| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner wird von Virenprogramm nicht erkannt, beeinflusst Windows Explorer und Mozilla, StopzillaWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.08.2010, 00:02
| #1 |
 |  Trojaner wird von Virenprogramm nicht erkannt, beeinflusst Windows Explorer und Mozilla, Stopzilla Hallo! Leider konnte ich im Internet und hier im Forum nichts zu meinem Problem finden. Falls ich etwas übersehen habe, entschuldige ich dies vielmals. Ich habe seit heute, nachdem ich einen Livestream im Internet schaute, folgendes Problem: Habe mein Antivirenprogramm nach der Ursache suchen lassen, diese auch gefunden und sämtliche Quellen im abgesicherten Modus gelöscht. Auch Systemwiederherrstellung habe ich probiert. Es handelte sich um einen oder mehrere Trojaner, der/die sich in dem Ordner: C:Users/**/Appdata/roaming/ und dort in verschiedenen Ordnern befanden. Leider bin ich mehr oder minder ein Computerlaie und demnach auf Hilfe angewiesen. Es scheint, als hätte ich das Stopzilla Programm runtergeladen, ohne es zu merken, wobei ich dieses nicht auf meinem PC finden konnte. Dennoch werde ich immerwieder auf die Stopzilla-Homepage verwiesen. Weiterhin kommt aller 5 Sekunden eine Meldung des Windows Explorer, "Windows Explorer funktioniert nicht mehr" und dann "Windows Explorer wird neu gestartet", was allein das Schreiben dieses Textes erheblich erschwert...Das Programm Rapport, das den Virus mit beinhaltet, kann ich nicht installieren, in der Softwareliste heißt der Hersteller Trusteer. Ich versuche nur so viele Infos wie möglich zu geben, auch wenn sie ein wenig ungeordnet sein mögen. Ein weiteres Programm habe ich im abgesicherten Modus nicht gelöscht, aber dessen Ordner komplett entfernt, woraufhin es sich natürlich nicht mehr deinstallieren ließ. Mehr fällt mir gerade nicht ein...Ich habe in einem anderen Beitrag gelesen, dass ich möglicherweise CCleaner und RSIT. Allerdings finde ich bei CCleaner keine logs. Ich hoffe, dieses Problem ist neu und mir kann jemand helfen. Danke im Voraus! RSIT: RSIT Logfile: Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by TJ at 2010-08-15 23:20:14 Microsoft Windows 7 Home Premium System drive C: has 57 GB (37%) free of 153 GB Total RAM: 4061 MB (51% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:20:28, on 15.08.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files (x86)\AVG\AVG9\avgtray.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\TJ\Downloads\RSIT.exe C:\Program Files (x86)\trend micro\TJ.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.tangosearch.com/?useie5=1&q= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.tangotoolbar.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.tangosearch.com/?useie5=1&q= R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Tango - {381235A5-34E8-496E-95E2-2E4489714D94} - C:\Windows\SysWow64\de78.dll (file missing) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Tango - {381235A4-34E8-496E-95E2-2E4489714D94} - C:\Windows\SysWow64\de78.dll (file missing) O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60 O4 - HKLM\..\Run: [UUSeeMediaCenter] "C:\Program Files (x86)\Common Files\uusee\UUSeeMediaCenter.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [Qdececebepaguh] rundll32.exe "C:\Users\TJ\AppData\Local\ekapawuq.dll",Startup O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe O4 - HKCU\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [GameShadow] C:\Program Files (x86)\GameShadow\GameShadow.exe /q O4 - HKCU\..\Run: [Vyijiris] rundll32.exe "C:\Users\TJ\AppData\Local\TSWicet.dll",Startup O4 - HKCU\..\Run: [{D3FFDF87-49DF-5DD2-338B-B2940180520D}] C:\Users\TJ\AppData\Roaming\Zuzoim\yviqe.exe O4 - HKCU\..\Run: [SfKg6wIPuSp] C:\Users\TJ\AppData\Roaming\Microsoft\Windows\jnipmo.exe O4 - HKCU\..\Run: [GabPath] C:\Users\TJ\AppData\Roaming\GabPath\gabpath.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user') O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user') O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Rapport Launching Service (RapportLaunService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: ResultDns Service - Unknown owner - C:\ProgramData\ResultDns\resultdns111.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing) O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13420 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{381235A5-34E8-496E-95E2-2E4489714D94}] Tango - C:\Windows\SysWow64\de78.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files (x86)\AVG\AVG9\avgssie.dll [2010-08-15 1619296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID-Anmelde-Hilfsprogramm - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] AVG Security Toolbar BHO - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll [2010-06-30 2102600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-09-08 41368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {381235A4-34E8-496E-95E2-2E4489714D94} - Tango - C:\Windows\SysWow64\de78.dll [] {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll [2010-06-30 2102600] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SVPWUTIL"=C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [2009-08-12 352256] "HWSetup"=C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [2009-06-02 423936] "KeNotify"=C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [2009-01-13 34088] "StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-29 98304] "TWebCamera"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2009-08-11 2446648] "ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2009-08-17 1294136] "UUSeeMediaCenter"=C:\Program Files (x86)\Common Files\uusee\UUSeeMediaCenter.exe [] "Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832] "VirtualCloneDrive"=C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-06-17 85160] "Qdececebepaguh"=C:\Users\TJ\AppData\Local\ekapawuq.dll [2009-07-14 197120] "avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-06-28 2837864] "AVG9_TRAY"=C:\PROGRA~2\AVG\AVG9\avgtray.exe [2010-08-15 2065760] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"=C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [2009-08-12 6203296] "DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072] "GameShadow"=C:\Program Files (x86)\GameShadow\GameShadow.exe /q [] "Vyijiris"=C:\Users\TJ\AppData\Local\TSWicet.dll [2009-07-14 75776] "{D3FFDF87-49DF-5DD2-338B-B2940180520D}"=C:\Users\TJ\AppData\Roaming\Zuzoim\yviqe.exe [] "SfKg6wIPuSp"=C:\Users\TJ\AppData\Roaming\Microsoft\Windows\jnipmo.exe [2010-08-15 737280] "GabPath"=C:\Users\TJ\AppData\Roaming\GabPath\gabpath.exe [] C:\Users\TJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=3 "EnableLUA"=0 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files (x86)\uusee\UUSeePlayer.exe"="C:\Program Files (x86)\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* .reg - open - "regedit.exe" "%1" ======List of files/folders created in the last 1 months====== 2010-08-15 23:20:14 ----D---- C:\Program Files (x86)\trend micro 2010-08-15 23:20:13 ----D---- C:\rsit 2010-08-15 21:24:48 ----HD---- C:\$AVG 2010-08-15 21:18:38 ----D---- C:\ProgramData\AVG Security Toolbar 2010-08-15 21:18:19 ----D---- C:\ProgramData\avg9 2010-08-15 21:18:19 ----D---- C:\Program Files (x86)\AVG 2010-08-15 20:42:55 ----A---- C:\Windows\ntbtlog.txt 2010-08-15 18:13:46 ----A---- C:\Windows\SysWOW64\aswBoot.exe 2010-08-15 18:13:42 ----D---- C:\ProgramData\Alwil Software 2010-08-15 17:04:38 ----D---- C:\ProgramData\ResultDns 2010-08-15 17:04:38 ----D---- C:\Program Files (x86)\ResultDns 2010-08-15 17:02:20 ----A---- C:\Windows\SysWOW64\drivers\dkcnhisp.sys 2010-08-15 16:59:46 ----D---- C:\Users\TJ\AppData\Roaming\1EB08FB2BD379F1C55258658861A4EDB 2010-08-04 12:53:36 ----A---- C:\Windows\SysWOW64\shell32.dll 2010-07-28 18:13:51 ----D---- C:\Program Files (x86)\Common Files\Skype ======List of files/folders modified in the last 1 months====== 2010-08-15 23:20:19 ----D---- C:\Windows\Prefetch 2010-08-15 23:20:14 ----D---- C:\Program Files (x86) 2010-08-15 22:59:49 ----D---- C:\Windows\Temp 2010-08-15 22:59:40 ----A---- C:\Windows\SysWOW64\PnkBstrB.exe 2010-08-15 21:59:42 ----D---- C:\Users\TJ\AppData\Roaming\uTorrent 2010-08-15 21:57:46 ----D---- C:\Windows\SysWOW64 2010-08-15 21:18:47 ----D---- C:\Windows\System32 2010-08-15 21:18:38 ----HD---- C:\ProgramData 2010-08-15 21:18:16 ----SHD---- C:\System Volume Information 2010-08-15 21:18:06 ----SHD---- C:\Windows\Installer 2010-08-15 21:18:03 ----D---- C:\Windows\winsxs 2010-08-15 21:16:47 ----SD---- C:\Users\TJ\AppData\Roaming\Microsoft 2010-08-15 21:16:47 ----D---- C:\Windows\SysWOW64\drivers 2010-08-15 21:16:47 ----D---- C:\Windows 2010-08-15 20:40:41 ----D---- C:\Users\TJ\AppData\Roaming\Skype 2010-08-15 20:12:04 ----D---- C:\Users\TJ\AppData\Roaming\skypePM 2010-08-15 20:01:21 ----D---- C:\Users\TJ\AppData\Roaming\vlc 2010-08-15 18:37:59 ----D---- C:\Users\TJ\AppData\Roaming\Osteqy 2010-08-15 18:13:42 ----RD---- C:\Program Files 2010-08-14 17:31:45 ----D---- C:\Users\TJ\AppData\Roaming\ICQ 2010-08-14 00:07:00 ----D---- C:\Program Files (x86)\ICQ7.2 2010-08-13 20:28:59 ----D---- C:\Program Files (x86)\Mozilla Firefox 2010-08-13 01:13:47 ----D---- C:\Program Files (x86)\GameShadow 2010-08-11 18:44:33 ----D---- C:\Windows\inf 2010-08-09 17:21:41 ----D---- C:\Users\TJ\AppData\Roaming\Winamp 2010-08-09 14:09:32 ----D---- C:\Program Files (x86)\Winamp 2010-08-09 14:09:22 ----D---- C:\Program Files (x86)\Winamp Detect 2010-07-28 18:13:51 ----D---- C:\Program Files (x86)\Common Files 2010-07-28 17:27:08 ----D---- C:\ProgramData\Norton 2010-07-28 17:27:05 ----D---- C:\Windows\Tasks ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [] R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [] R0 tos_sps64;TOSHIBA tos_sps64 Service; C:\Windows\system32\DRIVERS\tos_sps64.sys [] R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [] R1 aswRdr;aswRdr; C:\Windows\SysWOW64\drivers\aswRdr.sys [] R1 aswSP;aswSP; C:\Windows\SysWOW64\drivers\aswSP.sys [] R1 aswTdi;avast! Network Shield Support; C:\Windows\SysWOW64\drivers\aswTdi.sys [] R1 AvgLdx64;AVG Free AVI Loader Driver x64; C:\Windows\System32\Drivers\avgldx64.sys [] R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64; C:\Windows\System32\Drivers\avgmfx64.sys [] R1 AvgTdiA;AVG Free Network Redirector x64; C:\Windows\System32\Drivers\avgtdia.sys [] R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [] R1 RapportKE64;RapportKE64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys [2010-07-01 63472] R1 RapportPG64;RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys [2010-07-01 56304] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [] R2 aswFsBlk;aswFsBlk; C:\Windows\SysWOW64\drivers\aswFsBlk.sys [] R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\Windows\system32\DRIVERS\TVALZFL.sys [] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [] R3 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys [] R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys [] R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [] R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver; C:\Windows\system32\DRIVERS\rtl8192se.sys [] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [] R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [] R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [] R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [] S1 dkcnhisp;dkcnhisp; \??