TR/Crypt.XPACK.Gen3 entfernen

chaosof99 · 13.10.2010, 21:24

Hallo. Ich hab mir den Trojaner TR/Crypt.XPACK.Gen3 eingefangen und brauche hilfe ihn zu entfernen. Der Trojaner scheint ja derzeit sehr weit verbreitet zu sein. Ich habe deshalb auch schon eine OTL Prüfung wie sie in bartelbys Problem von markusg beschrieben ist durchgeführt. Ich würde jetzt auf das entsprechende Thema linken, aber anscheinend wirft mir das Forum URL tags raus. Sorry wegen der Umstände. Vorsichtshalber habe ich die Anleitung unten hinzukopiert. Die erzeugten Dateien befinden sich ebenfalls unten (extras.txt im Anhang).

Ich hoffe auf Hilfe und danke schonmal im Voraus für die Unterstützung.

Die Anleitung der ich gefolgt bin:
mit den folgenden vorgaben nen neues otl log erstellen
Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten

OTL.TXT:

Code:

ATTFilter

OTL logfile created on: 13.10.2010 21:27:05 - Run 1
OTL by OldTimer - Version 3.2.15.2     Folder = C:\Users\chaosof99\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,29 Gb Total Space | 18,48 Gb Free Space | 15,89% Space Free | Partition Type: NTFS
Drive E: | 115,13 Gb Total Space | 18,22 Gb Free Space | 15,83% Space Free | Partition Type: NTFS
 
Computer Name: GRAMPAII | User Name: chaosof99 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\chaosof99\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\CHAOSO~1\AppData\Local\Temp\dfrgsnapnt.exe ()
PRC - C:\Windows\System32\wuaucldt.exe ()
PRC - C:\Programme\iTunes\iTunes.exe (Apple Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Common Files\Apple\Apple Application Support\distnoted.exe (Apple Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira GmbH)
PRC - C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation)
PRC - C:\Programme\Sling Media\SlingAgent\SlingAgentService.exe (Sling Media Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Java\jre6\bin\jp2launcher.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Java\jre6\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\igfxext.exe (Intel Corporation)
PRC - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Programme\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
PRC - C:\Programme\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH)
PRC - C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE ()
PRC - C:\Programme\CDisplay\CDisplay.exe (David Ayton)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\chaosof99\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe ()
SRV - (SlingAgentService) -- C:\Programme\Sling Media\SlingAgent\SlingAgentService.exe (Sling Media Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Partner Service) -- C:\ProgramData\Partner\partner.exe (Google Inc.)
SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TempoMonitoringService) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (jswpsapi) -- C:\Programme\Jumpstart\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (McNASvc) -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (mcmscsvc) -- C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (OracleXEClrAgent) -- C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe ()
SRV - (OracleXETNSListener) -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE ()
SRV - (OracleMTSRecoveryService) -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe (Oracle Corporation)
SRV - (OracleJobSchedulerXE) -- c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe ()
SRV - (OracleServiceXE) -- c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE (Oracle Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (xusb21) -- C:\Windows\System32\drivers\xusb21.sys (Microsoft Corporation)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2329238516-1223640929-1913374716-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKU\S-1-5-21-2329238516-1223640929-1913374716-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msnbc.msn.com/id/3036677/
IE - HKU\S-1-5-21-2329238516-1223640929-1913374716-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2329238516-1223640929-1913374716-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2329238516-1223640929-1913374716-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:2.0.15
FF - prefs.js..extensions.enabledItems: max@subfighter.com:1.0.3
FF - prefs.js..extensions.enabledItems: netvideohunter@netvideohunter.com:1.3
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 0
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.05.05 21:12:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.06 10:07:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.01 11:36:46 | 000,000,000 | ---D | M]
 
[2009.04.25 16:42:13 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\mozilla\Extensions
[2010.10.13 14:53:02 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\mozilla\Firefox\Profiles\0ymuc05p.default\extensions
[2010.10.08 14:45:34 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\chaosof99\AppData\Roaming\mozilla\Firefox\Profiles\0ymuc05p.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2009.09.23 01:17:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chaosof99\AppData\Roaming\mozilla\Firefox\Profiles\0ymuc05p.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2009.06.21 07:39:44 | 000,000,000 | ---D | M] (Japanese-German Dictionary for rikaichan) -- C:\Users\chaosof99\AppData\Roaming\mozilla\Firefox\Profiles\0ymuc05p.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
[2010.08.24 08:05:14 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\chaosof99\AppData\Roaming\mozilla\Firefox\Profiles\0ymuc05p.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.01 19:43:22 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\mozilla\Firefox\Profiles\0ymuc05p.default\extensions\artur.dubovoy@gmail.com
[2009.12.07 08:36:02 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\mozilla\Firefox\Profiles\0ymuc05p.default\extensions\firefox@tvunetworks.com
[2010.01.27 10:54:41 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\mozilla\Firefox\Profiles\0ymuc05p.default\extensions\max@subfighter.com
[2010.06.27 18:27:43 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\mozilla\Firefox\Profiles\0ymuc05p.default\extensions\netvideohunter@netvideohunter.com
[2010.10.07 06:08:41 | 000,002,431 | ---- | M] () -- C:\Users\chaosof99\AppData\Roaming\Mozilla\FireFox\Profiles\0ymuc05p.default\searchplugins\anime-news-network.xml
[2009.07.09 10:21:57 | 000,002,612 | ---- | M] () -- C:\Users\chaosof99\AppData\Roaming\Mozilla\FireFox\Profiles\0ymuc05p.default\searchplugins\ice-hockey-wiki-en.xml
[2009.07.12 12:01:51 | 000,001,893 | ---- | M] () -- C:\Users\chaosof99\AppData\Roaming\Mozilla\FireFox\Profiles\0ymuc05p.default\searchplugins\lyricwiki-en.xml
[2009.05.17 10:51:56 | 000,005,256 | ---- | M] () -- C:\Users\chaosof99\AppData\Roaming\Mozilla\FireFox\Profiles\0ymuc05p.default\searchplugins\magiccardsinfo.xml
[2009.05.15 13:42:08 | 000,005,603 | ---- | M] () -- C:\Users\chaosof99\AppData\Roaming\Mozilla\FireFox\Profiles\0ymuc05p.default\searchplugins\mtg-salvation-wiki-en.xml
[2009.04.26 15:08:43 | 000,002,283 | ---- | M] () -- C:\Users\chaosof99\AppData\Roaming\Mozilla\FireFox\Profiles\0ymuc05p.default\searchplugins\one-piece-encyclopedia-en.xml
[2009.07.31 20:46:21 | 000,001,833 | ---- | M] () -- C:\Users\chaosof99\AppData\Roaming\Mozilla\FireFox\Profiles\0ymuc05p.default\searchplugins\tmntpedia-en.xml
[2009.04.25 16:45:50 | 000,001,328 | ---- | M] () -- C:\Users\chaosof99\AppData\Roaming\Mozilla\FireFox\Profiles\0ymuc05p.default\searchplugins\wikipedia-de.xml
[2010.10.13 14:53:02 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Programme\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [cfFncEnabler.exe]  File not found
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [jswtrayutil] C:\Program Files\Jumpstart\jswtrayutil.exe File not found
O4 - HKLM..\Run: [NDSTray.exe]  File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Toshiba TEMPO] C:\Programme\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [wuaucldt] C:\Windows\System32\wuaucldt.exe ()
O4 - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2329238516-1223640929-1913374716-1000..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2329238516-1223640929-1913374716-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2329238516-1223640929-1913374716-1000..\Run: [dfrgsnapnt.exe] C:\Users\CHAOSO~1\AppData\Local\Temp\dfrgsnapnt.exe ()
O4 - HKU\S-1-5-21-2329238516-1223640929-1913374716-1000..\Run: [TOSCDSPD]  File not found
O4 - HKU\S-1-5-21-2329238516-1223640929-1913374716-1000..\Run: [wuaucldt] c:\users\chaosof99\wuaucldt.exe ()
O4 - Startup: C:\Users\chaosof99\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\chaosof99\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\updugt32.exe ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-2329238516-1223640929-1913374716-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -  File not found
O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: E:\Wallpaper\[AnimePaper]wallpapers_Black-Lagoon_isteb-isteb(1.6)_1920x1200_94633.jpg
O24 - Desktop BackupWallPaper: E:\Wallpaper\[AnimePaper]wallpapers_Black-Lagoon_isteb-isteb(1.6)_1920x1200_94633.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7ba830f4-9b75-11de-846a-001e33a8918b}\Shell - "" = AutoRun
O33 - MountPoints2\{7ba830f4-9b75-11de-846a-001e33a8918b}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O33 - MountPoints2\{9d55b4ce-3322-11df-961e-001e33a8918b}\Shell - "" = AutoRun
O33 - MountPoints2\{9d55b4ce-3322-11df-961e-001e33a8918b}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe File not found
MsConfig - StartUpReg: Google EULA Launcher - hkey= - key= - c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
MsConfig - StartUpReg: mcagent_exe - hkey= - key= - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
MsConfig - StartUpReg: topi - hkey= - key= - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
MsConfig - StartUpReg: Toshiba Registration - hkey= - key= - C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.dvacm - C:\Programme\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.13 21:05:07 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\chaosof99\Desktop\OTL.exe
[2010.10.01 11:39:07 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.10.01 11:39:05 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.10.01 11:36:17 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.10.01 11:34:41 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.09.29 06:27:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.09.21 19:10:09 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.13 21:05:20 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\chaosof99\Desktop\OTL.exe
[2010.10.13 21:01:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.13 21:01:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.13 20:40:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.13 20:38:40 | 000,000,001 | ---- | M] () -- C:\Users\chaosof99\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010.10.13 20:26:48 | 000,033,280 | ---- | M] () -- C:\Windows\System32\wuaucldt.exe
[2010.10.13 20:26:48 | 000,033,280 | ---- | M] () -- C:\Users\chaosof99\wuaucldt.exe
[2010.10.13 20:26:47 | 000,000,016 | ---- | M] () -- C:\Users\chaosof99\AppData\Roaming\ldcpfk.dat
[2010.10.13 20:26:37 | 000,000,004 | ---- | M] () -- C:\Users\chaosof99\AppData\Roaming\avdrn.dat
[2010.10.13 03:40:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.12 19:52:36 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.10.11 07:35:40 | 000,003,981 | ---- | M] () -- C:\Users\chaosof99\.recently-used.xbel
[2010.10.10 12:30:46 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.10 12:30:46 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.10 12:30:45 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.10 12:30:45 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.08 01:00:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2010.09.15 00:59:59 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.13 20:51:59 | 578,671,993 | ---- | C] () -- C:\Users\chaosof99\Desktop\Indiana_Jones_and_the_Last_Crusade_1989_roNy.mkv
[2010.10.13 20:38:40 | 000,000,001 | ---- | C] () -- C:\Users\chaosof99\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010.10.13 20:26:48 | 000,033,280 | ---- | C] () -- C:\Windows\System32\wuaucldt.exe
[2010.10.13 20:26:48 | 000,033,280 | ---- | C] () -- C:\Users\chaosof99\wuaucldt.exe
[2010.10.13 20:26:40 | 000,000,016 | ---- | C] () -- C:\Users\chaosof99\AppData\Roaming\ldcpfk.dat
[2010.10.13 20:26:37 | 000,000,004 | ---- | C] () -- C:\Users\chaosof99\AppData\Roaming\avdrn.dat
[2010.10.11 07:35:40 | 000,003,981 | ---- | C] () -- C:\Users\chaosof99\.recently-used.xbel
[2010.10.09 12:38:39 | 000,049,233 | ---- | C] () -- C:\fat32format.exe
[2010.10.01 11:39:56 | 000,002,231 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.04.30 09:27:04 | 000,081,408 | ---- | C] () -- C:\Windows\CBCRUN20.DLL
[2010.04.02 11:04:47 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010.03.23 10:53:24 | 000,000,680 | ---- | C] () -- C:\Users\chaosof99\AppData\Local\d3d9caps.dat
[2010.02.15 22:03:46 | 000,290,816 | ---- | C] () -- C:\Windows\System32\decdll.dll
[2009.12.18 10:31:09 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.12.17 20:03:38 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2009.10.15 14:08:11 | 000,000,206 | ---- | C] () -- C:\Windows\ArcView9x.INI
[2009.09.17 07:40:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.31 09:35:12 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.07.23 21:01:51 | 001,077,928 | ---- | C] () -- C:\Users\chaosof99\AppData\Roaming\698e8de9c79e614b8d6a96b5ce9682e6-i686.cache-2
[2009.05.05 21:04:03 | 000,001,204 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.04.27 11:06:27 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.04.26 10:40:49 | 000,053,760 | ---- | C] () -- C:\Users\chaosof99\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.25 16:18:42 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009.04.25 16:18:42 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009.04.25 16:18:42 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009.04.25 16:18:42 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2009.04.07 03:00:44 | 000,499,712 | R--- | C] () -- C:\Windows\System32\XmlSpyLib.dll
[2009.02.10 14:15:19 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009.02.10 14:15:19 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009.02.10 14:15:19 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009.02.10 14:15:19 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009.02.10 14:15:19 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009.02.10 14:15:19 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009.02.10 14:05:40 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009.02.10 13:49:59 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2009.02.10 12:39:30 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1997.06.25 15:24:16 | 000,040,448 | ---- | C] () -- C:\Windows\System32\RegObj.dll
 
