Trojaner-Board - Freemail-Account verschickt ebenfalls Spam-mails

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Freemail-Account verschickt ebenfalls Spam-mails (https://www.trojaner-board.de/107237-freemail-account-verschickt-ebenfalls-spam-mails.html)

Freemail-Account verschickt ebenfalls Spam-mails

Schönen guten Tag,
mir ist in den letzten Tagen aufgefallen bzw. wurde mir zugetragen, dass ich Spam-Mails über meine e-Mail Adresse bei freemail versenden würde. Es wurden Spam-Mails an alle Personen gesendet mit denen ich Mail-Verkehr hatte, an mein gesamtes Adressbuch und an mich selbst!?
Naja wie auch immer. Ich hab nun auf einigen Seiten gelesen, dass das ein web.de-Problem sein könnte, da dies wohl im Mo so extrem gehäuft vorkommt. Angeblich wollte web.de sich nicht dazu äußern bzw. sind die wohl momentan nicht in der Lage das zu verhindern.
Ich habe mich dennoch auch hier umgesehen und Malwarebytes und Eset durchlaufen lassen.
Hier die Ergebnisse:

Malwarebytes:

Code:

 Malwarebytes Anti-Malware (Test) 1.60.0.1800

www.malwarebytes.org
 

Datenbank Version: v2011.12.30.01
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 7.0.6002.18005

chrissi-pissi :: USP-RULES [Administrator]
 

Schutz: Aktiviert
 

30.12.2011 03:06:01

mbam-log-2011-12-30 (03-06-01).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 390516

Laufzeit: 2 Stunde(n), 19 Minute(n), 24 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 3

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bet365poker (PUP.Casino) -> Keine Aktion durchgeführt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\William Hill Poker (PUP.Casino) -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Registrierungswerte: 1

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|00235313 (Trojan.Agent) -> Daten: C:\ProgramData\00235313\00235313.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 1

C:\ProgramData\00235313 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateien: 4

C:\Poker\Poker at bet365\_SetupPoker_3f8b.exe (PUP.Casino) -> Keine Aktion durchgeführt.

C:\Poker\William Hill Poker\_SetupPoker_a072a_de.exe (PUP.Casino) -> Keine Aktion durchgeführt.

C:\Windows\Temp\fcebd646926a47fb8ce57784d818a8a9\SkypeSetup.exe (Trojan.FakeInstaller) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\chrissi-pissi\AppData\Roaming\avdrn.dat (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

ESET (leider nur Ergebnis/Funde)

Code:

 C:\Users\chrissi-pissi\AppData\Local\Temp\plugtmp-1\plugin-        PDF/Exploit.Pidief.PHD.Gen trojan

C:\Users\chrissi-pissi\AppData\Roaming\toolplugin\toolbar.dll        Win32/Adware.ToolPlugin application

Wäre nett, wenn sich das jemand mal anschaut und mir dann sagt, woran ich bin und was ich noch machen kann.
Vielen Dank bereits im Voraus.

MfG
celtic

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Nein, ich habe Malwarebytes zum ersten Mal benutzt.

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

So, ich habe ESET noch einmal ausgeführt.
Hier das log:

Code:

 ESETSmartInstaller@High as downloader log:

all ok

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=e31b3a1d0072cd4098cecaaaccf16988

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-12-31 07:52:38

# local_time=2011-12-31 08:52:38 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=5892 16776574 100 100 5082 162843181 0 0

# compatibility_mode=8192 67108863 100 0 89032 89032 0 0

# scanned=179671

# found=1

# cleaned=0

# scan_time=7504

C:\Users\chrissi-pissi\AppData\Roaming\toolplugin\toolbar.dll        Win32/Adware.ToolPlugin application (unable to clean)        00000000000000000000000000000000        I

Hoffe das hilft weiter.