\C:\Windows\system32\drivers\dkcnhisp.sys [2010-08-15 13312] S2 Aspi32;Aspi32; C:\Windows\System32\drivers\aspi32.sys [2002-07-17 16877] S3 athr;Atheros Extensible-Drahtlos-LAN-Gerätetreiber; C:\Windows\system32\DRIVERS\athrx.sys [] S3 aud7frav;aud7frav; C:\Windows\SysWOW64\drivers\aud7frav.sys [] S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [] S3 RtsUIR;Realtek IR Driver; C:\Windows\system32\DRIVERS\Rts516xIR.sys [] S3 USBCCID;Realtek Smartcard Reader Driver; C:\Windows\system32\DRIVERS\RtsUCcid.sys [] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384] R2 avg9emc;AVG Free E-mail Scanner; C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-08-15 921952] R2 avg9wd;AVG Free WatchDog; C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-08-15 308136] R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688] R2 ConfigFree Gadget Service;ConfigFree Gadget Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368] R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448] R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-07-10 75064] R2 RapportMgmtService;Rapport Management Service; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-07-01 840936] R2 ResultDns Service;ResultDns Service; C:\ProgramData\ResultDns\resultdns111.exe [2010-08-14 57608] R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-08-06 116104] R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [] R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2009-08-05 488800] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 2297216] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384] R3 RapportLaunService;Rapport Launching Service; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe [2010-07-01 524784] R3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560] R3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224] S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-30 135664] S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-06-30 431432] S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [2010-02-08 238328] -----------------EOF----------------- |
|
16.08.2010, 08:08
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner wird von Virenprogramm nicht erkannt, beeinflusst Windows Explorer und Mozilla, Stopzilla Hallo und
__________________ Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
16.08.2010, 23:50
| #3 |
| | Trojaner wird von Virenprogramm nicht erkannt, beeinflusst Windows Explorer und Mozilla, Stopzilla Vielen vielen Dank für die schnelle Antwort!
__________________Hier die Logfiles: Malwarebytes: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4436 Windows 6.1.7600 (Safe Mode) Internet Explorer 8.0.7600.16385 16.08.2010 20:36:54 mbam-log-2010-08-16 (20-36-54).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 298675 Laufzeit: 1 Stunde(n), 11 Minute(n), 0 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 11 Infizierte Registrierungswerte: 4 Infizierte Dateiobjekte der Registrierung: 4 Infizierte Verzeichnisse: 2 Infizierte Dateien: 17 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\resultdns (Adware.ResultDns) -> No action taken. HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\F5JMWNZTHI (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\Software\GabPath (Adware.Adparatus) -> No action taken. HKEY_CURRENT_USER\Software\IEBarProperties (Adware.Mirar) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\ResultDns (Adware.ResultDns) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ResultDns Service (Adware.ResultDns) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{381235a5-34e8-496e-95e2-2e4489714d94} (Adware.Tango) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{381235a5-34e8-496e-95e2-2e4489714d94} (Adware.Tango) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vyijiris (Trojan.Hiloti.Gen) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sfkg6wipusp (Trojan.Downloader) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{d3ffdf87-49df-5dd2-338b-b2940180520d} (Trojan.ZbotR.Gen) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qdececebepaguh (Trojan.Agent.U) -> No action taken. Infizierte Dateiobjekte der Registrierung: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (hxxp://www.tangosearch.com/?useie5=1&q=) Good: (hxxp://www.google.com) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (hxxp://www.tangosearch.com/?useie5=1&q=) Good: (hxxp://www.google.com) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (hxxp://home.tangotoolbar.com/) Good: (hxxp://www.google.com) -> No action taken. Infizierte Verzeichnisse: C:\ProgramData\ResultDns (Adware.ResultDns) -> No action taken. C:\Program Files (x86)\ResultDns (Adware.ResultDns) -> No action taken. Infizierte Dateien: C:\Users\TJ\AppData\Local\TSWicet.dll (Trojan.Hiloti.Gen) -> No action taken. C:\$RECYCLE.BIN\S-1-5-21-1410566134-608971593-3399172855-1000\$RS23LOE.exe (Rogue.Installer) -> No action taken. C:\Program Files (x86)\ResultDns\resultdns.dll (Adware.ResultDNS) -> No action taken. C:\Program Files (x86)\ResultDns\resultdns.exe (Adware.ResultDns) -> No action taken. C:\ProgramData\ResultDns\resultdns111.exe (Adware.ResultDns) -> No action taken. C:\Users\TJ\AppData\Local\Mozilla\Firefox\Profiles\y8miz0xe.default\Cache\0D1036A2d01 (Rogue.Installer) -> No action taken. C:\Users\TJ\AppData\Local\Temp\creg.exe (Trojan.Hiloti.Gen) -> No action taken. C:\Users\TJ\AppData\Local\Temp\pmqtt.exe (Adware.BHO) -> No action taken. C:\Users\TJ\AppData\Local\Temp\ukdoi.exe (Rogue.SecuritySuite) -> No action taken. C:\Users\TJ\AppData\Local\Temp\xceamsnwor.exe (Trojan.Dropper) -> No action taken. C:\Users\TJ\AppData\Roaming\Mozilla\Firefox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}\components\gpff.dll (Adware.Agent) -> No action taken. C:\Users\TJ\Desktop\setupxv.exe.part (Rogue.Installer) -> No action taken. C:\Users\TJ\Downloads\setupxv.exe.part (Rogue.Installer) -> No action taken. C:\Windows\Temp\RES88FD.tmp\upgrade.exe (Adware.ResultDNS) -> No action taken. C:\Program Files (x86)\ResultDns\uninstall.exe (Adware.ResultDns) -> No action taken. C:\Users\TJ\AppData\Roaming\Microsoft\Windows\jnipmo.exe (Trojan.Downloader) -> No action taken. C:\Users\TJ\AppData\Local\ekapawuq.dll (Trojan.Agent.U) -> No action taken. und OTL: --> OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.08.2010 18:06:11 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\TJ\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 57,52 Gb Free Space | 38,59% Space Free | Partition Type: NTFS Drive D: | 148,65 Gb Total Space | 36,40 Gb Free Space | 24,48% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PORTABULARASA Current User Name: TJ Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\TJ\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\ProgramData\ResultDns\resultdns111.exe () PRC - C:\Program Files (x86)\ResultDns\resultdns.exe () PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) ========== Modules (SafeList) ========== MOD - C:\Users\TJ\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files (x86)\ResultDns\resultdns.dll () MOD - C:\Windows\SysWOW64\wintrust.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Users\TJ\AppData\Local\ekapawuq.dll () MOD - C:\Windows\SysWOW64\normaliz.