295264	----a-w-	c:\windows\system32\PresentationHost.exe
2010-06-23 14:01 . 2009-11-25 10:47	1130824	----a-w-	c:\windows\system32\dfshim.dll
2010-06-23 10:54 . 2010-06-23 10:55	--------	d-----w-	c:\users\ \AppData\Roaming\WinSplit
2010-06-23 10:45 . 2010-06-23 10:45	--------	d-----w-	c:\users\ \AppData\Roaming\Apple Computer
2010-06-23 10:28 . 2010-03-24 06:37	1286456	----a-w-	c:\windows\system32\ntdll.dll
2010-06-23 10:28 . 2010-05-09 09:14	641536	----a-w-	c:\windows\system32\CPFilters.dll
2010-06-23 10:28 . 2010-05-09 09:14	417792	----a-w-	c:\windows\system32\msdri.dll
2010-06-20 13:16 . 2010-06-20 13:16	--------	d-----w-	c:\programdata\Panda Security
2010-06-17 21:03 . 2010-06-17 21:03	--------	d-----w-	c:\program files\AC3Filter
2010-06-17 21:01 . 2010-06-17 21:01	--------	d-----w-	c:\users\ \AppData\Roaming\Media Player Classic
2010-06-17 20:58 . 2010-03-15 09:31	165376	----a-w-	c:\windows\system32\unrar.dll
2010-06-16 12:57 . 2010-06-16 12:58	--------	d-----w-	c:\program files\QuickTime
2010-06-16 12:57 . 2010-06-16 12:57	--------	d-----w-	c:\programdata\Apple Computer
2010-06-15 16:51 . 2010-06-15 16:51	1127240	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-13 19:56 . 2010-03-17 17:26	--------	d-----w-	c:\program files\pdfforge Toolbar
2010-07-13 19:52 . 2009-07-14 08:47	664634	----a-w-	c:\windows\system32\perfh007.dat
2010-07-13 19:52 . 2009-07-14 08:47	134770	----a-w-	c:\windows\system32\perfc007.dat
2010-07-13 19:38 . 2009-10-30 14:32	--------	d-----w-	c:\program files\CCleaner
2010-07-13 18:40 . 2010-06-08 19:40	--------	d-----w-	c:\program files\JDownloader
2010-07-13 18:32 . 2010-05-29 03:14	--------	d-----w-	c:\users\ \AppData\Roaming\vlc
2010-07-13 12:30 . 2009-11-06 10:55	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-07-13 12:15 . 2010-02-17 15:28	--------	d-----w-	c:\program files\Panda Security
2010-07-06 21:47 . 2009-10-30 12:24	93304	----a-w-	c:\users\ \AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-04 12:40 . 2009-07-14 04:52	--------	d-----w-	c:\program files\Microsoft Games
2010-07-04 12:10 . 2009-09-07 06:18	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-07-04 12:07 . 2009-09-07 06:18	--------	d-----w-	c:\program files\Common Files\InstallShield
2010-07-02 20:32 . 2009-09-07 06:19	--------	d--h--w-	c:\program files\Temp
2010-07-02 20:29 . 2009-09-07 06:19	--------	d-----w-	c:\program files\Realtek
2010-07-02 04:08 . 2010-01-04 04:30	--------	d-----w-	c:\users\ \AppData\Roaming\dvdcss
2010-06-25 18:09 . 2010-06-11 06:04	--------	d-----w-	c:\program files\MediaMonkey
2010-06-25 12:27 . 2009-12-04 00:29	--------	d-----w-	c:\program files\Microsoft.NET
2010-06-12 16:05 . 2010-06-11 11:28	--------	d-----w-	c:\program files\Ask.com
2010-06-11 21:12 . 2010-06-11 21:12	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-06-11 21:12 . 2010-06-11 21:12	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-06-11 21:12 . 2010-06-11 21:12	1222464	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-06-11 21:08 . 2010-06-11 21:08	--------	d-----w-	c:\users\Default\AppData\Roaming\Media Center Programs
2010-06-11 19:15 . 2010-06-11 19:15	--------	d-----w-	c:\users\Default\AppData\Roaming\Samsung
2010-06-11 18:29 . 2010-06-11 18:29	--------	d--h--we	c:\programdata\AVP11
2010-06-11 18:25 . 2009-11-06 10:53	--------	d-----w-	c:\programdata\Lavasoft
2010-06-11 11:39 . 2010-06-11 11:28	--------	d-----w-	c:\users\\AppData\Roaming\BitTorrent
2010-06-11 11:28 . 2010-06-11 11:28	--------	d-----w-	c:\program files\BitTorrent
2010-06-10 13:06 . 2009-12-08 23:39	--------	d-----w-	c:\users\\AppData\Roaming\Skype
2010-06-10 12:30 . 2009-12-08 23:41	--------	d-----w-	c:\users\\AppData\Roaming\skypePM
2010-06-04 12:01 . 2009-09-07 06:57	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-05-27 16:39 . 2010-05-27 16:39	141384	----a-w-	c:\windows\system32\drivers\PSINAflt.sys
2010-05-27 07:24 . 2010-06-10 12:32	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-10 12:32	293888	----a-w-	c:\windows\system32\atmfd.dll
2010-05-25 04:26 . 2010-05-16 17:27	5642000	----a-w-	c:\users\\AppData\Roaming\TVU Networks\AutoUpgrade\TVUPlayer2.5.3.1.exe
2010-05-21 12:14 . 2009-12-01 15:31	221568	------w-	c:\windows\system32\MpSigStub.exe
2010-05-21 05:18 . 2010-06-10 12:33	977920	----a-w-	c:\windows\system32\wininet.dll
2010-05-20 04:01 . 2009-09-07 06:30	--------	d-----w-	c:\program files\Google
2010-05-12 08:57 . 2010-05-12 08:57	111176	----a-w-	c:\windows\system32\drivers\PSINProt.sys
2010-05-04 06:36 . 2010-05-04 06:36	125960	----a-w-	c:\windows\system32\drivers\PSINKNC.sys
2010-05-01 14:49 . 2010-06-10 12:33	2326528	----a-w-	c:\windows\system32\win32k.sys
2010-04-30 11:46 . 2010-04-30 11:46	111112	----a-w-	c:\windows\system32\drivers\PSINProc.sys
2010-04-30 11:46 . 2010-04-30 11:46	99336	----a-w-	c:\windows\system32\drivers\PSINFile.sys
2010-04-28 22:29 . 2010-04-28 22:29	53328	----a-w-	c:\windows\system32\LMouFiltCoInst.dll
2010-04-23 07:13 . 2010-05-25 20:12	2048	----a-w-	c:\windows\system32\tzres.dll
2009-06-10 21:26 . 2009-07-14 02:04	9633792	--sha-r-	c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42	396800	--sha-w-	c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= "c:\windows\System32\ieframe.dll" [2010-05-06 10984448]