========== LOP Check ==========
 
[2010.10.12 07:05:51 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\.anki
[2009.09.30 10:28:40 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Any DVD Converter Professional
[2010.08.09 20:20:57 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Any Video Converter
[2009.04.27 11:14:27 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\DAEMON Tools Lite
[2010.01.14 14:29:53 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\ESRI
[2010.06.01 18:02:40 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\foobar2000
[2010.07.10 16:42:28 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\FreeVideoConverter
[2009.05.05 20:47:01 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\GetRightToGo
[2010.10.11 07:35:40 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\gtk-2.0
[2010.08.11 10:24:13 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Gygan
[2010.06.21 09:12:45 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\ICQ
[2010.02.17 22:03:45 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\LEGO Company
[2009.05.25 00:42:08 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Magic Set Editor
[2010.04.07 21:25:55 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\mplayer
[2009.07.14 17:29:15 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\NJStar
[2009.05.03 14:23:25 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\OpenOffice.org
[2009.09.13 18:49:49 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\StreamTorrent
[2009.04.25 17:33:45 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Toshiba
[2009.10.15 14:11:16 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Ulead Systems
[2010.10.13 14:29:45 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\uTorrent
[2010.09.15 00:59:59 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2010.10.01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010.10.07 21:01:18 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.10.12 07:05:51 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\.anki
[2009.04.25 17:34:23 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Adobe
[2009.09.30 10:28:40 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Any DVD Converter Professional
[2010.08.09 20:20:57 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Any Video Converter
[2009.09.12 07:56:29 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Apple Computer
[2009.04.27 11:14:27 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\DAEMON Tools Lite
[2009.07.09 14:21:58 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\DivX
[2010.10.11 19:24:40 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\dvdcss
[2010.01.14 14:29:53 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\ESRI
[2010.06.01 18:02:40 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\foobar2000
[2010.07.10 16:42:28 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\FreeVideoConverter
[2009.05.05 20:47:01 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\GetRightToGo
[2009.04.25 16:36:56 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Google
[2009.07.23 16:38:08 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\GRETECH
[2010.10.11 07:35:40 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\gtk-2.0
[2010.08.11 10:24:13 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Gygan
[2009.05.05 21:18:35 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\HP
[2010.06.21 09:12:45 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\ICQ
[2009.04.25 16:30:56 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Identities
[2009.04.25 16:30:22 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\InstallShield
[2010.02.17 22:03:45 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\LEGO Company
[2009.04.25 16:49:54 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Macromedia
[2009.05.25 00:42:08 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Magic Set Editor
[2009.04.27 11:24:55 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Mathematica
[2009.11.30 12:38:39 | 000,000,000 | --SD | M] -- C:\Users\chaosof99\AppData\Roaming\Microsoft
[2010.05.12 13:09:43 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\MiKTeX
[2010.10.13 19:43:41 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\mIRC
[2009.04.25 16:42:13 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Mozilla
[2010.04.07 21:25:55 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\mplayer
[2009.07.14 17:29:15 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\NJStar
[2009.05.03 14:23:25 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\OpenOffice.org
[2009.07.21 18:37:27 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Real
[2009.09.21 12:27:51 | 000,000,000 | RH-D | M] -- C:\Users\chaosof99\AppData\Roaming\SecuROM
[2009.09.13 18:49:49 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\StreamTorrent
[2009.04.25 17:33:45 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Toshiba
[2009.10.15 14:11:16 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Ulead Systems
[2010.10.13 14:29:45 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\uTorrent
[2010.10.13 21:09:23 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\vlc
[2009.04.25 17:53:25 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2009.10.23 17:28:55 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\chaosof99\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
[2009.10.23 17:28:55 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\chaosof99\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
[2009.10.23 17:28:55 | 000,008,854 | R--- | M] () -- C:\Users\chaosof99\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
[2009.04.11 08:28:04 | 000,045,056 | R-S- | M] () -- C:\Users\chaosof99\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\updugt32.exe
 
< %SYSTEMDRIVE%\*.exe >
[2009.03.02 23:47:38 | 000,049,233 | ---- | M] () -- C:\fat32format.exe
[2010.05.12 12:03:21 | 821,488,567 | ---- | M] () -- C:\ProTeXt-2.2.1-102109.exe
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2008.03.25 05:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_3e1ecd89\AGP440.sys
[2008.03.25 05:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.22142_none_ba734aead7ed1bb6\AGP440.sys
[2008.03.26 05:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_e4087235\AGP440.sys
[2008.03.26 05:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20800_none_b8b64d46daa7e57a\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2008.04.15 17:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008.04.15 17:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008.04.15 17:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys
[2008.04.15 17:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:34:02 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.04.27 11:06:27 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:4275857BDE7308EF
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:FB1B13D8

< End of report >

chaosof99 · 14.10.2010, 08:15

Anscheinend habe ich auch einen Trojaner TR/Crypt.XPACK.Gen2 auf dem Rechner. Genauere Probleme die ich bemerke sind:
- Ich kann den Task-Manager von Windows Vista nicht mehr öffnen.
- Des öfteren wird die Internetverbindung lahm bis ein Windows-Host-Programm abstürzt

Die Trojaner werden kontinuierlich neu erzeugt, fast schon im sekündlichen Abstand, obwohl Avira AntiVir sie immer wieder eleminiert.

Chris4You · 14.10.2010, 08:30

Hi,

Wow!

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:

Als erstes versteckte Dateien anzeigen lassen! (nur Punkt 1 durchführen!)

Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:

Code:

ATTFilter

C:\Windows\System32\wuaucldt.exe
C:\Users\chaosof99\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\updugt32.exe
C:\fat32format.exe
C:\Windows\CBCRUN20.DLL

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Momentan habe ich nur die erste Datei "C:\Windows\System32\wuaucldt.exe) im OTL-Script, wenn die anderen ebenfalls erkannt werden, folgende Zeile in das OTL-Script einfügen (direkt hinter die Zeile wo die erste Datei steht!):

Code:

ATTFilter

O4 - Startup: C:\Users\chaosof99\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\updugt32.exe ()
[2010.10.09 12:38:39 | 000,049,233 | ---- | C] () -- C:\fat32format.exe
[2010.04.30 09:27:04 | 000,081,408 | ---- | C] () -- C:\Windows\CBCRUN20.DLL

Fix für OTL:

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:

ATTFilter

:OTL
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
O4 - HKLM..\Run: [cfFncEnabler.exe]  File not found
O4 - HKLM..\Run: [jswtrayutil] C:\Program Files\Jumpstart\jswtrayutil.exe File not found
O4 - HKLM..\Run: [wuaucldt] C:\Windows\System32\wuaucldt.exe ()
[2010.10.13 20:26:48 | 000,033,280 | ---- | M] () -- C:\Users\chaosof99\wuaucldt.exe
O4 - HKU\S-1-5-21-2329238516-1223640929-1913374716-1000..\Run: [dfrgsnapnt.exe] C:\Users\CHAOSO~1\AppData\Local\Temp\dfrgsnapnt.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-2329238516-1223640929-1913374716-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O33 - MountPoints2\{7ba830f4-9b75-11de-846a-001e33a8918b}\Shell - "" = AutoRun
O33 - MountPoints2\{7ba830f4-9b75-11de-846a-001e33a8918b}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O33 - MountPoints2\{9d55b4ce-3322-11df-961e-001e33a8918b}\Shell - "" = AutoRun
O33 - MountPoints2\{9d55b4ce-3322-11df-961e-001e33a8918b}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
[2010.10.13 20:38:40 | 000,000,001 | ---- | M] () -- C:\Users\chaosof99\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010.10.13 20:26:47 | 000,000,016 | ---- | M] () -- C:\Users\chaosof99\AppData\Roaming\ldcpfk.dat
[2010.10.13 20:26:37 | 000,000,004 | ---- | M] () -- C:\Users\chaosof99\AppData\Roaming\avdrn.dat
@Alternate Data Stream - 24 bytes -> C:\Windows:4275857BDE7308EF
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:FB1B13D8

:Commands
[emptytemp]
[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

chris

chaosof99 · 14.10.2010, 10:12

Hier ist das OTL log. Die Ausgaben für die VirusTotal scans der einzelnen Dateien befinden sich im Anhang. Ich hoffe ich habe alle wichtigen Informationen kopiert. Es scheint aber nur die Datei wuaucldt.exe ein Trojaner zu sein. Bei den anderen Dateien wurde nichts erkannt und habe deshalb das Script vor dem OTL Scan nicht geändert. Außerdem waren alle Dateien außer CBCRUN20.DLL VirusTotal bereits bekannt.

Die Datei fat32format.exe ist mir selbst bekannt. Dies ist ein einfaches FAT32 Formatierungsprogramm dass ich benutzt habe um größere externe Festplatten auf dieses Dateisystem zu bringen. Windows selbst konnte dies leider nicht da sie zu groß waren.

Der Malwarebyte Scan läuft gerade. Den Log poste ich wenn dieser abgeschlossen ist.

OTL log:

Code:

ATTFilter

All processes killed
========== OTL ==========
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File  C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File  C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File  C:\Windows\System32\DRIVERS\ipinip.sys File not found not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\cfFncEnabler.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jswtrayutil deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wuaucldt deleted successfully.
C:\Windows\System32\wuaucldt.exe moved successfully.
C:\Users\chaosof99\wuaucldt.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-2329238516-1223640929-1913374716-1000\Software\Microsoft\Windows\CurrentVersion\Run\\dfrgsnapnt.exe deleted successfully.
C:\Users\CHAOSO~1\AppData\Local\Temp\dfrgsnapnt.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2329238516-1223640929-1913374716-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ba830f4-9b75-11de-846a-001e33a8918b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ba830f4-9b75-11de-846a-001e33a8918b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ba830f4-9b75-11de-846a-001e33a8918b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ba830f4-9b75-11de-846a-001e33a8918b}\ not found.
File G:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d55b4ce-3322-11df-961e-001e33a8918b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d55b4ce-3322-11df-961e-001e33a8918b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d55b4ce-3322-11df-961e-001e33a8918b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d55b4ce-3322-11df-961e-001e33a8918b}\ not found.
File H:\LaunchU3.exe not found.
C:\Users\chaosof99\oashdihasidhasuidhiasdhiashdiuasdhasd moved successfully.
C:\Users\chaosof99\AppData\Roaming\ldcpfk.dat moved successfully.
C:\Users\chaosof99\AppData\Roaming\avdrn.dat moved successfully.
ADS C:\Windows:4275857BDE7308EF deleted successfully.
ADS C:\ProgramData\TEMP:FB1B13D8 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: chaosof99
->Temp folder emptied: 2079787 bytes
->Temporary Internet Files folder emptied: 96495106 bytes
->Java cache emptied: 33071694 bytes
->FireFox cache emptied: 106836056 bytes
->Flash cache emptied: 155550 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1134363812 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.309,00 mb
 
 
OTL by OldTimer - Version 3.2.15.2 log created on 10142010_101306

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\WFVF3D0.tmp not found!

Registry entries deleted on Reboot...

Chris4You · 14.10.2010, 11:05

Hi,

lade die "wuaucldt.exe" bitte bei uns hoch, Du findest Sie unter C:\_OLT\..\MovedFiels wie folgt (Bevor sie ev. von MAM "entsorgt" wird):
Datei hochladen:
http://www.trojaner-board.de/54791-a...ner-board.html
Achte darauf keinesfalls einen Doppelcklick zu machen und das Programm zu starten, am Besten änderst Du die Erweiterung auf "wuaucldt.exe.vir"...

Zuwenig Scanner erkennen das Teil...

chris

chaosof99 · 14.10.2010, 11:17

Ist hochgeladen.

Chris4You · 14.10.2010, 14:01

Hi,

ist MAM mit dem Fullscan fertig?
Dann bitte Log poosten!

chris

chaosof99 · 14.10.2010, 18:55

Sorry, ich musste für einige Zeit außer haus. Wahrscheinlich bin ich als online aufgetaucht weil ich den Laptop laufen lies und die seite offen hatte.

Hier ist das log des MBAM fullscans:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4819

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

14.10.2010 19:43:11
mbam-log-2010-10-14 (19-43-11).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 443716
Time elapsed: 1 hour(s), 55 minute(s), 17 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
C:\Users\chaosof99\AppData\Local\Temp\dfrgsnapnt.exe (Trojan.FakeAlert) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.FakeAlert.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dfrgsnapnt.exe (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\chaosof99\wuaucldt.exe (Trojan.FakeAlert.H) -> No action taken.
C:\Users\chaosof99\AppData\Local\Temp\dfrgsnapnt.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\chaosof99\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G1B7P5W0\5-direct[1].ex (Trojan.DNSChanger) -> No action taken.
C:\Users\chaosof99\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KV04PHHN\5-direct[1].ex (Trojan.DNSChanger) -> No action taken.
C:\Users\chaosof99\AppData\Local\Temp\topwesitjh (Trojan.FakeAlert) -> No action taken.
C:\Users\chaosof99\AppData\Local\Temp\~TMD1C2.tmp (Rogue.SecurityEssentials) -> No action taken.
C:\Users\chaosof99\AppData\Local\Xenocode\Sandbox\Gygan\0.6.1.7\2010.07.20T01.46\Virtual\STUBEXE\8.0.1112\@PROGRAMFILES@\Gygan BETA\Gygan.exe (Backdoor.Bifrose) -> No action taken.
C:\Users\chaosof99\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\updugt32.exe (Heuristics.Shuriken) -> No action taken.
C:\_OTL\MovedFiles\10142010_101306\C_Users\chaosof99\AppData\Local\Temp\dfrgsnapnt.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\chaosof99\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.

Chris4You · 15.10.2010, 06:54

Hi,

alle Funde von MAM beseitigen lassen...

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.
Antivierenlösung komplett auschalten und zwar so, dass sie sich auch nach einem Reboot NICHT einschaltet!

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen.

Danach bitte noch mal ein OTL-Log posten...

chris

chaosof99 · 15.10.2010, 15:26

Sorry, hat etwas gedauert da ich noch mal MAM laufen lies (hat nichts mehr gefunden) und einige Daten gebackupped habe, falls der Extremfall eintreten sollte und ich neu aufsetzen müsste.

Ich habe allerdings ein Problem. ComboFix lässt sich nicht starten. Nachdem ich die initiale Warnung bestätigt habe, bekomme ich eine Fehlermeldung ohne Text. Klicke ich auf OK bei dieser, die einzige Möglichkeit die ich habe, bekomme ich eine weitere Fehlermeldung. Diese besagt dann dass ComboFix nicht richtig initialisiert wurde und gibt mir einen Fehlercode in Hexadezimal. Der Fehlercode beginnt mit 0xc gefolgt von fünf oder sechs Nullen und ended in 142. Bin mir leider nicht sicher wie viele nullen dazwischen sind. Danach startet das Programm meinen Rechner neu.

Avira AntiVir und auch Malwarebytes Anti-Malware habe ich beide deinstalliert, sodass diese nicht ComboFix in the Quere kommen. Allerdings bekomme ich seit ich bei euch vom Support gebrauch mache wieder Warnmeldungen von der Vista Benutzerkontensteuerung, die ich schon vor einiger Zeit ein mal ausgeschaltet habe. Ich weiß aber nicht ob das daran liegen kann.

Edit: Anscheinend war dies der Fehler. Nachdem ich die Benutzerkontensteuerung ausgeschaltet und den Rechner neu gestartet hatte, habe ich noch ein mal propiert ComboFix auszuführen. Zwar habe ich wieder die selben Fehlermeldungen bekommen, aber nachdem der Rechner neu gestartet ist hat sich ComboFix an die Arbeit gemacht.

Hier ist das erzeugte log:

Code:

ATTFilter

ComboFix 10-10-14.01 - chaosof99 15.10.2010  16:39:37.1.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.43.1031.18.2939.2187 [GMT 2:00]
ausgeführt von:: c:\users\chaosof99\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
 * Im Speicher befindliches AV aktiv.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\uninstall.exe

.
(((((((((((((((((((((((   Dateien erstellt von 2010-09-15 bis 2010-10-15  ))))))))))))))))))))))))))))))
.