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation) SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (avg9emc) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (ResultDns Service) -- C:\ProgramData\ResultDns\resultdns111.exe () SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AVG Security Toolbar Service) -- C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe () SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (USBCCID) -- C:\Windows\SysNative\DRIVERS\RtsUCcid.sys File not found DRV:64bit: - (RtsUIR) -- C:\Windows\SysNative\DRIVERS\Rts516xIR.sys File not found DRV:64bit: - (dkcnhisp) -- C:\Windows\SysNative\drivers\dkcnhisp.sys File not found DRV:64bit: - (Aspi32) -- C:\Windows\SysNative\drivers\aspi32.sys File not found DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV - (dkcnhisp) -- C:\Windows\SysWOW64\drivers\dkcnhisp.sys () DRV - (Aspi32) -- C:\Windows\SysWOW64\drivers\ASPI32.SYS (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.tangotoolbar.com/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/?shva=1#inbox" FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3 FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1 FF - prefs.js..extensions.enabledItems: {96554A3A-DAFC-4A17-BE93-B2F276EA7F22}:1.9.1 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845 FF - prefs.js..extensions.enabledItems: avg@igeared:4.906.030.002 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{96554A3A-DAFC-4A17-BE93-B2F276EA7F22}: C:\Users\TJ\AppData\Local\{96554A3A-DAFC-4A17-BE93-B2F276EA7F22} [2010.08.15 17:02:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}: C:\Users\TJ\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66} [2010.08.15 17:05:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010.08.15 21:18:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010.08.15 21:18:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.08.09 14:09:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.07.25 14:16:30 | 000,000,000 | ---D | M] [2009.12.29 19:02:54 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\mozilla\Extensions [2010.08.15 22:52:48 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\mozilla\Firefox\Profiles\y8miz0xe.default\extensions [2010.07.10 18:16:35 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\mozilla\Firefox\Profiles\y8miz0xe.default\extensions\eafo3fflauncher@ea.com [2010.04.07 00:26:17 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\mozilla\Firefox\Profiles\y8miz0xe.default\extensions\firefox@tvunetworks.com [2010.07.06 22:29:41 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\mozilla\Firefox\Profiles\y8miz0xe.default\extensions\personas@christopher.beard [2010.07.22 02:09:16 | 000,000,950 | ---- | M] () -- C:\Users\TJ\AppData\Roaming\Mozilla\FireFox\Profiles\y8miz0xe.default\searchplugins\icqplugin-1.xml [2010.05.12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Users\TJ\AppData\Roaming\Mozilla\FireFox\Profiles\y8miz0xe.default\searchplugins\icqplugin.xml [2010.08.15 23:07:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll [2010.07.22 02:09:01 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010.07.22 02:09:01 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2010.07.22 02:09:01 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2010.07.22 02:09:01 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2010.06.08 00:38:46 | 000,001,050 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com O1 - Hosts: 127.0.0.1 orbitservice.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Tango) - {381235A5-34E8-496E-95E2-2E4489714D94} - C:\Windows\SysWow64\de78.dll File not found O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll () O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (Tango) - {381235A4-34E8-496E-95E2-2E4489714D94} - C:\Windows\SysWow64\de78.dll File not found O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [Qdececebepaguh] C:\Users\TJ\AppData\Local\ekapawuq.DLL () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKLM..\Run: [UUSeeMediaCenter] C:\Program Files (x86)\Common Files\uusee\UUSeeMediaCenter.exe File not found O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) O4 - HKCU..\Run: [{D3FFDF87-49DF-5DD2-338B-B2940180520D}] C:\Users\TJ\AppData\Roaming\Zuzoim\yviqe.exe File not found O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [GameShadow] C:\Program Files (x86)\GameShadow\GameShadow.exe File not found O4 - HKCU..\Run: [SfKg6wIPuSp] C:\Users\TJ\AppData\Roaming\Microsoft\Windows\jnipmo.exe () O4 - HKCU..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA) O4 - HKCU..\Run: [Vyijiris] C:\Users\TJ\AppData\Local\TSWicet.DLL (MaresWEB) O4 - Startup: C:\Users\TJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll () O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{103c9333-717d-11df-bd6f-002622e98c93}\Shell - "" = AutoRun O33 - MountPoints2\{103c9333-717d-11df-bd6f-002622e98c93}\Shell\AutoRun\command - "" = H:\setup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.16 18:03:52 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\TJ\Desktop\OTL.exe [2010.08.15 23:53:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.08.15 23:52:38 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Roaming\Trusteer [2010.08.15 23:21:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner [2010.08.15 23:20:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro [2010.08.15 23:20:13 | 000,000,000 | ---D | C] -- C:\rsit [2010.08.15 22:52:47 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\AVG Security Toolbar [2010.08.15 21:24:48 | 000,000,000 | -H-D | C] -- C:\$AVG [2010.08.15 21:18:47 | 000,013,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll [2010.08.15 21:18:45 | 000,317,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys [2010.08.15 21:18:41 | 000,269,904 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys [2010.08.15 21:18:40 | 000,035,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys [2010.08.15 21:18:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg [2010.08.15 21:18:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar [2010.08.15 21:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9 [2010.08.15 21:18:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2010.08.15 18:14:11 | 000,121,936 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2010.08.15 18:14:11 | 000,020,048 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2010.08.15 18:14:10 | 000,051,280 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2010.08.15 18:14:10 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys [2010.08.15 18:14:09 | 000,061,008 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2010.08.15 18:13:46 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2010.08.15 18:13:46 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr [2010.08.15 18:13:42 | 000,000,000 | ---D | C] -- C:\Programme\Alwil Software [2010.08.15 18:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software [2010.08.15 17:04:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ResultDns [2010.08.15 17:04:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ResultDns [2010.08.15 17:02:00 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{96554A3A-DAFC-4A17-BE93-B2F276EA7F22} [2010.08.15 17:00:06 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\Windows Server [2010.08.15 16:59:46 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Roaming\1EB08FB2BD379F1C55258658861A4EDB [2010.07.28 18:13:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2010.07.19 17:53:22 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2009.07.14 00:24:58 | 000,075,776 | ---- | C] (MaresWEB) -- C:\Users\TJ\AppData\Local\TSWicet.dll [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.16 18:11:09 | 002,621,440 | -HS- | M] () -- C:\Users\TJ\NTUSER.DAT [2010.08.16 18:04:15 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.16 18:04:15 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.16 18:03:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\TJ\Desktop\OTL.exe [2010.08.16 18:03:07 | 063,499,870 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm [2010.08.16 18:01:35 | 006,541,966 | ---- | M] () -- C:\Users\TJ\Desktop\setupxv.exe [2010.08.16 18:00:47 | 006,541,966 | ---- | M] () -- C:\Users\TJ\Desktop\setupxv.exe.part [2010.08.16 17:57:27 | 000,000,120 | ---- | M] () -- C:\Users\TJ\AppData\Local\Ymahan.dat [2010.08.16 17:57:25 | 000,000,000 | ---- | M] () -- C:\Users\TJ\AppData\Local\Gsuzivewav.bin [2010.08.16 17:56:35 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.16 17:56:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.16 17:56:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.16 17:56:02 | 3193,602,048 | -HS- | M] () -- C:\hiberfil.sys [2010.08.16 00:03:51 | 000,935,442 | -H-- | M] () -- C:\Users\TJ\AppData\Local\IconCache.db [2010.08.15 23:55:10 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI [2010.08.15 23:30:01 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.15 22:59:40 | 000,214,592 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010.08.15 22:59:40 | 000,214,592 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.08.15 21:18:47 | 000,013,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll [2010.08.15 21:18:47 | 000,001,821 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk [2010.08.15 21:18:45 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys [2010.08.15 21:18:41 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys [2010.08.15 21:18:40 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm [2010.08.15 21:18:40 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys [2010.08.15 18:14:08 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2010.08.15 17:02:20 | 000,013,312 | ---- | M] () -- C:\Windows\SysWow64\drivers\dkcnhisp.sys [2010.08.11 18:44:34 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.08.11 18:44:34 | 000,648,148 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.08.11 18:44:34 | 000,621,802 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.08.11 18:44:34 | 000,130,484 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.08.11 18:44:34 | 000,108,124 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.08.10 20:18:49 | 000,053,248 | ---- | M] () -- C:\Users\TJ\Documents\CV.doc [2010.07.23 00:15:18 | 000,056,908 | ---- | M] () -- C:\Users\TJ\Documents\ACHSO.odt [2010.07.21 02:41:55 | 000,000,466 | ---- | M] () -- C:\Data (D) - Verknüpfung.lnk [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.16 18:00:03 | 006,541,966 | ---- | C] () -- C:\Users\TJ\Desktop\setupxv.exe [2010.08.16 17:59:49 | 006,541,966 | ---- | C] () -- C:\Users\TJ\Desktop\setupxv.exe.part [2010.08.15 23:55:10 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2010.08.15 21:18:47 | 000,001,821 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk [2010.08.15 21:18:40 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm [2010.08.15 21:18:39 | 063,499,870 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm [2010.08.15 18:14:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2010.08.15 17:02:20 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\drivers\dkcnhisp.sys [2010.08.15 17:02:04 | 000,000,120 | ---- | C] () -- C:\Users\TJ\AppData\Local\Ymahan.dat [2010.08.15 17:02:04 | 000,000,000 | ---- | C] () -- C:\Users\TJ\AppData\Local\Gsuzivewav.bin [2010.07.21 02:41:55 | 000,000,466 | ---- | C] () -- C:\Data (D) - Verknüpfung.lnk [2010.04.19 18:44:23 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll [2010.01.20 21:06:44 | 000,000,204 | ---- | C] () -- C:\Windows\struct~.ini [2010.01.19 23:35:30 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.14 00:24:58 | 000,197,120 | ---- | C] () -- C:\Users\TJ\AppData\Local\ekapawuq.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.04.28 03:37:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll [2009.02.04 10:50:32 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\nsis_loader.dll [2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2006.09.13 12:06:10 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\gtapi.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:6387AA6C < End of report > und Extras.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.08.2010 18:06:11 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\TJ\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 57,52 Gb Free Space | 38,59% Space Free | Partition Type: NTFS
Drive D: | 148,65 Gb Total Space | 36,40 Gb Free Space | 24,48% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PORTABULARASA