[HKEY_CLASSES_ROOT\clsid\{cfbfae00-17a6-11d0-99cb-00c04fd64497}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"= "c:\program files\DAEMON Tools Toolbar\DTToolbar.dll" [2010-03-25 968000]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"= "c:\program files\Google\Google Toolbar\GoogleToolbar_32.dll" [2010-06-24 278192]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{32099aac-c132-4136-9e9a-4e364a424e17}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj]

[HKEY_CLASSES_ROOT\clsid\{2318c2b1-4965-11d4-9b18-009027a5cd4f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"= "c:\program files\Google\Google Toolbar\GoogleToolbar_32.dll" [2010-06-24 278192]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"= "c:\program files\DAEMON Tools Toolbar\DTToolbar.dll" [2010-03-25 968000]

[HKEY_CLASSES_ROOT\clsid\{2318c2b1-4965-11d4-9b18-009027a5cd4f}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{32099aac-c132-4136-9e9a-4e364a424e17}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-05-14 13:04	320832	----a-w-	c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-05-14 13:04	320832	----a-w-	c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 611672]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 186904]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-05-18 1311312]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
"Samsung.PCSync"="c:\program files\Samsung\Samsung PC Studio 7\PcSync2.exe" [2009-06-04 1294336]
"S60 PC Suite Tray"="c:\program files\Samsung\Samsung PC Studio 7\PCSuite.exe" [2008-12-06 699392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29	64592	----a-w-	c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"TOSHIBA Online Product Information"=c:\program files\Toshiba\Toshiba Online Product Information\TOPI.exe
"Livestation"=c:\program files\Livestation\Livestation.exe -startup
"S60 PC Suite Tray"="c:\program files\Samsung\Samsung PC Studio 7\PCSuite.exe" -onlytray
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"Getdo"=rundll32.exe "c:\users\\AppData\Roaming\Adobe\Update\flacor.dat""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TosNC"=%ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
"TosReelTimeMonitor"=%ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SmartFaceVWatcher"=%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
"SmoothView"=%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
"Toshiba Registration"=c:\program files\Toshiba\Registration\ToshibaReminder.exe
"Toshiba TEMPRO"=c:\program files\Toshiba TEMPRO\TemproTray.exe
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HSON"=%ProgramFiles%\TOSHIBA\TBS\HSON.exe
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"SearchSettings"=c:\program files\pdfforge Toolbar\SearchSettings.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-16 133104]
R3 AVMUNET;AVM FRITZ!Box;c:\windows\system32\DRIVERS\avmunet.sys [2006-10-06 14976]
R3 gtstusbser;Option210 USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\gtstusbser.sys [2008-11-18 103552]
R3 nmwcdsa;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsa.sys [2007-05-02 135680]
R3 nmwcdsac;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsac.sys [2007-05-02 8320]
R3 nmwcdsacj;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacj.sys [2007-05-02 12288]
R3 nmwcdsacm;Samsung USB Modem;c:\windows\system32\drivers\nmwcdsacm.sys [2007-05-02 12288]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2009-09-07 332272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-11 691696]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2010-05-04 125960]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-04-30 136448]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2010-05-27 141384]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2010-04-30 99336]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2010-04-30 111112]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2010-05-12 111176]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\RSelect\RSelSvc.exe [2009-07-07 62832]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2009-08-06 116104]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-18 1047368]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-05-31 267880]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 379904]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 111960]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
HsfXAudioService	REG_MULTI_SZ   	HsfXAudioService
vvdsvc	REG_MULTI_SZ   	vvdsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-07-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-07 09:39]