2010-10-15 14:46 . 2010-10-15 14:48    --------    d-----w-    c:\users\chaosof99\AppData\Local\temp
2010-10-15 14:46 . 2010-10-15 14:46    --------    d-----w-    c:\users\Default\AppData\Local\temp
2010-10-14 08:13 . 2010-10-14 08:13    --------    d-----w-    C:\_OTL
2010-10-14 06:39 . 2010-10-14 06:39    --------    d-----w-    c:\users\chaosof99\AppData\Roaming\Malwarebytes
2010-10-14 06:39 . 2010-10-14 06:39    --------    d-----w-    c:\programdata\Malwarebytes
2010-10-13 07:28 . 2010-09-13 13:56    168960    ----a-w-    c:\program files\Windows Media Player\wmplayer.exe
2010-10-13 07:28 . 2010-09-13 13:56    8147456    ----a-w-    c:\windows\system32\wmploc.DLL
2010-10-13 07:26 . 2010-09-06 16:20    125952    ----a-w-    c:\windows\system32\srvsvc.dll
2010-10-13 07:26 . 2010-09-06 13:45    304128    ----a-w-    c:\windows\system32\drivers\srv.sys
2010-10-13 07:26 . 2010-09-06 13:45    145408    ----a-w-    c:\windows\system32\drivers\srv2.sys
2010-10-13 07:26 . 2010-09-06 13:45    102400    ----a-w-    c:\windows\system32\drivers\srvnet.sys
2010-10-13 07:26 . 2010-09-06 16:19    17920    ----a-w-    c:\windows\system32\netevent.dll
2010-10-13 06:47 . 2010-09-08 17:07    834048    ----a-w-    c:\windows\system32\wininet.dll
2010-10-13 06:47 . 2010-09-08 17:23    78336    ----a-w-    c:\windows\system32\ieencode.dll
2010-10-13 06:47 . 2010-09-08 15:23    389632    ----a-w-    c:\windows\system32\html.iec
2010-10-13 06:18 . 2010-08-31 15:46    954752    ----a-w-    c:\windows\system32\mfc40.dll
2010-10-13 06:18 . 2010-08-31 15:46    954288    ----a-w-    c:\windows\system32\mfc40u.dll
2010-10-13 05:48 . 2010-08-26 16:37    157184    ----a-w-    c:\windows\system32\t2embed.dll
2010-10-13 05:47 . 2010-08-31 13:27    2038272    ----a-w-    c:\windows\system32\win32k.sys
2010-10-13 05:47 . 2010-05-04 19:13    231424    ----a-w-    c:\windows\system32\msshsq.dll
2010-10-13 05:46 . 2010-08-20 16:05    867328    ----a-w-    c:\windows\system32\wmpmde.dll
2010-10-13 05:41 . 2010-08-31 15:44    531968    ----a-w-    c:\windows\system32\comctl32.dll
2010-10-13 05:26 . 2010-08-10 15:53    274944    ----a-w-    c:\windows\system32\schannel.dll
2010-10-13 05:24 . 2010-06-28 17:00    1316864    ----a-w-    c:\windows\system32\ole32.dll
2010-10-13 05:24 . 2010-06-28 14:54    339968    ----a-w-    c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-09 10:38 . 2009-03-02 21:47    49233    ----a-w-    C:\fat32format.exe
2010-10-01 09:39 . 2010-10-01 09:39    --------    d-----w-    c:\program files\iPod
2010-10-01 09:39 . 2010-10-01 09:39    --------    d-----w-    c:\program files\iTunes
2010-10-01 09:34 . 2010-10-01 09:34    --------    d-----w-    c:\program files\Bonjour
2010-09-29 04:27 . 2010-06-22 13:30    2048    ----a-w-    c:\windows\system32\tzres.dll
2010-09-21 17:10 . 2010-04-16 16:46    502272    ----a-w-    c:\windows\system32\usp10.dll
2010-09-21 17:10 . 2010-08-17 14:11    128000    ----a-w-    c:\windows\system32\spoolsv.exe
2010-09-21 17:10 . 2010-04-05 17:02    317952    ----a-w-    c:\windows\system32\MP4SDECD.DLL
2010-09-21 17:10 . 2010-05-27 20:08    739328    ----a-w-    c:\windows\system32\inetcomm.dll
2010-09-16 01:34 . 2010-08-17 10:52    2409784    ----a-w-    c:\program files\Windows Mail\OESpamFilter.dat

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-02-10 12:32    157168    ----a-w-    c:\programdata\Partner\partner.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-26 148888]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

c:\users\chaosof99\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-09-26 09:02    2356088    ----a-r-    c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-05-28 11:40    20480    ----a-w-    c:\program files\Google\Google EULA\GoogleEULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
2007-08-03 21:33    582992    ----a-w-    c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
2007-07-10 08:24    581632    ----a-w-    c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2008-01-11 02:07    574864    ----a-w-    c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2009-09-30 16:57    718688    ----a-w-    c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-22 133104]
R2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [2006-02-01 204800]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [x]
R4 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [x]
R4 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [2009-02-10 110576]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-04-27 721904]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
S2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [2009-09-25 93960]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-02-06 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork    REG_MULTI_SZ       PLA DPS BFE mpssvc
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-22 11:33]

2010-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-22 11:33]

2010-10-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-25 11:32]

2010-09-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-25 11:32]
.
.
------- Zusätzlicher Suchlauf -------
.
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
uInternet Settings,ProxyOverride = local;*.local
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home
TCP: {E45537FF-6AF9-48FD-80C6-9CA2EE311F40} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\chaosof99\AppData\Roaming\Mozilla\Firefox\Profiles\0ymuc05p.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 9666
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\chaosof99\AppData\Roaming\Mozilla\Firefox\Profiles\0ymuc05p.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp- Malwarebytes Anti-Malware  (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-2329238516-1223640929-1913374716-1000\Software\SecuROM\License information*]
"datasecu"=hex:e5,ab,3d,4f,0a,b9,2f,c2,58,6d,56,32,01,8d,50,f7,fc,86,b3,ca,0c,
   60,74,b5,76,89,44,cd,93,ff,cd,dc,0e,2f,88,ac,52,9f,62,e2,0f,10,11,89,0a,18,\
"rkeysecu"=hex:dd,06,20,42,ff,0b,0e,c3,d7,b5,bb,f6,d1,4c,a6,6d

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2010-10-15  16:51:26
ComboFix-quarantined-files.txt  2010-10-15 14:51

Vor Suchlauf: 17 Verzeichnis(se), 20.168.359.936 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 23.109.431.296 Bytes frei

- - End Of File - - E65E47016B78ADA84FAE85FDF0B8DD33

Edit 2: Hier noch das Log des OTL scans:

Code:

ATTFilter

OTL logfile created on: 15.10.2010 17:10:28 - Run 2
OTL by OldTimer - Version 3.2.15.2     Folder = C:\Users\chaosof99\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,29 Gb Total Space | 21,43 Gb Free Space | 18,43% Space Free | Partition Type: NTFS
Drive E: | 115,13 Gb Total Space | 67,41 Gb Free Space | 58,55% Space Free | Partition Type: NTFS
 
Computer Name: GRAMPAII | User Name: chaosof99 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\chaosof99\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Sling Media\SlingAgent\SlingAgentService.exe (Sling Media Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\igfxext.exe (Intel Corporation)
PRC - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
PRC - C:\Programme\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH)
PRC - C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\chaosof99\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe ()
SRV - (SlingAgentService) -- C:\Programme\Sling Media\SlingAgent\SlingAgentService.exe (Sling Media Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Partner Service) -- C:\ProgramData\Partner\partner.exe (Google Inc.)
SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TempoMonitoringService) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (jswpsapi) -- C:\Programme\Jumpstart\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (OracleXEClrAgent) -- C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe ()
SRV - (OracleXETNSListener) -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE ()
SRV - (OracleMTSRecoveryService) -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe (Oracle Corporation)
SRV - (OracleJobSchedulerXE) -- c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe ()
SRV - (OracleServiceXE) -- c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE (Oracle Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\CHAOSO~1\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (xusb21) -- C:\Windows\System32\drivers\xusb21.sys (Microsoft Corporation)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2329238516-1223640929-1913374716-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msnbc.msn.com/id/3036677/
IE - HKU\S-1-5-21-2329238516-1223640929-1913374716-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2329238516-1223640929-1913374716-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2329238516-1223640929-1913374716-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:2.0.15
FF - prefs.js..extensions.enabledItems: max@subfighter.com:1.0.3
FF - prefs.js..extensions.enabledItems: netvideohunter@netvideohunter.com:1.3
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 0
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.05.05 21:12:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.06 10:07:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.01 11:36:46 | 000,000,000 | ---D | M]
 