Current User Name: TJ
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\uusee\UUSeePlayer.exe" = C:\Program Files (x86)\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer -- File not found
"C:\Program Files (x86)\uusee\UUSeePlayer.exe" = C:\Program Files (x86)\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0FB2E75A-1024-331F-77EF-D45F71505D58}" = ATI Catalyst Install Manager
"{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{9EE58CAC-21D5-1412-F0F2-CB9CD8834B59}" = ccc-utility64
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID-Anmelde-Assistent
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0163E195-D5EF-BF70-CBEE-73AA7CBBBEEE}" = CCC Help Thai
"{03883959-80DA-6151-CEAE-46A058CF774F}" = CCC Help Danish
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0823A2E3-69DD-A37A-7CD9-1CBEB037545C}" = Toshiba Photo Service - powered by myphotobook
"{096D1CCF-0F1E-08FB-094F-C40A633D5AEB}" = ccc-core-static
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{13D0EB07-FCA0-C005-A6C5-B1A4B7E5BB48}" = Catalyst Control Center Core Implementation
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1D4A3E7D-A580-5BB7-DED3-48508A53D2B2}" = CCC Help Chinese Standard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{22354A21-BE84-0D40-191D-6E530B715CCF}" = CCC Help Polish
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{26D8DF7E-DBF8-43A6-8D42-F37497CE603D}" = Skype(TM) Launcher
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2F36BA32-7986-9E40-B3F6-908B214EC898}" = CCC Help Japanese
"{2F4A39B2-5A2D-3E9F-E8EA-6F891A097ACF}" = CCC Help English
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{381235A4-34E8-496E-95E2-2E4489714D94}" = Tango
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DBE8669-1F7D-E1C9-2BC8-CC4BAE0A5136}" = CCC Help Turkish
"{3FF5FF03-DB97-2ACE-BAE7-61D6D4A39F9B}" = Catalyst Control Center Graphics Full Existing
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4CEE0E9F-2116-BE92-CD54-8D1834935B54}" = Catalyst Control Center Localization All
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5DD59391-FED6-576D-B6BD-71111EF96522}" = CCC Help Russian
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6168260A-6D56-50BB-193C-BF6F471394AA}" = CCC Help Greek
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{675DD1E6-637A-4F0E-B6DE-26F45CC26092}_is1" = AC2 server emulator 0.44 by Dormine
"{6A150790-FC79-D323-92D4-E773E3A03789}" = CCC Help Portuguese
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6CB88B54-4C1C-E6AB-49C6-476DE56327BC}" = CCC Help Spanish
"{6DE880FE-F0C9-BC57-B7C5-2ABEAE1E501E}" = CCC Help German
"{6FE3B0CE-37C1-4825-908A-5A84C9B4EC2F}" = EA SPORTS(TM) FIFA Online
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{79660B73-3DD0-9C3D-3F29-0E266F3AE5EA}" = CCC Help Norwegian
"{81E5E076-F2C1-AE09-A360-0CAC2967FD5F}" = CCC Help Swedish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{986CAA52-3249-B34F-DC64-07347926CF57}" = CCC Help Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E4FF410-471F-49E3-9358-74FF0D5E9901}" = Toshiba TEMPRO
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B5B8BA5D-55CA-9351-984B-048FEF97A544}" = Catalyst Control Center Graphics Previews Vista
"{B6DECBD2-EC09-17C3-35AE-8C72B08062C9}" = CCC Help Czech
"{BF3AB290-563B-2F6F-9AF0-189B5CCF2C01}" = Catalyst Control Center Graphics Light
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C644BA4B-07D6-A67E-9EB4-157F6DEB68BE}" = CCC Help Chinese Traditional
"{D0831990-FF97-1F08-668D-4743CC32EFBC}" = CCC Help Finnish
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D9835CE0-E294-83FE-AF9F-BC113A0D2EA9}" = CCC Help Hungarian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E25FA4E1-678F-414F-9777-1E3FDBBDA4D1}" = Catalyst Control Center InstallProxy
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E8B28EF5-2A73-03A7-4F02-2DFF1D182940}" = Catalyst Control Center Graphics Full New
"{E94F833D-6435-40A2-112C-4BC18100B91D}" = CCC Help Italian
"{EEA02668-D5D9-AEFF-6FFB-1EB5BC765A52}" = CCC Help French
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FCD674E3-F281-46D6-7717-6EAFDD16D8FC}" = CCC Help Dutch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ASIO4ALL" = ASIO4ALL
"avast5" = avast! Free Antivirus
"AVG9Uninstall" = AVG Free 9.0
"Blobby Volley 3D" = Blobby Volley 3D
"CCleaner" = CCleaner
"Deus Ex" = Deus Ex
"DSound Stomp`n FX Vol.1 v1.5" = DSound Stomp`n FX Vol.1 v1.5
"DSound Stomp'n FX Vol.2 v1.0" = DSound Stomp'n FX Vol.2 v1.0
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Toshiba Photo Service - powered by myphotobook
"FL Studio 9" = FL Studio 9
"Free Billiards 2008_is1" = Free Billiards 2008
"Free Create-Burn ISO Image_is1" = Free Create-Burn ISO Image v2.0
"IK Multimedia Amplitube v1.3" = IK Multimedia Amplitube v1.3
"IL Download Manager" = IL Download Manager
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"LastFM_is1" = Last.fm 1.5.4.24567
"Live 8.0.4" = Live 8.0.4
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"PoiZone" = PoiZone
"PunkBusterSvc" = PunkBuster Services
"ResultDns" = ResultDns 1.0 build 111
"Sawer" = Sawer
"SopCast" = SopCast 3.2.4
"StreamTorrent 1.0" = StreamTorrent 1.0
"The Whispered World_is1" = The Whispered World
"Toxic Biohazard" = Toxic Biohazard
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.5.2.2
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.16
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.3
"WildTangent toshiba Master Uninstall" = WildTangent-Spiele
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Application Detect
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 15.08.2010 15:56:05 | Computer Name = PortabulaRasa | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7600.16450,
Zeitstempel: 0x4aebab8d Name des fehlerhaften Moduls: explorer.exe, Version: 6.1.7600.16450,
Zeitstempel: 0x4aebab8d Ausnahmecode: 0xc000041d Fehleroffset: 0x000000000002cc2b
ID
des fehlerhaften Prozesses: 0xd58 Startzeit der fehlerhaften Anwendung: 0x01cb3cb3dc44e41d
Pfad
der fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls:
C:\Windows\explorer.exe Berichtskennung: 2305ffc0-a8a7-11df-b560-002622e98c93
Error - 15.08.2010 15:56:26 | Computer Name = PortabulaRasa | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7600.16450,
Zeitstempel: 0x4aebab8d Name des fehlerhaften Moduls: explorer.exe, Version: 6.1.7600.16450,
Zeitstempel: 0x4aebab8d Ausnahmecode: 0xc000041d Fehleroffset: 0x000000000002cc2b
ID
des fehlerhaften Prozesses: 0x16c Startzeit der fehlerhaften Anwendung: 0x01cb3cb3e90033c7
Pfad
der fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls:
C:\Windows\explorer.exe Berichtskennung: 2fc32430-a8a7-11df-b560-002622e98c93
Error - 15.08.2010 15:56:48 | Computer Name = PortabulaRasa | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7600.16450,
Zeitstempel: 0x4aebab8d Name des fehlerhaften Moduls: explorer.exe, Version: 6.1.7600.16450,
Zeitstempel: 0x4aebab8d Ausnahmecode: 0xc000041d Fehleroffset: 0x000000000002cc2b
ID
des fehlerhaften Prozesses: 0x4ac Startzeit der fehlerhaften Anwendung: 0x01cb3cb3f5bd0a16
Pfad
der fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls:
C:\Windows\explorer.exe Berichtskennung: 3c6daaba-a8a7-11df-b560-002622e98c93
Error - 15.08.2010 15:57:09 | Computer Name = PortabulaRasa | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7600.16450,
Zeitstempel: 0x4aebab8d Name des fehlerhaften Moduls: explorer.exe, Version: 6.1.7600.16450,
Zeitstempel: 0x4aebab8d Ausnahmecode: 0xc000041d Fehleroffset: 0x000000000002cc2b
ID
des fehlerhaften Prozesses: 0x122c Startzeit der fehlerhaften Anwendung: 0x01cb3cb402671b6e
Pfad
der fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls:
C:\Windows\explorer.exe Berichtskennung: 4915721a-a8a7-11df-b560-002622e98c93
Error - 15.08.2010 15:57:30 | Computer Name = PortabulaRasa | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7600.16450,
Zeitstempel: 0x4aebab8d Name des fehlerhaften Moduls: explorer.exe, Version: 6.1.7600.16450,
Zeitstempel: 0x4aebab8d Ausnahmecode: 0xc000041d Fehleroffset: 0x000000000002cc2b
ID
des fehlerhaften Prozesses: 0x1638 Startzeit der fehlerhaften Anwendung: 0x01cb3cb40f109085
Pfad
der fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls:
C:\Windows\explorer.exe Berichtskennung: 55cdb478-a8a7-11df-b560-002622e98c93
Error - 15.08.2010 15:57:51 | Computer Name = PortabulaRasa | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7600.16450,
Zeitstempel: 0x4aebab8d Name des fehlerhaften Moduls: explorer.exe, Version: 6.1.7600.16450,
Zeitstempel: 0x4aebab8d Ausnahmecode: 0xc000041d Fehleroffset: 0x000000000002cc2b
ID
des fehlerhaften Prozesses: 0x95c Startzeit der fehlerhaften Anwendung: 0x01cb3cb41bc74c3d
Pfad
der fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls:
C:\Windows\explorer.exe Berichtskennung: 6273a712-a8a7-11df-b560-002622e98c93