MfG
celtic

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Getan wie vorgeschlagen.
Hier der Inhalt aus OTL.txt:
OTL Logfile:

Code:

OTL logfile created on: 03.01.2012 05:29:45 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\chrissi-pissi\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,87 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 49,83% Memory free

5,94 Gb Paging File | 4,70 Gb Available in Paging File | 79,02% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 148,89 Gb Total Space | 79,73 Gb Free Space | 53,55% Space Free | Partition Type: NTFS

Drive E: | 147,73 Gb Total Space | 143,31 Gb Free Space | 97,01% Space Free | Partition Type: NTFS

 

Computer Name: USP-RULES | User Name: chrissi-pissi | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.01.02 20:34:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\chrissi-pissi\Desktop\OTL.exe

PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011.12.14 12:23:34 | 001,212,224 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe

PRC - [2011.12.14 12:23:32 | 001,514,304 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

PRC - [2011.09.02 15:44:22 | 000,018,432 | ---- | M] () -- C:\Users\chrissi-pissi\AppData\LocalLow\Picasa\IE\PicasaUpdater.exe

PRC - [2011.06.15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe

PRC - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe

PRC - [2009.04.21 16:36:06 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) -- C:\Programme\Toshiba TEMPRO\TemproSvc.exe

PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe

PRC - [2008.07.18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

PRC - [2008.06.24 10:06:14 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\SmoothView\SmoothView.exe

PRC - [2008.05.09 11:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe

PRC - [2008.04.24 18:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe

PRC - [2008.04.24 12:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

PRC - [2008.04.16 23:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe

PRC - [2008.04.08 14:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2008.02.06 14:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe

PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe

PRC - [2008.01.17 16:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe

PRC - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe

PRC - [2007.11.21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe

PRC - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

PRC - [2006.08.23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2008.09.16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll

MOD - [2008.03.06 10:14:54 | 005,121,912 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\BlackPng.dll

MOD - [2007.12.25 12:03:40 | 000,015,184 | ---- | M] () -- C:\Programme\TOSHIBA\PCDiag\NotifyPCD.dll

MOD - [2007.12.14 21:40:00 | 000,090,112 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll

MOD - [2006.10.10 10:44:16 | 000,009,728 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Assist\NotifyX.dll

MOD - [2006.10.07 11:57:04 | 000,053,248 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.12.14 12:23:32 | 001,514,304 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)

SRV - [2011.09.02 15:44:22 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\chrissi-pissi\AppData\LocalLow\Picasa\IE\PicasaUpdater.exe -- (PicasaUpdater)

SRV - [2011.04.27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2010.11.08 22:04:26 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)

SRV - [2009.04.21 16:36:06 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)

SRV - [2008.07.18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)

SRV - [2008.04.24 18:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)

SRV - [2008.04.16 23:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

SRV - [2008.04.16 15:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Programme\Jumpstart\jswpsapi.exe -- (jswpsapi)

SRV - [2008.02.06 14:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)

SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV - [2007.11.21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)

SRV - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2006.08.23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2012.01.02 22:53:03 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6DE60DA6-BE37-44AE-9679-9DE6F21C3D82}\MpKslf824e8e3.sys -- (MpKslf824e8e3)

DRV - [2011.12.12 19:31:38 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)

DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011.04.27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2011.04.18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)

DRV - [2010.11.08 22:04:26 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)

DRV - [2009.04.11 05:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)

DRV - [2008.07.29 05:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2008.07.18 18:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)

DRV - [2008.07.15 19:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)

DRV - [2008.04.28 16:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)

DRV - [2008.04.15 09:05:08 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2007.11.09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)

DRV - [2006.11.28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2006.11.20 13:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)

DRV - [2006.10.18 10:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://fussball.de/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Search the web"

FF - prefs.js..browser.search.order.1: "Search the web"

FF - prefs.js..browser.search.selectedEngine: "Search the web"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://fussball.de/"

FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

 

FF - user.js..browser.search.selectedEngine: "Search the web"

FF - user.js..browser.search.order.1: "Search the web"

FF - user.js..browser.search.defaultenginename: "Search the web"

FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKCU\Software\MozillaPlugins\@powerchallenge.com/PowerLoader: C:\Users\CHRISS~1\AppData\LocalLow\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.30 18:42:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.30 18:42:19 | 000,000,000 | ---D | M]

 

[2010.01.17 13:08:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chrissi-pissi\AppData\Roaming\mozilla\Extensions

[2011.12.30 10:33:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chrissi-pissi\AppData\Roaming\mozilla\Firefox\Profiles\l1fgr8de.default\extensions

[2010.02.11 11:52:00 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\chrissi-pissi\AppData\Roaming\mozilla\Firefox\Profiles\l1fgr8de.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}