2010-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-16 09:40]

2010-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-16 09:40]

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3059090290-2168174768-4257991694-1000Core.job
- c:\users\Engin Basel\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-01 17:07]

2010-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3059090290-2168174768-4257991694-1000UA.job
- c:\users\\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-01 17:07]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
mStart Page = about:blank
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\\AppData\Roaming\Mozilla\Firefox\Profiles\1pvqrnrk.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\pdfforge Toolbar\SearchSettings.dll
WebBrowser-{4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(5248)
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
c:\program files\Samsung\Samsung PC Studio 7\phonebrowser.dll
c:\program files\Samsung\Samsung PC Studio 7\PCSCM_Samsung.dll
c:\program files\Samsung\Samsung PC Studio 7\Lang\PhoneBrowser_ger.nlr
c:\program files\Samsung\Samsung PC Studio 7\Resource\PhoneBrowser_Samsung.ngr
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\taskhost.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-07-13  22:01:46 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-07-13 20:01

Vor Suchlauf: 12 Verzeichnis(se), 61.580.734.464 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 61.491.408.896 Bytes frei

- - End Of File - - 8679F5176CEAE1F02B908380509C1C48

--- --- ---

cosinus · 13.07.2010, 21:11

Zitat:

ausgeführt von:: c:\users\ \Desktop\ComboFix.exe

Hast Du wie erwähnt CF in smss.exe beim Download umbenannt?

restless27 · 13.07.2010, 21:13

ja hab ich...aber ich stelle gerade fest,dass nach der ganzen prozedur und dem neustart die datei automatisch wieder in combofix umbenannt wurde...hab ich was falsch gemacht? meinst du,dass jetzt wieder alles ok ist

cosinus · 13.07.2010, 21:17

Wenn Du das gemacht hast ist das ok.

Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

restless27 · 13.07.2010, 21:30

Ok also hier das Logfile von Osam...reicht dies aus oder soll ich GMER auch ausführen...?

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:27:14 on 13.07.2010

OS: Windows 7 Home Premium Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.6