[2009.04.25 16:42:13 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\mozilla\Extensions
[2010.10.15 15:12:26 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\mozilla\Firefox\Profiles\0ymuc05p.default\extensions
[2010.10.08 14:45:34 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\chaosof99\AppData\Roaming\mozilla\Firefox\Profiles\0ymuc05p.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2009.09.23 01:17:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chaosof99\AppData\Roaming\mozilla\Firefox\Profiles\0ymuc05p.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2009.06.21 07:39:44 | 000,000,000 | ---D | M] (Japanese-German Dictionary for rikaichan) -- C:\Users\chaosof99\AppData\Roaming\mozilla\Firefox\Profiles\0ymuc05p.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
[2010.08.24 08:05:14 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\chaosof99\AppData\Roaming\mozilla\Firefox\Profiles\0ymuc05p.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.01 19:43:22 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\mozilla\Firefox\Profiles\0ymuc05p.default\extensions\artur.dubovoy@gmail.com
[2009.12.07 08:36:02 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\mozilla\Firefox\Profiles\0ymuc05p.default\extensions\firefox@tvunetworks.com
[2010.01.27 10:54:41 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\mozilla\Firefox\Profiles\0ymuc05p.default\extensions\max@subfighter.com
[2010.06.27 18:27:43 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\mozilla\Firefox\Profiles\0ymuc05p.default\extensions\netvideohunter@netvideohunter.com
[2010.10.14 07:38:11 | 000,002,431 | ---- | M] () -- C:\Users\chaosof99\AppData\Roaming\Mozilla\FireFox\Profiles\0ymuc05p.default\searchplugins\anime-news-network.xml
[2009.07.09 10:21:57 | 000,002,612 | ---- | M] () -- C:\Users\chaosof99\AppData\Roaming\Mozilla\FireFox\Profiles\0ymuc05p.default\searchplugins\ice-hockey-wiki-en.xml
[2009.07.12 12:01:51 | 000,001,893 | ---- | M] () -- C:\Users\chaosof99\AppData\Roaming\Mozilla\FireFox\Profiles\0ymuc05p.default\searchplugins\lyricwiki-en.xml
[2009.05.17 10:51:56 | 000,005,256 | ---- | M] () -- C:\Users\chaosof99\AppData\Roaming\Mozilla\FireFox\Profiles\0ymuc05p.default\searchplugins\magiccardsinfo.xml
[2009.05.15 13:42:08 | 000,005,603 | ---- | M] () -- C:\Users\chaosof99\AppData\Roaming\Mozilla\FireFox\Profiles\0ymuc05p.default\searchplugins\mtg-salvation-wiki-en.xml
[2009.04.26 15:08:43 | 000,002,283 | ---- | M] () -- C:\Users\chaosof99\AppData\Roaming\Mozilla\FireFox\Profiles\0ymuc05p.default\searchplugins\one-piece-encyclopedia-en.xml
[2009.07.31 20:46:21 | 000,001,833 | ---- | M] () -- C:\Users\chaosof99\AppData\Roaming\Mozilla\FireFox\Profiles\0ymuc05p.default\searchplugins\tmntpedia-en.xml
[2009.04.25 16:45:50 | 000,001,328 | ---- | M] () -- C:\Users\chaosof99\AppData\Roaming\Mozilla\FireFox\Profiles\0ymuc05p.default\searchplugins\wikipedia-de.xml
[2010.10.13 14:53:02 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2010.10.15 16:47:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [NDSTray.exe]  File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Toshiba TEMPO] C:\Programme\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2329238516-1223640929-1913374716-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - Startup: C:\Users\chaosof99\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2329238516-1223640929-1913374716-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2329238516-1223640929-1913374716-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -  File not found
O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: E:\Wallpaper\[AnimePaper]wallpapers_Black-Lagoon_isteb-isteb(1.6)_1920x1200_94633.jpg
O24 - Desktop BackupWallPaper: E:\Wallpaper\[AnimePaper]wallpapers_Black-Lagoon_isteb-isteb(1.6)_1920x1200_94633.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: AdobeUpdater - hkey= - key= - C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Google EULA Launcher - hkey= - key= - c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
MsConfig - StartUpReg: mcagent_exe - hkey= - key= - C:\Program Files\McAfee.com\Agent\mcagent.exe File not found
MsConfig - StartUpReg: topi - hkey= - key= - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
MsConfig - StartUpReg: Toshiba Registration - hkey= - key= - C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
MsConfig - StartUpReg: XboxStat - hkey= - key= - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.dvacm - C:\Programme\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.15 17:00:50 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.10.15 17:00:49 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.10.15 17:00:49 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.10.15 17:00:49 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.10.15 17:00:48 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.10.15 17:00:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.10.15 16:51:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.10.15 16:51:29 | 000,000,000 | ---D | C] -- C:\Users\chaosof99\AppData\Local\temp
[2010.10.15 16:35:56 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.10.15 16:35:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.10.15 16:35:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.10.15 16:35:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.10.15 16:34:10 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010.10.15 16:33:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.10.15 15:48:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.10.14 10:13:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.10.14 08:39:51 | 000,000,000 | ---D | C] -- C:\Users\chaosof99\AppData\Roaming\Malwarebytes
[2010.10.14 08:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.14 08:37:37 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\chaosof99\Desktop\mbam-setup-1.46.exe
[2010.10.13 21:05:07 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\chaosof99\Desktop\OTL.exe
[2010.10.13 09:28:36 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.10.13 09:26:05 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010.10.13 08:47:09 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.10.13 08:47:02 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.10.13 08:47:02 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.10.13 08:47:02 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.10.13 08:47:02 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.10.13 08:18:04 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.10.13 08:18:04 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010.10.13 07:48:20 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.10.13 07:47:12 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.10.13 07:47:03 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010.10.13 07:46:52 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010.10.01 11:39:07 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.10.01 11:39:05 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.10.01 11:36:17 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.10.01 11:34:41 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.09.29 06:27:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.09.21 19:10:09 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.15 17:07:43 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.15 17:07:41 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.15 17:07:13 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.15 17:06:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.15 17:00:57 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.10.15 16:59:39 | 044,089,904 | ---- | M] () -- C:\Users\chaosof99\Desktop\avira_antivir_personal_en.exe
[2010.10.15 16:47:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.10.15 16:43:42 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.15 16:43:42 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.15 16:43:42 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.15 16:43:42 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.15 16:40:03 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.15 16:02:03 | 003,878,474 | R--- | M] () -- C:\Users\chaosof99\Desktop\ComboFix.exe
[2010.10.14 10:42:53 | 000,000,016 | ---- | M] () -- C:\Users\chaosof99\AppData\Roaming\ldcpfk.dat
[2010.10.14 08:46:20 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.10.14 08:38:08 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\chaosof99\Desktop\mbam-setup-1.46.exe
[2010.10.14 03:27:58 | 000,345,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.14 03:06:05 | 000,000,285 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2010.10.13 21:05:20 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\chaosof99\Desktop\OTL.exe
[2010.10.11 07:35:40 | 000,003,981 | ---- | M] () -- C:\Users\chaosof99\.recently-used.xbel
 
========== Files Created - No Company Name ==========
 
[2010.10.15 17:00:57 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.10.15 16:57:48 | 044,089,904 | ---- | C] () -- C:\Users\chaosof99\Desktop\avira_antivir_personal_en.exe
[2010.10.15 16:35:57 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.10.15 16:35:53 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.10.15 16:35:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.10.15 16:35:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.10.15 16:35:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.10.15 15:28:56 | 003,878,474 | R--- | C] () -- C:\Users\chaosof99\Desktop\ComboFix.exe
[2010.10.14 10:42:52 | 000,000,016 | ---- | C] () -- C:\Users\chaosof99\AppData\Roaming\ldcpfk.dat
[2010.10.14 03:06:05 | 000,000,285 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.10.11 07:35:40 | 000,003,981 | ---- | C] () -- C:\Users\chaosof99\.recently-used.xbel
[2010.10.09 12:38:39 | 000,049,233 | ---- | C] () -- C:\fat32format.exe
[2010.10.01 11:39:56 | 000,002,231 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.04.30 09:27:04 | 000,081,408 | ---- | C] () -- C:\Windows\CBCRUN20.DLL
[2010.04.02 11:04:47 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010.03.23 10:53:24 | 000,000,680 | ---- | C] () -- C:\Users\chaosof99\AppData\Local\d3d9caps.dat
[2010.02.15 22:03:46 | 000,290,816 | ---- | C] () -- C:\Windows\System32\decdll.dll
[2009.12.18 10:31:09 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.12.17 20:03:38 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2009.10.15 14:08:11 | 000,000,206 | ---- | C] () -- C:\Windows\ArcView9x.INI
[2009.09.17 07:40:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.31 09:35:12 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.07.23 21:01:51 | 001,077,928 | ---- | C] () -- C:\Users\chaosof99\AppData\Roaming\698e8de9c79e614b8d6a96b5ce9682e6-i686.cache-2
[2009.05.05 21:04:03 | 000,001,204 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.04.26 10:40:49 | 000,053,760 | ---- | C] () -- C:\Users\chaosof99\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.25 16:18:42 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009.04.25 16:18:42 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009.04.25 16:18:42 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009.04.25 16:18:42 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2009.04.07 03:00:44 | 000,499,712 | R--- | C] () -- C:\Windows\System32\XmlSpyLib.dll
[2009.02.10 14:15:19 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009.02.10 14:15:19 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009.02.10 14:15:19 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009.02.10 14:15:19 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009.02.10 14:15:19 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009.02.10 14:15:19 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009.02.10 14:05:40 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009.02.10 13:49:59 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2009.02.10 12:39:30 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1997.06.25 15:24:16 | 000,040,448 | ---- | C] () -- C:\Windows\System32\RegObj.dll
 
========== LOP Check ==========
 
[2010.10.12 07:05:51 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\.anki
[2009.09.30 10:28:40 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Any DVD Converter Professional
[2010.08.09 20:20:57 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Any Video Converter
[2009.04.27 11:14:27 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\DAEMON Tools Lite
[2010.01.14 14:29:53 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\ESRI
[2010.06.01 18:02:40 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\foobar2000
[2010.07.10 16:42:28 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\FreeVideoConverter
[2009.05.05 20:47:01 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\GetRightToGo
[2010.10.11 07:35:40 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\gtk-2.0
[2010.08.11 10:24:13 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Gygan
[2010.06.21 09:12:45 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\ICQ
[2010.02.17 22:03:45 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\LEGO Company
[2009.05.25 00:42:08 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Magic Set Editor
[2010.04.07 21:25:55 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\mplayer
[2009.07.14 17:29:15 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\NJStar
[2009.05.03 14:23:25 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\OpenOffice.org
[2009.09.13 18:49:49 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\StreamTorrent
[2009.04.25 17:33:45 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Toshiba
[2009.10.15 14:11:16 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Ulead Systems
[2010.10.15 10:34:37 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\uTorrent
[2010.10.15 17:06:08 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.10.12 07:05:51 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\.anki
[2009.04.25 17:34:23 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Adobe
[2009.09.30 10:28:40 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Any DVD Converter Professional
[2010.08.09 20:20:57 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Any Video Converter
[2009.09.12 07:56:29 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Apple Computer
[2009.04.27 11:14:27 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\DAEMON Tools Lite
[2009.07.09 14:21:58 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\DivX
[2010.10.11 19:24:40 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\dvdcss
[2010.01.14 14:29:53 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\ESRI
[2010.06.01 18:02:40 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\foobar2000
[2010.07.10 16:42:28 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\FreeVideoConverter
[2009.05.05 20:47:01 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\GetRightToGo
[2009.04.25 16:36:56 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Google
[2009.07.23 16:38:08 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\GRETECH
[2010.10.11 07:35:40 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\gtk-2.0
[2010.08.11 10:24:13 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Gygan
[2009.05.05 21:18:35 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\HP
[2010.06.21 09:12:45 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\ICQ
[2009.04.25 16:30:56 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Identities
[2009.04.25 16:30:22 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\InstallShield
[2010.02.17 22:03:45 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\LEGO Company
[2009.04.25 16:49:54 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Macromedia
[2009.05.25 00:42:08 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Magic Set Editor
[2010.10.14 08:39:51 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Malwarebytes
[2009.04.27 11:24:55 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Mathematica
[2009.11.30 12:38:39 | 000,000,000 | --SD | M] -- C:\Users\chaosof99\AppData\Roaming\Microsoft
[2010.10.15 00:58:41 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\mIRC
[2009.04.25 16:42:13 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Mozilla
[2010.04.07 21:25:55 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\mplayer
[2009.07.14 17:29:15 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\NJStar
[2009.05.03 14:23:25 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\OpenOffice.org
[2009.07.21 18:37:27 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Real
[2009.09.21 12:27:51 | 000,000,000 | RH-D | M] -- C:\Users\chaosof99\AppData\Roaming\SecuROM
[2009.09.13 18:49:49 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\StreamTorrent
[2009.04.25 17:33:45 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Toshiba
[2009.10.15 14:11:16 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\Ulead Systems
[2010.10.15 10:34:37 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\uTorrent
[2010.10.13 21:09:23 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\vlc
[2009.04.25 17:53:25 | 000,000,000 | ---D | M] -- C:\Users\chaosof99\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2009.10.23 17:28:55 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\chaosof99\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
[2009.10.23 17:28:55 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\chaosof99\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
[2009.10.23 17:28:55 | 000,008,854 | R--- | M] () -- C:\Users\chaosof99\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
 