Error - 15.08.2010 15:58:13 | Computer Name = PortabulaRasa | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7600.16450,
Zeitstempel: 0x4aebab8d Name des fehlerhaften Moduls: explorer.exe, Version: 6.1.7600.16450,
Zeitstempel: 0x4aebab8d Ausnahmecode: 0xc000041d Fehleroffset: 0x000000000002cc2b
ID
des fehlerhaften Prozesses: 0x171c Startzeit der fehlerhaften Anwendung: 0x01cb3cb4286c7b83
Pfad
der fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls:
C:\Windows\explorer.exe Berichtskennung: 6f229a7d-a8a7-11df-b560-002622e98c93
Error - 15.08.2010 15:58:34 | Computer Name = PortabulaRasa | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7600.16450,
Zeitstempel: 0x4aebab8d Name des fehlerhaften Moduls: explorer.exe, Version: 6.1.7600.16450,
Zeitstempel: 0x4aebab8d Ausnahmecode: 0xc000041d Fehleroffset: 0x000000000002cc2b
ID
des fehlerhaften Prozesses: 0x880 Startzeit der fehlerhaften Anwendung: 0x01cb3cb43519e849
Pfad
der fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls:
C:\Windows\explorer.exe Berichtskennung: 7bcc84c5-a8a7-11df-b560-002622e98c93
Error - 15.08.2010 15:58:55 | Computer Name = PortabulaRasa | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7600.16450,
Zeitstempel: 0x4aebab8d Name des fehlerhaften Moduls: explorer.exe, Version: 6.1.7600.16450,
Zeitstempel: 0x4aebab8d Ausnahmecode: 0xc000041d Fehleroffset: 0x000000000002cc2b
ID
des fehlerhaften Prozesses: 0x1244 Startzeit der fehlerhaften Anwendung: 0x01cb3cb441c66aaa
Pfad
der fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls:
C:\Windows\explorer.exe Berichtskennung: 8883b5af-a8a7-11df-b560-002622e98c93
Error - 15.08.2010 15:59:17 | Computer Name = PortabulaRasa | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7600.16450,
Zeitstempel: 0x4aebab8d Name des fehlerhaften Moduls: explorer.exe, Version: 6.1.7600.16450,
Zeitstempel: 0x4aebab8d Ausnahmecode: 0xc000041d Fehleroffset: 0x000000000002cc2b
ID
des fehlerhaften Prozesses: 0xf90 Startzeit der fehlerhaften Anwendung: 0x01cb3cb44e7e85f8
Pfad
der fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls:
C:\Windows\explorer.exe Berichtskennung: 953911d2-a8a7-11df-b560-002622e98c93
[ System Events ]
Error - 17.05.2010 17:28:21 | Computer Name = PortabulaRasa | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 17.05.2010 18:28:42 | Computer Name = PortabulaRasa | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 17.05.2010 18:39:56 | Computer Name = PortabulaRasa | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 17.05.2010 20:24:20 | Computer Name = PortabulaRasa | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 18.05.2010 00:12:20 | Computer Name = PortabulaRasa | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 18.05.2010 00:12:44 | Computer Name = PortabulaRasa | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 18.05.2010 00:19:39 | Computer Name = PortabulaRasa | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 18.05.2010 00:19:47 | Computer Name = PortabulaRasa | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 18.05.2010 08:07:02 | Computer Name = PortabulaRasa | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 18.05.2010 08:07:02 | Computer Name = PortabulaRasa | Source = atikmdag | ID = 43029
Description = Display is not active
< End of report >
Ich bin wirklich sehr dankbar für die Hilfe! Bis später  |
|
17.08.2010, 15:39
| #4 |
| | Trojaner wird von Virenprogramm nicht erkannt, beeinflusst Windows Explorer und Mozilla, Stopzilla Hallo Arne oder vielleicht auch jemand anderes. Es ist vielleicht ein bisschen unverschämt, meinen thread hier einfach wieder nach oben zu schieben, aber ich hab gesehen, dass hier ja allerhand los ist und mein post von gestern schon auf seite drei war und Arne sehr viele Antworten gibt, deshalb dachte ich, ist das vielleicht in vergessenheit geraten...tut mir sehr leid, aber mich nervt dieser virus tierisch und morgen bin ich im Urlaub. ich versuche auch pausenlos, selbst Herr der Lage zu werden, aber je mehr ich es probiere, desto aggresiver werde ich...DANKE FÜR EUER/DEIN VERSTÄNDNIS...ICH BIN UNWÜRDIG!!  EDIT: Ich kann Malwarebytes nur im abgesicherten Modus ausführen und je länger ich den PC benutze, desto schlimmer wird es. Es dauert immer circa 3 bis 4 minuten, bevor sich der Virus "zeigt" (im normalen Modus) Geändert von Arsenal (17.08.2010 um 15:46 Uhr) Grund: vergesslich |
|
17.08.2010, 16:14
| #5 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner wird von Virenprogramm nicht erkannt, beeinflusst Windows Explorer und Mozilla, Stopzilla Hm solange Du nicht schon nach einer Stunde drängelst und dann im 30 Minutentakt ist alles ok  Wie Du richtig festgestellt hast ist hier sehr viel los, hab heute schon wieder um die 60 Beiträge oder so geschrieben und da kann ich auch schonmal den ein oder anderen Strang übersehen, wo ich noch Instruktionen geben müsste Edit: Zitat:
 Deine Ausrede?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
17.08.2010, 16:38
| #6 |
| | Trojaner wird von Virenprogramm nicht erkannt, beeinflusst Windows Explorer und Mozilla, Stopzilla Hallo Arne, ich habe großen Respekt vor deinem Schaffen, nicht nur, weil ich keine Ahnung von nichts habe... Genauso wenig weiß ich, was das da für Einträge sind und wo die standen... Kannst du mich da aufklären? und auch generell vielleicht? sind die logfiles erstmal informierend genug? was soll ich tun? ich komm mir blöder vor, als andere behaupten, dass ich bin...naja wie auch immer...danke im voraus!  EDIT: hab sie gefunden dank strg+f...ich habe trotzdem keine ahnung, ich hab die logfiles so gepostet, wie sie abgeschlossen wurden. ist das merkwürdig? vermutlich schon... EDIT2: kann es vielleicht sein, dass das irgendwas mit assassins creed 2 zu tun hat, was ich auf dem pc hatte? hab ich mittlerweile gelöscht und war glaub ich nicht legal erworben...ähäm...haben dritte personen vermutet und mir erzählt...ja so war das damals... Geändert von Arsenal (17.08.2010 um 16:55 Uhr) Grund: erkenntnis |
|
17.08.2010, 16:55
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner wird von Virenprogramm nicht erkannt, beeinflusst Windows Explorer und Mozilla, Stopzilla Du hast nicht zufällig ne gecrackte Version eines Ubisoft-Spiels drauf? 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.08.2010, 16:57
| #8 |
| | Trojaner wird von Virenprogramm nicht erkannt, beeinflusst Windows Explorer und Mozilla, Stopzilla ja na nee, das hab ich wiegesagt meines erachtens gelöscht...aber das war auch schon vor nem monat oder so.  |
|
17.08.2010, 17:01
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner wird von Virenprogramm nicht erkannt, beeinflusst Windows Explorer und Mozilla, Stopzilla Na gut. Da Du es auch nicht mehr drauf drück ich ausnahmsweise noch ein Auge zu, normalerweise ist bei Cracks und Co format c: angesagt! Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKCU..\Run: [{D3FFDF87-49DF-5DD2-338B-B2940180520D}] C:\Users\TJ\AppData\Roaming\Zuzoim\yviqe.exe File not found
O4 - HKCU..\Run: [GameShadow] C:\Program Files (x86)\GameShadow\GameShadow.exe File not found
O4 - HKCU..\Run: [SfKg6wIPuSp] C:\Users\TJ\AppData\Roaming\Microsoft\Windows\jnipmo.exe ()
O33 - MountPoints2\{103c9333-717d-11df-bd6f-002622e98c93}\Shell - "" = AutoRun
O33 - MountPoints2\{103c9333-717d-11df-bd6f-002622e98c93}\Shell\AutoRun\command - "" = H:\setup.exe -- File not found
[2010.08.16 18:01:35 | 006,541,966 | ---- | M] () -- C:\Users\TJ\Desktop\setupxv.exe
[2010.08.16 18:00:47 | 006,541,966 | ---- | M] () -- C:\Users\TJ\Desktop\setupxv.exe.part
[2010.08.16 17:57:27 | 000,000,120 | ---- | M] () -- C:\Users\TJ\AppData\Local\Ymahan.dat
[2010.08.16 17:57:25 | 000,000,000 | ---- | M] () -- C:\Users\TJ\AppData\Local\Gsuzivewav.bin
[2010.08.15 17:02:20 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\drivers\dkcnhisp.sys
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:6387AA6C
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.08.2010, 17:23
| #10 |
| | Trojaner wird von Virenprogramm nicht erkannt, beeinflusst Windows Explorer und Mozilla, Stopzilla Ok, ja, ich weiß, dass ist nicht die feine Art, aber man weiß ja vorher auch nie, ob sich ein Kauf lohnt :P Hier der Logfile: All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{D3FFDF87-49DF-5DD2-338B-B2940180520D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3FFDF87-49DF-5DD2-338B-B2940180520D}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GameShadow deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SfKg6wIPuSp deleted successfully. C:\Users\TJ\AppData\Roaming\Microsoft\Windows\jnipmo.exe moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{103c9333-717d-11df-bd6f-002622e98c93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{103c9333-717d-11df-bd6f-002622e98c93}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{103c9333-717d-11df-bd6f-002622e98c93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{103c9333-717d-11df-bd6f-002622e98c93}\ not found. File H:\setup.exe not found. File C:\Users\TJ\Desktop\setupxv.exe not found. C:\Users\TJ\Desktop\setupxv.exe.part moved successfully. C:\Users\TJ\AppData\Local\Ymahan.dat moved successfully. C:\Users\TJ\AppData\Local\Gsuzivewav.bin moved successfully. C:\Windows\SysWOW64\drivers\dkcnhisp.sys moved successfully. ADS C:\ProgramData\TEMP:6387AA6C deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41044 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: TJ ->Temp folder emptied: 17504412 bytes ->Temporary Internet Files folder emptied: 117666 bytes ->Java cache emptied: 10277944 bytes ->FireFox cache emptied: 37380046 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 10076 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 995383 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2164638 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes RecycleBin emptied: 12695318 bytes Total Files Cleaned = 78,00 mb OTL by OldTimer - Version 3.2.10.0 log created on 08172010_171653 Files\Folders moved on Reboot... C:\Users\TJ\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... |
|
17.08.2010, 19:18