[2011.09.20 16:58:39 | 000,000,000 | ---D | M] (Picasa) -- C:\Users\chrissi-pissi\AppData\Roaming\mozilla\Firefox\Profiles\l1fgr8de.default\extensions\picasa@google.com

[2011.10.28 17:12:57 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\chrissi-pissi\AppData\Roaming\mozilla\Firefox\Profiles\l1fgr8de.default\extensions\welcome@toolmin.com

[2011.12.11 20:43:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.10.20 00:59:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011.11.01 17:47:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

() (No name found) -- C:\USERS\CHRISSI-PISSI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L1FGR8DE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2009.09.02 12:44:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011.12.11 20:43:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010.03.08 11:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\mozilla firefox\plugins\npmidas.dll

[2011.12.11 20:43:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.12.11 20:43:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.12.11 20:43:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.12.11 20:43:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.10.28 17:12:57 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src

[2011.12.11 20:43:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.12.11 20:43:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O2 - BHO: (Picasa) - {AAA4C1FB-CF94-420D-9EB4-B3D9148BA73F} - C:\Users\chrissi-pissi\AppData\LocalLow\Picasa\IE\Picasa.dll (Google Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\chrissi-pissi\AppData\Roaming\toolplugin\toolbar.dll ()

O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)

O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)

O4 - HKLM..\Run: [Toshiba TEMPRO] C:\Programme\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)

O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [EPSON SX100 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE (SEIKO EPSON CORPORATION)

O4 - HKCU..\Run: [feedreader.exe] C:\Program Files\FeedReader30\feedreader.exe ()

O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)

O4 - HKCU..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found

O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\chrissi-pissi\Desktop\PartyPoker.lnk File not found

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\chrissi-pissi\Desktop\PartyPoker.lnk File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} hxxp://www.powerchallenge.com/applet/PowerLoader.cab (PowerLoader Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game14.zylom.com/activex/zylomgamesplayer.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A6F9E93-03EA-4FC4-8D6B-5AC10ECEF4F8}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FECDCAF8-78A3-4A20-8A59-0FB8306D1E59}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img17.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img17.jpg

O27 - HKLM IFEO\icq.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)

O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{19644983-e3b0-11df-a5c1-001e339dfb8f}\Shell - "" = AutoRun

O33 - MountPoints2\{19644983-e3b0-11df-a5c1-001e339dfb8f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

Drivers32: msacm.dvacm - C:\Programme\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)

Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.01.02 20:34:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\chrissi-pissi\Desktop\OTL.exe

[2011.12.30 10:25:13 | 000,000,000 | ---D | C] -- C:\Users\chrissi-pissi\Desktop\Tools

[2011.12.30 10:06:13 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe

[2011.12.30 10:06:12 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll

[2011.12.30 10:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012

[2011.12.30 10:05:33 | 000,000,000 | ---D | C] -- C:\Users\chrissi-pissi\AppData\Roaming\TuneUp Software

[2011.12.30 10:05:14 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012

[2011.12.30 10:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software

[2011.12.30 10:03:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}

[2011.12.30 07:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011.12.30 02:46:57 | 000,000,000 | ---D | C] -- C:\Users\chrissi-pissi\AppData\Roaming\Malwarebytes

[2011.12.30 02:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.12.30 02:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.12.30 02:46:39 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.12.30 02:46:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011.12.19 03:00:44 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur

[2011.12.14 16:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX

[2009.06.16 13:03:56 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.01.03 05:06:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.01.03 04:58:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.01.03 03:06:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.01.03 02:27:43 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.01.03 02:27:43 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.01.02 20:34:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\chrissi-pissi\Desktop\OTL.exe

[2012.01.01 08:54:14 | 000,630,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.01.01 08:54:14 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.01.01 08:54:14 | 000,127,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.01.01 08:54:14 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.12.16 17:35:08 | 000,293,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.12.14 12:23:40 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe

[2011.12.14 12:23:22 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll

[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.12.30 10:06:04 | 000,001,882 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk

[2011.11.03 14:59:47 | 000,002,712 | ---- | C] () -- C:\Windows\System32\AVRedirector.ini

[2011.11.03 14:59:47 | 000,001,392 | ---- | C] () -- C:\Windows\System32\AVRedirectorOff.ini