< %SYSTEMDRIVE%\*.exe >
[2009.03.02 23:47:38 | 000,049,233 | ---- | M] () -- C:\fat32format.exe
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2008.03.25 05:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_3e1ecd89\AGP440.sys
[2008.03.25 05:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.22142_none_ba734aead7ed1bb6\AGP440.sys
[2008.03.26 05:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_e4087235\AGP440.sys
[2008.03.26 05:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20800_none_b8b64d46daa7e57a\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2008.04.15 17:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008.04.15 17:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008.04.15 17:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys
[2008.04.15 17:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll
[2008.01.21 04:34:02 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< End of report >

chaosof99 · 15.10.2010, 16:28

Hier noch die Extras.Txt die beim OTL scan erzeugt wurde:

Code:

ATTFilter

OTL Extras logfile created on: 15.10.2010 17:10:28 - Run 2
OTL by OldTimer - Version 3.2.15.2     Folder = C:\Users\chaosof99\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,29 Gb Total Space | 21,43 Gb Free Space | 18,43% Space Free | Partition Type: NTFS
Drive E: | 115,13 Gb Total Space | 67,41 Gb Free Space | 58,55% Space Free | Partition Type: NTFS
 
Computer Name: GRAMPAII | User Name: chaosof99 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2329238516-1223640929-1913374716-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4199E3DA-CBF8-489B-A270-3CE343A3290A}" = lport=2799 | protocol=6 | dir=in | name=altova license metering port (tcp) | 
"{70AD61EB-21E3-4F23-B69B-D0D7B26D2FD8}" = lport=2799 | protocol=17 | dir=in | name=altova license metering port (udp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01218443-063B-4905-AE57-484F1C49F17D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{0CC4C841-4877-40F4-AA06-556F649F7557}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{1C8FC3FE-6D33-4EB7-A62C-333F70392905}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{211C29AE-D0C0-4633-A139-8C6B637D3181}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{29AB5F76-7199-40A5-98E1-7C30C7126C1A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{2CDB9A41-F360-4471-BB49-AF6BA2E1C209}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{3F9C2DFD-8F08-44B6-A141-0A9BBC2022AD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{454ACF0E-F023-4D98-9D0A-0EBBCC07B6A4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{6DEF5BA7-6334-429D-AA6A-C71F99DF980E}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{71687EF6-0BBC-4A47-BC35-FDBD0ACB3597}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A07CE1D0-0385-4CBF-B242-25FDC1F9908E}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{B95E432F-A750-4CD0-8497-74FF40147A7B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{BA472299-D52F-4F0E-AD1C-FA621D748B25}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | 
"{BEB8E1BC-BA44-4352-AF16-9389C576CEB8}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{D76C1DBE-AC6A-4390-A087-E76FB2FB9C32}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{D8F2926F-C963-4B06-AD52-D7CC99EB74B2}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{F0323F22-C7B2-4EEE-86CC-A264FAD50E4C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F734D762-90C3-4299-984D-3BB2E9BD4111}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{F8D5E023-01BA-4499-AFD0-28770D4A27FD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{32A3A4F4-B792-11D6-A78A-00B0D0160130}" = Java(TM) SE Development Kit 6 Update 13
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43A056A0-2804-4FF4-ADA7-1E8B239E8E4A}" = Altova XMLSpy® 2009 sp1 Enterprise Edition
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{5033400B-0977-45AB-94CE-CC135A8E1BBB}" = ArcGIS Desktop
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4200_ProductContext
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications (R) Core - English
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.5 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A81300000003}_814" = KB408682
"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C260343B-6282-42A2-939F-1FF7E503F608}" = Wolfram Notebook Indexer 2.0
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2
"{E133E97F-5186-4503-BEC8-752EB9E8EBD7}" = Copy
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0BC0F9E-C4A8-485C-93ED-424DB9EA3F75}" = Oracle Database 10g Express Edition
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4200_Help
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications (R) Core
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Anki" = Anki
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 3.7.7
"Any Video Converter_is1" = Any Video Converter 2.7.5
"ArcGIS Desktop" = ArcGIS Desktop
"Audacity_is1" = Audacity 1.2.6
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CDisplay_is1" = CDisplay 1.8
"CloneCD" = CloneCD
"Dia" = Dia (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"eDonkey2000" = eDonkey2000
"eMule" = eMule
"FLAC" = FLAC 1.2.1b (remove only)
"foobar2000" = foobar2000 v1.0.3
"Free Video Converter_is1" = Free Video Converter V 2.8
"GOM Player" = GOM Player
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{F0BC0F9E-C4A8-485C-93ED-424DB9EA3F75}" = Oracle Database 10g Express Edition
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Launch of the Screaming Narwhal" = Tales of Monkey Island - Launch of the Screaming Narwhal
"Magic Set Editor 2_is1" = Magic Set Editor 2 - 0.3.8 beta
"Magic Workstation_is1" = Magic Workstation 0.94f
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"mIRC" = mIRC
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MTG GamePack for Magic Workstation_is1" = MTG GamePack for Magic Workstation
"myphotobook" = myphotobook 3.6
"nbi-nb-base-6.5.1.0.200903060201" = NetBeans IDE 6.5.1
"New LEGO Digital Designer" = LEGO Digital Designer
"NJStar Japanese WP" = NJStar Japanese WP
"numpy-py2.5" = Python 2.5 numpy-1.0.3
"OpenVPN" = OpenVPN 2.1_rc20
"Picasa2" = Picasa 2
"Python 2.5 numpy-1.0.3" = Python 2.5 numpy-1.0.3
"Python 2.5.1" = Python 2.5.1
"R for Windows 2.10.0_is1" = R for Windows 2.10.0
"RealAlt_is1" = Real Alternative 1.9.0 Lite
"Shop for HP Supplies" = Shop for HP Supplies
"SopCast" = SopCast 3.2.4
"StreamTorrent 1.0" = StreamTorrent 1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TVUPlayer" = TVUPlayer 2.5.0.1
"VLC media player" = VLC media player 1.0.0
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2329238516-1223640929-1913374716-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 14.10.2010 04:32:09 | Computer Name = grampaII | Source = Bonjour Service | ID = 100
Description = 380: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 14.10.2010 04:32:09 | Computer Name = grampaII | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 14.10.2010 04:32:09 | Computer Name = grampaII | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 14.10.2010 04:32:09 | Computer Name = grampaII | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 14.10.2010 04:40:02 | Computer Name = grampaII | Source = Bonjour Service | ID = 100
Description = WSARecvMsg failed (10022) 
 
Error - 14.10.2010 04:40:42 | Computer Name = grampaII | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.10.2010 12:12:46 | Computer Name = grampaII | Source = Bonjour Service | ID = 100
Description = 384: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 14.10.2010 12:12:46 | Computer Name = grampaII | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 14.10.2010 12:12:46 | Computer Name = grampaII | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 14.10.2010 12:12:46 | Computer Name = grampaII | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
[ System Events ]
Error - 15.10.2010 10:13:54 | Computer Name = grampaII | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 15.10.2010 10:13:54 | Computer Name = grampaII | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 15.10.2010 10:17:10 | Computer Name = grampaII | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 15.10.2010 10:33:25 | Computer Name = grampaII | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 15.10.2010 10:33:32 | Computer Name = grampaII | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 15.10.2010 10:37:04 | Computer Name = grampaII | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 15.10.2010 10:38:35 | Computer Name = grampaII | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 15.10.2010 10:38:36 | Computer Name = grampaII | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 15.10.2010 10:47:41 | Computer Name = grampaII | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 15.10.2010 11:09:35 | Computer Name = grampaII | Source = Service Control Manager | ID = 7022
Description = 
 
 
< End of report >

Chris4You · 15.10.2010, 20:41

Hi,

OTL:

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:

ATTFilter

:OTL
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2010.10.14 10:42:52 | 000,000,016 | ---- | C] () -- C:\Users\chaosof99\AppData\Roaming\ldcpfk.dat


:REG
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = dword:0x00

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

Prevx:
Das Tool neigt zu Fehlalarmen und kann in der freien Version auch nichts löschen, ist aber sonst recht gut... (und läuft auch auf 64Bit-Plattformen)
Prevx 3.0 for Home and Family
Falls das Tool was findet, nicht das Log posten sondern einen Screenshot des dann angezeigten Fensters...