| #11 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner wird von Virenprogramm nicht erkannt, beeinflusst Windows Explorer und Mozilla, StopzillaZitat:
CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.08.2010, 19:56
| #12 |
| | Trojaner wird von Virenprogramm nicht erkannt, beeinflusst Windows Explorer und Mozilla, Stopzilla Naja, aber selbst spielen testet sich besser...wie auch immer, das ist auch eine geldfrage für mich leider...egal.OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.08.2010 19:24:33 - Run 2 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\TJ\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 64,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 57,34 Gb Free Space | 38,47% Space Free | Partition Type: NTFS Drive D: | 148,65 Gb Total Space | 36,40 Gb Free Space | 24,48% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PORTABULARASA Current User Name: TJ Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Minimal Quick Scan ========== Processes (SafeList) ========== PRC - C:\Users\TJ\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\ProgramData\ResultDns\resultdns111.exe () PRC - C:\Program Files (x86)\ResultDns\resultdns.exe () PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) ========== Modules (SafeList) ========== MOD - C:\Users\TJ\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files (x86)\ResultDns\resultdns.dll () MOD - C:\Windows\SysWOW64\wintrust.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Users\TJ\AppData\Local\ekapawuq.dll () MOD - C:\Windows\SysWOW64\normaliz.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation) SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (avg9emc) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (ResultDns Service) -- C:\ProgramData\ResultDns\resultdns111.exe () SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AVG Security Toolbar Service) -- C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe () SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (USBCCID) -- C:\Windows\SysNative\DRIVERS\RtsUCcid.sys File not found DRV:64bit: - (RtsUIR) -- C:\Windows\SysNative\DRIVERS\Rts516xIR.sys File not found DRV:64bit: - (dkcnhisp) -- C:\Windows\SysNative\drivers\dkcnhisp.sys File not found DRV:64bit: - (Aspi32) -- C:\Windows\SysNative\drivers\aspi32.sys File not found DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV - (Aspi32) -- C:\Windows\SysWOW64\drivers\ASPI32.SYS (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.tangotoolbar.com/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/?shva=1#inbox" FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3 FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1 FF - prefs.js..extensions.enabledItems: {96554A3A-DAFC-4A17-BE93-B2F276EA7F22}:1.9.1 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845 FF - prefs.js..extensions.enabledItems: avg@igeared:4.906.030.002 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{96554A3A-DAFC-4A17-BE93-B2F276EA7F22}: C:\Users\TJ\AppData\Local\{96554A3A-DAFC-4A17-BE93-B2F276EA7F22} [2010.08.15 17:02:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}: C:\Users\TJ\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66} [2010.08.15 17:05:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010.08.15 21:18:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010.08.15 21:18:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.08.09 14:09:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.07.25 14:16:30 | 000,000,000 | ---D | M] [2009.12.29 19:02:54 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\mozilla\Extensions [2010.08.16 23:53:21 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\mozilla\Firefox\Profiles\y8miz0xe.default\extensions [2010.07.10 18:16:35 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\mozilla\Firefox\Profiles\y8miz0xe.default\extensions\eafo3fflauncher@ea.com [2010.04.07 00:26:17 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\mozilla\Firefox\Profiles\y8miz0xe.default\extensions\firefox@tvunetworks.com [2010.07.06 22:29:41 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\mozilla\Firefox\Profiles\y8miz0xe.default\extensions\personas@christopher.beard [2010.07.22 02:09:16 | 000,000,950 | ---- | M] () -- C:\Users\TJ\AppData\Roaming\Mozilla\FireFox\Profiles\y8miz0xe.default\searchplugins\icqplugin-1.xml [2010.05.12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Users\TJ\AppData\Roaming\Mozilla\FireFox\Profiles\y8miz0xe.default\searchplugins\icqplugin.xml [2010.08.15 23:07:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll [2010.07.22 02:09:01 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010.07.22 02:09:01 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2010.07.22 02:09:01 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2010.07.22 02:09:01 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2010.08.17 17:16:54 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Tango) - {381235A5-34E8-496E-95E2-2E4489714D94} - C:\Windows\SysWow64\de78.dll File not found O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll () O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (Tango) - {381235A4-34E8-496E-95E2-2E4489714D94} - C:\Windows\SysWow64\de78.dll File not found O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [Qdececebepaguh] C:\Users\TJ\AppData\Local\ekapawuq.DLL () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKLM..\Run: [UUSeeMediaCenter] C:\Program Files (x86)\Common Files\uusee\UUSeeMediaCenter.exe File not found O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA) O4 - HKCU..\Run: [Vyijiris] C:\Users\TJ\AppData\Local\TSWicet.DLL (MaresWEB) O4 - Startup: C:\Users\TJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll () O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpReg: GabPath - hkey= - key= - C:\Users\TJ\AppData\Roaming\GabPath\gabpath.exe File not found SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: mcmscsvc - Service SafeBootMin:64bit: MCODS - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: mcmscsvc - Service SafeBootMin: MCODS - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: mcmscsvc - Service SafeBootNet:64bit: MCODS - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: MpfService - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: mcmscsvc - Service SafeBootNet: MCODS - Service SafeBootNet: Messenger - Service SafeBootNet: MpfService - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{1DE4C716-4A8E-44BE-A053-EF43EEAE57F6} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 90 Days ========== [2010.08.17 17:16:53 | 000,000,000 | ---D | C] -- C:\_OTL [2010.08.16 23:21:22 | 000,000,000 | -HSD | C] -- C:\found.000 [2010.08.16 18:19:42 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Roaming\Malwarebytes [2010.08.16 18:19:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.08.16 18:19:27 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.08.16 18:19:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.08.16 18:19:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.16 18:03:52 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\TJ\Desktop\OTL.exe [2010.08.15 23:53:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.08.15 23:52:38 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Roaming\Trusteer [2010.08.15 23:21:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner [2010.08.15 23:20:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro [2010.08.15 23:20:13 | 000,000,000 | ---D | C] -- C:\rsit [2010.08.15 22:52:47 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\AVG Security Toolbar [2010.08.15 21:24:48 | 000,000,000 | -H-D | C] -- C:\$AVG [2010.08.15 21:18:47 | 000,013,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll [2010.08.15 21:18:45 | 000,317,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys [2010.08.15 21:18:41 | 000,269,904 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys [2010.08.15 21:18:40 | 000,035,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys [2010.08.15 21:18:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg [2010.08.15 21:18:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar [2010.08.15 21:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9 [2010.08.15 21:18:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2010.08.15 18:14:11 | 000,121,936 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2010.08.15 18:14:11 | 000,020,048 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2010.08.15 18:14:10 | 000,051,280 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2010.08.15 18:14:10 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys [2010.08.15 18:14:09 | 000,061,008 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2010.08.15 18:13:46 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2010.08.15 18:13:46 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr [2010.08.15 18:13:42 | 000,000,000 | ---D | C] -- C:\Programme\Alwil Software [2010.08.15 18:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software [2010.08.15 17:04:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ResultDns [2010.08.15 17:04:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ResultDns [2010.08.15 17:02:00 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{96554A3A-DAFC-4A17-BE93-B2F276EA7F22} [2010.08.15 17:00:06 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\Windows Server [2010.08.15 16:59:46 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Roaming\1EB08FB2BD379F1C55258658861A4EDB [2010.07.28 18:13:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2010.07.13 02:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\booddanet [2010.07.11 05:08:23 | 000,000,000 | ---D | C] -- C:\DeusEx [2010.07.11 01:24:16 | 000,000,000 | ---D | C] -- C:\Users\TJ\Documents\Hitman Blood Money [2010.07.11 01:17:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\GameShadow [2010.07.11 01:16:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameShadow [2010.07.11 01:09:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eidos [2010.07.10 19:51:50 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\PunkBuster [2010.07.10 19:51:41 | 000,000,000 | ---D | C] -- C:\Users\TJ\Documents\EA SPORTS(TM) FIFA Online [2010.07.10 18:19:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\FIFAOnlineSetup [2010.07.09 06:03:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deep Silver [2010.06.16 17:57:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar [2010.06.16 17:57:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ [2010.06.16 17:55:32 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\AOL [2010.06.16 17:55:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.2 [2010.06.12 14:34:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StreamTorrent 1.0 [2010.06.12 14:34:42 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Roaming\StreamTorrent [2010.06.11 18:48:47 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Roaming\TVU Networks [2010.06.11 15:22:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\TVUAx [2010.06.07 15:13:09 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Roaming\Ubisoft [2010.06.07 15:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [2010.06.07 14:48:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2010.06.07 14:45:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes [2010.06.07 14:42:16 | 000,045,056 | ---- | C] (Adaptec) -- C:\Windows\SysWow64\WNASPI32.DLL [2010.06.07 14:42:16 | 000,016,877 | ---- | C] (Adaptec) -- C:\Windows\SysWow64\drivers\ASPI32.SYS [2010.06.07 14:42:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Create-Burn ISO Image [2010.06.03 00:39:48 | 000,000,000 | ---D | C] -- C:\Users\TJ\Documents\Ableton [2010.06.03 00:39:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Ableton [2010.06.03 00:39:46 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Roaming\Ableton [2010.06.03 00:38:41 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\REX Shared Library.dll [2010.06.03 00:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ableton [2010.05.26 11:46:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2010.05.26 11:45:48 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Roaming\DAEMON Tools Lite [2010.05.26 11:45:46 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2010.05.25 22:29:53 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\2DBoy [2010.05.25 22:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\2DBoy [2010.05.25 22:29:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WorldOfGoo [2009.07.14 00:24:58 | 000,075,776 | ---- | C] (MaresWEB) -- C:\Users\TJ\AppData\Local\TSWicet.dll ========== Files - Modified Within 90 Days ========== [2010.08.17 19:30:05 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.17 19:30:05 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.17 19:29:53 | 002,621,440 | -HS- | M] () -- C:\Users\TJ\NTUSER.DAT [2010.08.17 17:26:19 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.17 17:26:19 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.17 17:18:48 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.17 17:18:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.17 17:18:23 | 3193,602,048 | -HS- | M] () -- C:\hiberfil.sys [2010.08.17 17:17:32 | 000,935,786 | -H-- | M] () -- C:\Users\TJ\AppData\Local\IconCache.db [2010.08.17 17:16:54 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2010.08.17 15:23:13 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.08.17 15:23:13 | 000,648,148 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.08.17 15:23:13 | 000,621,802 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.08.17 15:23:13 | 000,130,484 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.08.17 15:23:13 | 000,108,124 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.08.17 15:21:21 | 063,535,211 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm [2010.08.16 23:22:20 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat [2010.08.16 18:19:31 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.16 18:03:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\TJ\Desktop\OTL.exe [2010.08.15 23:55:10 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI [2010.08.15 22:59:40 | 000,214,592 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010.08.15 22:59:40 | 000,214,592 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.08.15 21:18:47 | 000,013,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll [2010.08.15 21:18:47 | 000,001,821 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk [2010.08.15 21:18:45 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys [2010.08.15 21:18:41 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys [2010.08.15 21:18:40 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm [2010.08.15 21:18:40 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys [2010.08.15 18:14:08 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2010.08.10 20:18:49 | 000,053,248 | ---- | M] () -- C:\Users\TJ\Documents\CV.doc [2010.07.23 00:15:18 | 000,056,908 | ---- | M] () -- C:\Users\TJ\Documents\ACHSO.odt [2010.07.21 02:41:55 | 000,000,466 | ---- | M] () -- C:\Data (D) - Verknüpfung.lnk [2010.07.11 06:04:44 | 000,000,660 | ---- | M] () -- C:\Users\TJ\Desktop\DeusEx.lnk [2010.07.11 02:20:09 | 000,001,190 | ---- | M] () -- C:\Users\TJ\Desktop\_.lnk [2010.07.10 18:20:19 | 000,794,408 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe [2010.07.10 18:20:19 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.07.09 06:15:39 | 000,001,056 | ---- | M] () -- C:\Users\TJ\Desktop\G(.)(.).lnk [2010.07.09 06:14:01 | 000,001,212 | ---- | M] () -- C:\Users\TJ\Desktop\Whisper.lnk [2010.07.08 14:05:15 | 000,028,256 | ---- | M] () -- C:\Users\TJ\Documents\BRMCTICKETS.odt [2010.07.06 12:31:51 | 001,592,832 | ---- | M] () -- C:\Users\TJ\Documents\CV11.doc [2010.07.02 15:25:41 | 000,416,200 | ---- | M] () -- C:\Users\TJ\Documents\SCAN0014.JPG [2010.07.02 15:25:24 | 000,551,800 | ---- | M] () -- C:\Users\TJ\Documents\SCAN0013.JPG [2010.07.02 15:25:11 | 000,617,957 | ---- | M] () -- C:\Users\TJ\Documents\SCAN0012.JPG [2010.07.02 15:22:51 | 000,713,436 | ---- | M] () -- C:\Users\TJ\Documents\SCAN0008.JPG [2010.07.02 15:22:35 | 000,811,975 | ---- | M] () -- C:\Users\TJ\Documents\SCAN0007.JPG [2010.07.02 15:22:19 | 000,649,479 | ---- | M] () -- C:\Users\TJ\Documents\SCAN0006.JPG [2010.07.02 15:22:10 | 000,672,696 | ---- | M] () -- C:\Users\TJ\Documents\SCAN0005.JPG [2010.07.02 15:22:04 | 000,649,005 | ---- | M] () -- C:\Users\TJ\Documents\SCAN0003.JPG [2010.07.02 15:21:53 | 000,492,967 | ---- | M] () -- C:\Users\TJ\Documents\SCAN0002.JPG [2010.07.02 15:20:22 | 000,490,394 | ---- | M] () -- C:\Users\TJ\Documents\SCAN0001.PDF [2010.07.01 18:18:55 | 000,358,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.06.28 21:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr [2010.06.28 21:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2010.06.28 21:37:56 | 000,051,280 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2010.06.28 21:37:36 | 000,121,936 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2010.06.28 21:33:17 | 000,028,752 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys [2010.06.28 21:33:00 | 000,061,008 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2010.06.28 21:32:36 | 000,020,048 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2010.06.19 19:28:51 | 000,054,784 | ---- | M] () -- C:\Users\TJ\Documents\CV1.doc [2010.06.09 21:26:41 | 000,083,712 | ---- | M] () -- C:\Users\TJ\AppData\Local\GDIPFONTCACHEV1.DAT [2010.06.09 02:02:49 | 000,051,505 | ---- | M] () -- C:\Users\TJ\Documents\Unbenannt 1.odt [2010.06.01 22:51:02 | 000,019,901 | ---- | M] () -- C:\Users\TJ\Documents\CV.sxw [2010.05.31 02:41:31 | 000,075,587 | ---- | M] () -- C:\Users\TJ\Documents\Dokument.rtf [2010.05.20 01:20:38 | 000,047,651 | ---- | M] () -- C:\Users\TJ\Documents\---.odt ========== Files Created - No Company Name ========== [2010.08.16 23:22:20 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat [2010.08.16 18:19:31 | 000,000,976 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.15 23:55:10 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2010.08.15 21:18:47 | 000,001,821 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk [2010.08.15 21:18:40 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm [2010.08.15 21:18:39 | 063,535,211 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm [2010.08.15 18:14:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2010.07.21 02:41:55 | 000,000,466 | ---- | C] () -- C:\Data (D) - Verknüpfung.lnk [2010.07.11 06:04:44 | 000,000,660 | ---- | C] () -- C:\Users\TJ\Desktop\DeusEx.lnk [2010.07.11 02:20:09 | 000,001,190 | ---- | C] () -- C:\Users\TJ\Desktop\_.lnk [2010.07.10 19:51:53 | 000,214,592 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010.07.10 18:20:25 | 000,214,592 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.07.10 18:20:19 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2010.07.10 18:20:19 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.07.09 06:15:39 | 000,001,056 | ---- | C] () -- C:\Users\TJ\Desktop\G(.)(.).lnk [2010.07.09 06:14:01 | 000,001,212 | ---- | C] () -- C:\Users\TJ\Desktop\Whisper.lnk [2010.07.08 14:05:11 | 000,028,256 | ---- | C] () -- C:\Users\TJ\Documents\BRMCTICKETS.odt [2010.07.06 12:31:46 | 001,592,832 | ---- | C] () -- C:\Users\TJ\Documents\CV11.doc [2010.07.02 15:25:40 | 000,416,200 | ---- | C] () -- C:\Users\TJ\Documents\SCAN0014.JPG [2010.07.02 15:25:22 | 000,551,800 | ---- | C] () -- C:\Users\TJ\Documents\SCAN0013.JPG [2010.07.02 15:25:08 | 000,617,957 | ---- | C] () -- C:\Users\TJ\Documents\SCAN0012.JPG [2010.07.02 15:22:48 | 000,713,436 | ---- | C] () -- C:\Users\TJ\Documents\SCAN0008.JPG [2010.07.02 15:22:32 | 000,811,975 | ---- | C] () -- C:\Users\TJ\Documents\SCAN0007.JPG [2010.07.02 15:22:17 | 000,649,479 | ---- | C] () -- C:\Users\TJ\Documents\SCAN0006.JPG [2010.07.02 15:22:08 | 000,672,696 | ---- | C] () -- C:\Users\TJ\Documents\SCAN0005.JPG [2010.07.02 15:22:03 | 000,649,005 | ---- | C] () -- C:\Users\TJ\Documents\SCAN0003.JPG [2010.07.02 15:21:52 | 000,492,967 | ---- | C] () -- C:\Users\TJ\Documents\SCAN0002.JPG [2010.07.02 15:20:22 | 000,490,394 | ---- | C] () -- C:\Users\TJ\Documents\SCAN0001.PDF [2010.06.19 19:28:47 | 000,054,784 | ---- | C] () -- C:\Users\TJ\Documents\CV1.doc [2010.06.09 02:05:24 | 000,056,908 | ---- | C] () -- C:\Users\TJ\Documents\ACHSO.odt [2010.05.20 03:09:38 | 000,075,587 | ---- | C] () -- C:\Users\TJ\Documents\Dokument.rtf [2010.05.20 00:58:28 | 000,047,651 | ---- | C] () -- C:\Users\TJ\Documents\---.odt [2010.04.19 18:44:23 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll [2010.01.20 21:06:44 | 000,000,204 | ---- | C] () -- C:\Windows\struct~.ini [2010.01.19 23:35:30 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.14 00:24:58 | 000,197,120 | ---- | C] () -- C:\Users\TJ\AppData\Local\ekapawuq.