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-3059090290-2168174768-4257991694-1000Core.job" - "Google Inc." - C:\Users\\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-3059090290-2168174768-4257991694-1000UA.job" - "Google Inc." - C:\Users\\AppData\Local\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"PSUNCpl.cpl" - "Panda Security, S.L." - C:\Windows\system32\PSUNCpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"PSUNCPL" - ? - C:\Windows\syst  (File not found)
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
"SamsungConnectionManager" - ? - C:\PROGRA~1\Samsung\SAMSUN~1\CONNEC~1.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\Users\B~1\AppData\Local\Temp\catchme.sys  (File not found)
"mbr" (mbr) - ? - C:\Users\ENGINB~1\AppData\Local\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"PSINAflt" (PSINAflt) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\PSINAflt.sys
"PSINFile" (PSINFile) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\PSINFile.sys
"PSINKNC" (PSINKNC) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\psinknc.sys
"PSINProc" (PSINProc) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\PSINProc.sys
"PSINProt" (PSINProt) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\PSINProt.sys
"Realtek IR Driver" (RtsUIR) - ? - C:\Windows\System32\DRIVERS\Rts516xIR.sys  (File not found)
"Realtek Smartcard Reader Driver" (USBCCID) - ? - C:\Windows\System32\DRIVERS\RtsUCcid.sys  (File not found)
"RtsUStor.Sys Realtek USB Card Reader" (RSUSBSTOR) - ? - C:\Windows\System32\Drivers\RtsUStor.sys  (File not found)
"SANDRA" (SANDRA) - ? - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\Sandra.sys  (File not found)
"Service for Realtek HD Audio (WDM)" (IntcAzAudAddService) - ? - C:\Windows\System32\drivers\RTKVHDA.sys  (File not found)
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{C080DC3F-9095-4E4B-95E6-D67D077130E8} "IconsHandlerNano Class" - "Panda Security, S.L." - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPointP\kbcplext.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll
{B062CBE9-07D9-4EA1-A103-3041708C2392} "Samsung Phone Browser" - ? - C:\Program Files\Samsung\Samsung PC Studio 7\phonebrowser.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{80AEF606-7FFA-4EF6-86C4-0B86FEF4E0CD} "ShellExt Class" - "Panda Security, S.L." - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
SimpleShlExt extension "{80AEF606-7FFA-4EF6-86C4-0B86FEF4E0CD}" - ? -   (File not found | COM-object registry key not found)
Logitech Setpoint Extension "{B9B9F083-2B04-452A-8691-83694AC1037B}" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Ask Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll
<binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_14" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} "Java Plug-in 1.6.0_14" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_14" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_14.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{D4003189-95B1-4A2F-9A87-F2B03665960D} "VodClient Control Class" - ? - C:\Windows\system32\nagasoft\vjocx.dll / hxxp://vexcast.com/download/vexcast.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Ask Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll
<binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{D4027C7F-154A-4066-A1AD-4243D8127440} "Ask Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"00TCrdMain" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
"EvtMgr6" - "Logitech, Inc." - C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
" Malwarebytes Anti-Malware  (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"PSUNMain" - "Panda Security, S.L." - "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
"TosSENotify" - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
"TPwrMain" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
"TWebCamera" - "TOSHIBA CORPORATION." - "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
"@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
"Application Updater" (Application Updater) - "Spigot, Inc." - C:\Program Files\Application Updater\ApplicationUpdater.exe
"AVM FRITZ!web Routing Service" (de_serv) - "AVM Berlin" - C:\Program Files\Common Files\AVM\de_serv.exe
"ConfigFree Service" (ConfigFree Service) - "TOSHIBA CORPORATION" - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
"ConfigFree WiMAX Service" (cfWiMAXService) - "TOSHIBA CORPORATION" - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Notebook Performance Tuning Service (TEMPRO)" (TemproMonitoringService) - "Toshiba Europe GmbH" - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Panda Cloud Antivirus Service" (NanoServiceMain) - "Panda Security, S.L." - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
"Partner Service" (Partner Service) - "Google Inc." - C:\ProgramData\Partner\Partner.exe
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"TMachInfo" (TMachInfo) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
"TOSHIBA HDD SSD Alert Service" (TOSHIBA HDD SSD Alert Service) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
"TOSHIBA Modem region select service" (RSELSVC) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
"TOSHIBA Optical Disc Drive Service" (TODDSrv) - "TOSHIBA Corporation" - C:\Windows\system32\TODDSrv.exe
"TOSHIBA Power Saver" (TosCoSrv) - "TOSHIBA Corporation" - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
"VJVodClientServices" (vvdsvc) - ? - C:\Windows\system32\nagasoft\vjocx.dll

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"LBTWlgn" - "Logitech, Inc." - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

restless27 · 13.07.2010, 21:41

GMER ist wie du es befürchtet hast leider während des scans abgestürzt...hoffe osam reicht erstmal für die weitere bearbeitung

cosinus · 13.07.2010, 22:17

Zitat:

"TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

Ist ein ziemliches Spielzeug, das kontraproduktiv bis gefährlich ist. Mein Tipp: Finger weg! Alle Einstellungen rückgängig machen und deinstallieren.
=> TuneUp: Wundermittel oder Placebo Reloaded | DerFisch.de

Danach den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.

Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

restless27 · 13.07.2010, 22:41

\\.\C: -\\.\ PhysicalDrive0
MD5: bb4f1627d8b9beda49ac0d010229f3ff
\\.\D: -\\.\ PhysicalDrive0

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 OK {Dos/win32 boot code found)

cosinus · 14.07.2010, 09:25

Hast Du die remover.exe einfach nur doppelgeklickt oder damit den Fix auch schon gemacht?

13.07.2010, 21:17	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows fährt nach erstem Hochfahren automatisch runter Wenn Du das gemacht hast ist das ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus __________________ Logfiles bitte immer in CODE-Tags posten

14.07.2010, 09:25	#15
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows fährt nach erstem Hochfahren automatisch runter Hast Du die remover.exe einfach nur doppelgeklickt oder damit den Fix auch schon gemacht? __________________ Logfiles bitte immer in CODE-Tags posten

Windows fährt nach erstem Hochfahren automatisch runter

Plagegeister aller Art und deren Bekämpfung: Windows fährt nach erstem Hochfahren automatisch runter