Gmer:
http://www.trojaner-board.de/74908-a...t-scanner.html
Den Downloadlink findest Du links oben (GMER - Rootkit Detector and Remover), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein.

chris

chaosof99 · 15.10.2010, 22:14

Prevx fand nichts. GMER hat mir auch nie irgendwelche Prompts geliefert.

Hier ist das OTL log:

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Users\chaosof99\AppData\Roaming\ldcpfk.dat moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware\\"DisableMonitoring" | dword:0x00 /E : value set successfully!
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: chaosof99
->Temp folder emptied: 1690173 bytes
->Temporary Internet Files folder emptied: 40004168 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 100323498 bytes
->Flash cache emptied: 3719 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13361 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 135,00 mb
 

 
[EMPTYFLASH]
 
User: All Users
 
User: chaosof99
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.15.2 log created on 10152010_215823

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Der Text den ich aus dem GMER kopiert habe bevor ich gescannt habe:

Code:

ATTFilter

GMER 1.0.15.15319 - hxxp://www.gmer.net
Rootkit quick scan 2010-10-15 22:11:32
Windows 6.0.6002 Service Pack 2
Running: tcpernly.exe; Driver: C:\Users\CHAOSO~1\AppData\Local\Temp\kwdiqpoc.sys


---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk0\DR0                    sector 01: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 02: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 03: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 04: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 05: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 06: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 07: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 08: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 09: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 10: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 11: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 12: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 13: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 14: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 15: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 16: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 17: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 18: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 19: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 20: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 21: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 22: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 23: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 24: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 25: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 26: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 27: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 28: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 29: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 30: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 31: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 32: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 33: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 34: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 35: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 36: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 37: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 38: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 39: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 40: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 41: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 42: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 43: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 44: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 45: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 46: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 47: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 48: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 49: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 50: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 51: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 52: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 53: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 54: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 55: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 56: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 57: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 58: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 59: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 60: rootkit-like behavior; copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 61: copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 62: rootkit-like behavior; copy of MBR
Disk            \Device\Harddisk0\DR0                    sector 63: copy of MBR

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\tdx \Device\Tcp                  pxrts.sys (Prevx Realtime Security/Prevx)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0  pxkbf.sys (Prevx Keyboard Security/Prevx)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1  pxkbf.sys (Prevx Keyboard Security/Prevx)

---- EOF - GMER 1.0.15 ----

GMER nach dem scan:

Code:

ATTFilter

GMER 1.0.15.15319 - hxxp://www.gmer.net
Rootkit scan 2010-10-15 23:09:08
Windows 6.0.6002 Service Pack 2
Running: tcpernly.exe; Driver: C:\Users\CHAOSO~1\AppData\Local\Temp\kwdiqpoc.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                                              ZwAssignProcessToJobObject [0xBB001AF0]
SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                                              ZwCreateThread [0xBB001B40]
SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                                              ZwOpenProcess [0xBB002490]
SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                                              ZwOpenThread [0xBB002320]
SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                                              ZwProtectVirtualMemory [0xBB001BE0]
SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                                              ZwSetContextThread [0xBB001AA0]
SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                                              ZwTerminateProcess [0xBB002630]
SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                                              ZwTerminateThread [0xBB001C80]
SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                                              ZwWriteVirtualMemory [0xBB002000]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 191                                                                                       820E68F4 4 Bytes  [F0, 1A, 00, BB]
.text           ntkrnlpa.exe!KeSetEvent + 221                                                                                       820E6984 4 Bytes  [40, 1B, 00, BB]
.text           ntkrnlpa.exe!KeSetEvent + 3F1                                                                                       820E6B54 4 Bytes  [90, 24, 00, BB]
.text           ntkrnlpa.exe!KeSetEvent + 40D                                                                                       820E6B70 4 Bytes  [20, 23, 00, BB]
.text           ntkrnlpa.exe!KeSetEvent + 431                                                                                       820E6B94 4 Bytes  [E0, 1B, 00, BB]
.text           ...                                                                                                                 
.text           C:\Windows\system32\DRIVERS\tos_sps32.sys                                                                           section is writeable [0x8A35D480, 0x3C939, 0xE8000020]
.dsrt           C:\Windows\system32\DRIVERS\tos_sps32.sys                                                                           unknown last section [0x8A39E900, 0x3CA, 0x48000040]

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\Explorer.EXE[2724] ntdll.dll!NtWriteFile                                                                 775E5644 5 Bytes  JMP 68377B40 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text           C:\Windows\Explorer.EXE[2724] kernel32.dll!CreateThread                                                             7716C90E 5 Bytes  JMP 68377090 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text           C:\Windows\Explorer.EXE[2724] USER32.dll!SetWindowTextW                                                             76D09815 5 Bytes  JMP 68377800 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3916] ntdll.dll!LdrLoadDll                                             775A9390 5 Bytes  JMP 008D13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[5580] USER32.dll!TrackPopupMenu                               76D114F3 5 Bytes  JMP 6887DDE0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[2724] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                               [73A37817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2724] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                [73A8A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2724] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                            [73A3BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2724] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                      [73A2F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2724] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                [73A375E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2724] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                             [73A2E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2724] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                 [73A68395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2724] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                    [73A3DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2724] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                            [73A2FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2724] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                             [73A2FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2724] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                              [73A271CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2724] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                      [73ABCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2724] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                         [73A5C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2724] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                            [73A2D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2724] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                      [73A26853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2724] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                     [73A2687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2724] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                        [73A32AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                             Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                             pxkbf.sys (Prevx Keyboard Security/Prevx)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                             Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                             pxkbf.sys (Prevx Keyboard Security/Prevx)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                             pxrts.sys (Prevx Realtime Security/Prevx)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x24 0x5D 0x8E 0x02 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0xD9 0x95 0x23 0x27 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xB8 0xF1 0x2D 0x29 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x24 0x5D 0x8E 0x02 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xD9 0x95 0x23 0x27 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xB8 0xF1 0x2D 0x29 ...

---- Files - GMER 1.0.15 ----

File            C:\Users\chaosof99\AppData\Local\Mozilla\Firefox\Profiles\0ymuc05p.default\Cache\001608D1d01                        30518 bytes
File            C:\Users\chaosof99\AppData\Local\Mozilla\Firefox\Profiles\0ymuc05p.default\Cache\04105843d01                        32096 bytes
File            C:\Users\chaosof99\AppData\Local\Mozilla\Firefox\Profiles\0ymuc05p.default\Cache\1386EB61d01                        18097 bytes
File            C:\Users\chaosof99\AppData\Local\Mozilla\Firefox\Profiles\0ymuc05p.default\Cache\144D92E3d01                        16883 bytes
File            C:\Users\chaosof99\AppData\Local\Mozilla\Firefox\Profiles\0ymuc05p.default\Cache\3F56CF16d01                        27582 bytes
File            C:\Users\chaosof99\AppData\Local\Mozilla\Firefox\Profiles\0ymuc05p.default\Cache\40F025ECd01                        21657 bytes
File            C:\Users\chaosof99\AppData\Local\Mozilla\Firefox\Profiles\0ymuc05p.default\Cache\42E1D6F5d01                        21981 bytes
File            C:\Users\chaosof99\AppData\Local\Mozilla\Firefox\Profiles\0ymuc05p.default\Cache\4856EEC6d01                        98251 bytes
File            C:\Users\chaosof99\AppData\Local\Mozilla\Firefox\Profiles\0ymuc05p.default\Cache\B841F03Dd01                        32680 bytes
File            C:\Users\chaosof99\AppData\Local\Mozilla\Firefox\Profiles\0ymuc05p.default\Cache\BC5CA455d01                        293376 bytes executable
File            C:\Users\chaosof99\AppData\Local\Mozilla\Firefox\Profiles\0ymuc05p.default\Cache\C17AAA67d01                        24924 bytes
File            C:\Users\chaosof99\AppData\Local\Mozilla\Firefox\Profiles\0ymuc05p.default\Cache\5D90F1E5d01                        88797 bytes
File            C:\Users\chaosof99\AppData\Local\Mozilla\Firefox\Profiles\0ymuc05p.default\Cache\6D701728d01                        46480 bytes
File            C:\Users\chaosof99\AppData\Local\Mozilla\Firefox\Profiles\0ymuc05p.default\Cache\F98C33AEd01                        25208 bytes
File            C:\Users\chaosof99\AppData\Local\Mozilla\Firefox\Profiles\0ymuc05p.default\Cache\F9D211E4d01                        33100 bytes
File            C:\Users\chaosof99\AppData\Local\Mozilla\Firefox\Profiles\0ymuc05p.default\Cache\8CA9FA3Bd01                        49976 bytes
File            C:\Users\chaosof99\AppData\Local\Mozilla\Firefox\Profiles\0ymuc05p.default\Cache\8DD75662d01                        942048 bytes executable
File            C:\Users\chaosof99\AppData\Local\Mozilla\Firefox\Profiles\0ymuc05p.default\Cache\9582674Dd01                        17449 bytes
File            C:\Users\chaosof99\AppData\Local\Mozilla\Firefox\Profiles\0ymuc05p.default\Cache\A478AF30d01                        27349 bytes
File            C:\Users\chaosof99\AppData\Local\Mozilla\Firefox\Profiles\0ymuc05p.default\Cache\ABE913F8d01                        18885 bytes
File            C:\Users\chaosof99\AppData\Local\Mozilla\Firefox\Profiles\0ymuc05p.default\Cache\C921425Ed01                        20514 bytes
File            C:\Users\chaosof99\AppData\Local\Mozilla\Firefox\Profiles\0ymuc05p.default\Cache\DE9D653Cd01                        9931653 bytes
File            C:\Users\chaosof99\AppData\Local\Mozilla\Firefox\Profiles\0ymuc05p.default\Cache\E673F3D0d01                        17039 bytes
File            C:\Users\chaosof99\AppData\Local\Mozilla\Firefox\Profiles\0ymuc05p.default\Cache\F6FCF4F4d01                        23539 bytes
File            C:\Users\chaosof99\AppData\Local\Mozilla\Firefox\Profiles\0ymuc05p.default\Cache\C915444Bd01                        39300 bytes
File            C:\Users\chaosof99\AppData\Local\temp\flaBE42.tmp                                                                   4445668 bytes

---- EOF - GMER 1.0.15 ----

Chris4You · 16.10.2010, 20:28

Hi,

ist das ein Toshiba-System?
Ein bisschen viele MBR-Kopien, wir prüfen mal den MBR....