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.04.28 03:37:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll [2009.02.04 10:50:32 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\nsis_loader.dll [2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2006.09.13 12:06:10 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\gtapi.dll ========== LOP Check ========== [2010.08.15 17:30:41 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\1EB08FB2BD379F1C55258658861A4EDB [2010.06.03 00:39:48 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\Ableton [2010.05.26 11:47:17 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\DAEMON Tools Lite [2010.02.28 02:54:55 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\FloodLightGames [2010.08.14 17:31:45 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\ICQ [2009.12.30 01:06:53 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\Leadertech [2010.04.19 18:52:09 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\My Games [2010.04.29 15:28:41 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\OpenOffice.org [2010.01.08 03:05:19 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\Opera [2010.08.15 18:37:59 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\Osteqy [2010.06.12 14:34:42 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\StreamTorrent [2010.01.07 22:01:35 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\Toshiba [2010.08.15 23:52:38 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\Trusteer [2010.06.07 15:13:09 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\Ubisoft [2010.08.15 21:59:42 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\uTorrent [2009.12.30 21:28:16 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\WildTangent [2010.07.17 15:34:06 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.08.15 17:30:41 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\1EB08FB2BD379F1C55258658861A4EDB [2010.06.03 00:39:48 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\Ableton [2009.12.30 13:18:53 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\Adobe [2009.12.29 18:26:52 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\ATI [2010.05.26 11:47:17 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\DAEMON Tools Lite [2010.04.16 16:04:01 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\dvdcss [2010.02.28 02:54:55 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\FloodLightGames [2009.12.29 18:33:24 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\Google [2010.08.14 17:31:45 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\ICQ [2009.12.29 18:25:55 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\Identities [2009.12.30 01:06:53 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\Leadertech [2009.09.08 09:13:26 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\Macromedia [2010.08.16 18:19:42 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\Malwarebytes [2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\Media Center Programs [2010.08.15 21:16:47 | 000,000,000 | --SD | M] -- C:\Users\TJ\AppData\Roaming\Microsoft [2009.12.29 19:02:54 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\Mozilla [2010.04.19 18:52:09 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\My Games [2010.04.29 15:28:41 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\OpenOffice.org [2010.01.08 03:05:19 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\Opera [2010.08.15 18:37:59 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\Osteqy [2010.08.15 20:40:41 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\Skype [2010.08.15 20:12:04 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\skypePM [2010.06.12 14:34:42 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\StreamTorrent [2010.01.07 22:01:35 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\Toshiba [2010.08.15 23:52:38 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\Trusteer [2010.06.11 18:48:47 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\TVU Networks [2010.06.07 15:13:09 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\Ubisoft [2010.08.15 21:59:42 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\uTorrent [2010.08.15 20:01:21 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\vlc [2009.12.30 21:28:16 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\WildTangent [2010.08.09 17:21:41 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\Winamp [2009.12.30 01:14:21 | 000,000,000 | ---D | M] -- C:\Users\TJ\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.06.11 18:49:41 | 005,642,000 | ---- | M] (TVU networks) -- C:\Users\TJ\AppData\Roaming\TVU Networks\AutoUpgrade\TVUPlayer2.5.3.1.exe < %SYSTEMDRIVE%\*.exe > [2007.11.07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysWow64\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys [2009.06.04 17:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys < MD5 for: IASTORV.SYS > [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > Extras.txt iat immer noch die Datei von gestern, irgendwie kam da nur das obige als Logfile... |
|
17.08.2010, 20:08
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner wird von Virenprogramm nicht erkannt, beeinflusst Windows Explorer und Mozilla, Stopzilla Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
MOD - C:\Users\TJ\AppData\Local\ekapawuq.dll ()
O4 - HKLM..\Run: [Qdececebepaguh] C:\Users\TJ\AppData\Local\ekapawuq.DLL ()
O4 - HKCU..\Run: [Vyijiris] C:\Users\TJ\AppData\Local\TSWicet.DLL (MaresWEB)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
MsConfig:64bit - StartUpReg: GabPath - hkey= - key= - C:\Users\TJ\AppData\Roaming\GabPath\gabpath.exe File not found
[2010.08.16 23:21:22 | 000,000,000 | -HSD | C] -- C:\found.000
[2010.08.15 17:04:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ResultDns
[2010.08.15 17:04:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ResultDns
[2010.08.15 17:02:00 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\{96554A3A-DAFC-4A17-BE93-B2F276EA7F22}
[2010.08.15 17:00:06 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Local\Windows Server
[2010.08.15 16:59:46 | 000,000,000 | ---D | C] -- C:\Users\TJ\AppData\Roaming\1EB08FB2BD379F1C55258658861A4EDB
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.08.2010, 20:17
| #14 |
| | Trojaner wird von Virenprogramm nicht erkannt, beeinflusst Windows Explorer und Mozilla, Stopzilla All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Qdececebepaguh deleted successfully. C:\Users\TJ\AppData\Local\ekapawuq.DLL moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Vyijiris deleted successfully. C:\Users\TJ\AppData\Local\TSWicet.DLL moved successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\GabPath\ not found. C:\found.000\dir0000.chk folder moved successfully. C:\found.000 folder moved successfully. C:\ProgramData\ResultDns folder moved successfully. C:\Program Files (x86)\ResultDns folder moved successfully. C:\Users\TJ\AppData\Local\{96554A3A-DAFC-4A17-BE93-B2F276EA7F22}\chrome\content folder moved successfully. C:\Users\TJ\AppData\Local\{96554A3A-DAFC-4A17-BE93-B2F276EA7F22}\chrome folder moved successfully. C:\Users\TJ\AppData\Local\{96554A3A-DAFC-4A17-BE93-B2F276EA7F22} folder moved successfully. C:\Users\TJ\AppData\Local\Windows Server folder moved successfully. C:\Users\TJ\AppData\Roaming\1EB08FB2BD379F1C55258658861A4EDB folder moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: TJ ->Temp folder emptied: 803 bytes ->Temporary Internet Files folder emptied: 40047 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 37134616 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 611 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 4284 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 202842 bytes Total Files Cleaned = 36,00 mb OTL by OldTimer - Version 3.2.10.0 log created on 08172010_201149 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... EDIT: es kamen zwei nachrichtenfenster, das zwei dll. dateien nicht gefunden wrden konnten. falls das eine information darstellt... |
|
17.08.2010, 20:24
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner wird von Virenprogramm nicht erkannt, beeinflusst Windows Explorer und Mozilla, Stopzilla Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen! 2.) Ordner C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner wird von Virenprogramm nicht erkannt, beeinflusst Windows Explorer und Mozilla, Stopzilla |
| adobe, alert, antivirus, avast!, avg, avg free, avg security toolbar, bho, device driver, e-mail, explorer funktioniert nicht, firefox, funktioniert nicht mehr, google, hijack, hijackthis, hkus\s-1-5-18, home premium, iastor.sys, internet, internet explorer, mozilla, notepad.exe, performance, plug-in, problem, programdata, programm, realtek, registry, rundll, saver, security, sekunden, sptd.sys, start menu, stopzilla, syswow64, trojaner, virus, windows, windows 7 home, windows 7 home premium, windows explorer funktioniert nicht, windows explorer funktioniert nicht mehr, windows explorer wird neugestartet, wireless lan, wscript.exe |
Textbox.
.
Linear-Darstellung