MBR-Check
Lade Dir http://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.

Vista und Win7 User mit Rechtsklick "als Administrator starten"

Das Tool braucht nur eine Sekunde.

Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste bitte den Inhalt des .txt Dokumentes

Wie verhält sich der Rechner?

chris

chaosof99 · 16.10.2010, 23:03

Ja, es ist ein Toshiba Laptop.

Hier der MBR bericht:

Code:

ATTFilter

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:            
Windows Version:        Windows Vista Home Basic Edition
Windows Information:        Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:    TOSHIBA
BIOS Manufacturer:        INSYDE
System Manufacturer:        TOSHIBA
System Product Name:        Satellite L350
Logical Drives Mask:        0x00000034

Kernel Drivers (total 144):
  0x82018000 \SystemRoot\system32\ntkrnlpa.exe
  0x823D1000 \SystemRoot\system32\hal.dll
  0x80404000 \SystemRoot\system32\kdcom.dll
  0x8040B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8047B000 \SystemRoot\system32\PSHED.dll
  0x8048C000 \SystemRoot\system32\BOOTVID.dll
  0x80494000 \SystemRoot\system32\CLFS.SYS
  0x804D5000 \SystemRoot\system32\CI.dll
  0x8060B000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x80687000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80694000 \SystemRoot\system32\drivers\acpi.sys
  0x806DA000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x806E3000 \SystemRoot\system32\drivers\msisadrv.sys
  0x806EB000 \SystemRoot\system32\drivers\pci.sys
  0x80712000 \SystemRoot\System32\drivers\partmgr.sys
  0x80721000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x80724000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x8072E000 \SystemRoot\system32\drivers\volmgr.sys
  0x8073D000 \SystemRoot\System32\drivers\volmgrx.sys
  0x80787000 \SystemRoot\System32\drivers\mountmgr.sys
  0x80797000 \SystemRoot\system32\DRIVERS\pciide.sys
  0x8079E000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x82606000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x826D4000 \SystemRoot\system32\drivers\atapi.sys
  0x826DC000 \SystemRoot\system32\drivers\ataport.SYS
  0x826FA000 \SystemRoot\system32\drivers\msahci.sys
  0x82704000 \SystemRoot\system32\drivers\fltmgr.sys
  0x82736000 \SystemRoot\system32\drivers\fileinfo.sys
  0x82746000 \SystemRoot\System32\Drivers\PxHelp20.sys
  0x8274F000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x83007000 \SystemRoot\system32\drivers\ndis.sys
  0x83112000 \SystemRoot\system32\drivers\msrpc.sys
  0x8313D000 \SystemRoot\system32\drivers\NETIO.SYS
  0x83203000 \SystemRoot\System32\drivers\tcpip.sys
  0x832ED000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8A202000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8A312000 \SystemRoot\system32\drivers\volsnap.sys
  0x8A34B000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
  0x8A350000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
  0x8A393000 \SystemRoot\System32\Drivers\spldr.sys
  0x8A39B000 \SystemRoot\System32\Drivers\mup.sys
  0x8A3AA000 \SystemRoot\System32\drivers\ecache.sys
  0x8A3D1000 \SystemRoot\system32\drivers\disk.sys
  0x83308000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8A3E2000 \SystemRoot\system32\drivers\crcdisk.sys
  0x83178000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x833F7000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8A3F8000 \SystemRoot\system32\DRIVERS\FwLnk.sys
  0x83183000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x83192000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8D806000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
  0x8DEEA000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8DF8B000 \SystemRoot\System32\drivers\watchdog.sys
  0x8DF97000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8DFA2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8DFE0000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8E00A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8E097000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
  0x8E0B8000 \SystemRoot\system32\DRIVERS\athr.sys
  0x8E19C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8E1AF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8E1BA000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x8E1E9000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8E1EB000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8E1F6000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
  0x8E000000 \SystemRoot\System32\Drivers\ElbyCDFL.sys
  0x83196000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8E1FA000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x831AE000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x807AC000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8DFEF000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x831DD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x831F4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x827C0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x827E3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x805B5000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x805C9000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x83000000 \SystemRoot\system32\DRIVERS\tap0901.sys
  0x807ED000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8E007000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8E401000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8E42B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8E435000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8E442000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8E477000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8E600000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8E488000 \SystemRoot\system32\drivers\portcls.sys
  0x8E4B5000 \SystemRoot\system32\drivers\drmk.sys
  0x8E4DA000 \SystemRoot\system32\DRIVERS\AGRSM.sys
  0x827F2000 \SystemRoot\system32\drivers\modem.sys
  0x8E5F6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x80600000 \SystemRoot\System32\Drivers\Null.SYS
  0x805DE000 \SystemRoot\System32\Drivers\Beep.SYS
  0x805E5000 \SystemRoot\System32\drivers\vga.sys
  0x8E803000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8E824000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8E82C000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8E834000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8E83F000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8E84D000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8E856000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8E86C000 \SystemRoot\system32\DRIVERS\smb.sys
  0x8E880000 \SystemRoot\system32\drivers\afd.sys
  0x8E8C8000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8E8FA000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8E910000 \SystemRoot\system32\DRIVERS\jswpslwf.sys
  0x8E915000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8E923000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8E936000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8E972000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8E97C000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
  0x8E981000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8E998000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8E9A1000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8E9B1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8E9B8000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x8E9C0000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x83329000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x98030000 \SystemRoot\System32\win32k.sys
  0x8E9CD000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8E9D7000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x98250000 \SystemRoot\System32\TSDDD.dll
  0x98270000 \SystemRoot\System32\cdd.dll
  0x80C0D000 \SystemRoot\system32\drivers\luafv.sys
  0x80C28000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x80C38000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x80C62000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x80C6C000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x80C7F000 \SystemRoot\system32\drivers\HTTP.sys
  0x80CEC000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x80D09000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x80D22000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x80D37000 \SystemRoot\system32\drivers\mrxdav.sys
  0x80D58000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x80D77000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x80DB0000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x80DC8000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xABA05000 \SystemRoot\System32\DRIVERS\srv.sys
  0xABA53000 \SystemRoot\system32\drivers\peauth.sys
  0xABB31000 \SystemRoot\system32\drivers\spsys.sys
  0xABBE1000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xABBEB000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x8E9E6000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x77A70000 \Windows\System32\ntdll.dll

Processes (total 77):
       0 System Idle Process
       4 System
     460 C:\Windows\System32\smss.exe
     528 csrss.exe
     572 C:\Windows\System32\wininit.exe
     580 csrss.exe
     628 C:\Windows\System32\winlogon.exe
     656 C:\Windows\System32\services.exe
     676 C:\Windows\System32\lsass.exe
     684 C:\Windows\System32\lsm.exe
     840 C:\Windows\System32\svchost.exe
     888 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
     932 C:\Windows\System32\svchost.exe
     964 C:\Windows\System32\svchost.exe
    1032 C:\Windows\System32\svchost.exe
    1124 C:\Windows\System32\svchost.exe
    1140 C:\Windows\System32\svchost.exe
    1212 C:\Windows\System32\audiodg.exe
    1244 C:\Windows\System32\SLsvc.exe
    1288 C:\Windows\System32\svchost.exe
    1408 C:\Windows\System32\svchost.exe
    1528 C:\Windows\System32\wlanext.exe
    1632 C:\Windows\System32\spoolsv.exe
    1660 C:\Windows\System32\svchost.exe
    1812 C:\Windows\System32\agrsmsvc.exe
    1840 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1852 C:\Program Files\Bonjour\mDNSResponder.exe
    1872 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    1948 C:\Windows\System32\svchost.exe
    2028 C:\Windows\System32\svchost.exe
     292 C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE
     584 C:\Windows\System32\svchost.exe
    1112 C:\Windows\System32\svchost.exe
    1388 C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
    1732 C:\Windows\System32\svchost.exe
     504 C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
    2060 C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    2092 C:\Windows\System32\TODDSrv.exe
    2132 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    2168 C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    2220 C:\Windows\System32\svchost.exe
    2268 C:\Windows\System32\SearchIndexer.exe
    2648 C:\Windows\System32\taskeng.exe
    3012 C:\Windows\System32\dwm.exe
    3044 C:\Windows\explorer.exe
    3056 C:\Windows\System32\taskeng.exe
    3204 C:\Program Files\Windows Defender\MSASCui.exe
    3216 C:\Program Files\Java\jre6\bin\jusched.exe
    3224 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3232 C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    3252 C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
    3276 C:\Windows\System32\hkcmd.exe
    3284 C:\Windows\System32\igfxpers.exe
    3292 C:\Windows\RtHDVCpl.exe
    3300 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    3316 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    3324 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    3332 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    3380 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
    3448 C:\Program Files\iTunes\iTunesHelper.exe
    3464 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    3536 C:\Program Files\OpenOffice.org 3\program\soffice.exe
    3592 C:\Windows\System32\igfxsrvc.exe
    3660 C:\Program Files\OpenOffice.org 3\program\soffice.bin
    3924 C:\Windows\System32\igfxext.exe
    4052 C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    2080 C:\Program Files\Mozilla Firefox\firefox.exe
    3112 C:\Program Files\iPod\bin\iPodService.exe
     788 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    2140 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
     328 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    2672 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
     960 C:\Windows\System32\SearchProtocolHost.exe
    2820 C:\Windows\System32\VSSVC.exe
    2880 C:\Windows\System32\svchost.exe
    3480 C:\Windows\System32\SearchFilterHost.exe
    3368 C:\Users\chaosof99\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000001d`70300000  (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHZ2250BHG1, Rev: 0040020C

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0   Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

TR/Crypt.XPACK.Gen3 entfernen

Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.Gen3 entfernen