[2011.09.20 17:01:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2011.05.01 23:58:32 | 000,032,608 | ---- | C] () -- C:\Windows\king-uninstall.exe

[2010.02.09 15:33:12 | 000,000,020 | ---- | C] () -- C:\Users\chrissi-pissi\AppData\Roaming\sgcpom.dat

[2009.10.21 13:48:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009.10.21 13:48:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.06.16 13:03:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dossec.dll

[2009.05.11 17:18:47 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2009.05.11 17:18:47 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2009.03.22 16:12:00 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat

[2009.03.22 16:12:00 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat

[2009.03.22 16:12:00 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat

[2009.03.22 16:12:00 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat

[2009.03.22 16:12:00 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat

[2009.03.22 16:12:00 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat

[2009.03.22 16:12:00 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat

[2009.03.22 16:12:00 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat

[2009.03.22 16:12:00 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat

[2009.03.22 16:12:00 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat

[2009.03.22 16:12:00 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat

[2009.03.22 16:12:00 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat

[2009.03.22 16:12:00 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat

[2009.03.22 16:12:00 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat

[2009.03.22 16:12:00 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat

[2009.03.22 16:12:00 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat

[2009.03.22 16:12:00 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat

[2009.03.22 16:12:00 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat

[2009.03.22 16:12:00 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini

[2009.03.22 16:10:59 | 000,000,025 | ---- | C] () -- C:\Windows\CDESX100DEFGIPS.ini

[2009.03.14 16:36:53 | 000,033,280 | ---- | C] () -- C:\Users\chrissi-pissi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.03.09 22:02:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2009.03.09 19:28:31 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini

[2009.03.09 19:28:31 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll

[2009.03.09 19:28:31 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini

[2009.03.09 19:28:31 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini

[2008.08.12 18:27:59 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll

[2008.08.12 18:27:59 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll

[2008.08.12 18:27:59 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll

[2008.08.12 18:27:59 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll

[2008.08.12 18:27:59 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll

[2008.08.12 18:27:59 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll

[2008.08.12 18:19:41 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI

[2008.08.12 18:04:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll

[2008.08.12 18:04:47 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin

[2008.08.12 18:04:45 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin

[2008.08.12 18:04:44 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin

[2008.08.12 17:21:44 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2008.04.24 18:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll

[2008.04.24 18:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll

[2008.04.24 18:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll

[2008.04.24 18:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll

[2008.04.24 18:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll

[2008.04.24 18:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll

[2008.01.21 08:15:58 | 000,630,842 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2008.01.21 08:15:58 | 000,127,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 13:47:37 | 000,293,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 11:33:01 | 000,598,096 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 11:33:01 | 000,105,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

 
 ========== LOP Check ==========

 

[2010.02.11 21:22:10 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\art2

[2011.11.03 14:59:40 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\AVSoftware

[2011.12.15 06:17:17 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Feedreader

[2011.09.28 04:32:49 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\ICQ

[2010.02.11 21:22:10 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Meridian93

[2009.03.09 21:27:41 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\myphotobook

[2009.08.21 14:29:50 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\PlayFirst

[2009.12.15 13:20:28 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Skip-Bo

[2011.10.28 17:12:56 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\toolplugin

[2011.12.30 10:05:33 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\TuneUp Software

[2009.05.04 21:46:32 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Zylom

[2011.12.31 17:29:52 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2009.03.20 19:47:16 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Adobe

[2011.03.15 00:50:41 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Apple Computer

[2010.02.11 21:22:10 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\art2

[2011.11.03 14:59:40 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\AVSoftware

[2010.03.12 18:57:35 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\DivX

[2011.12.15 06:17:17 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Feedreader

[2009.03.09 21:40:40 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Google

[2011.09.28 04:32:49 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\ICQ

[2009.05.04 21:46:32 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Identities

[2009.03.09 20:39:15 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\InstallShield

[2009.03.09 20:50:17 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Macromedia

[2011.12.30 02:46:57 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Malwarebytes

[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Media Center Programs

[2010.02.11 21:22:10 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Meridian93

[2011.12.30 07:42:20 | 000,000,000 | --SD | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Microsoft

[2010.01.17 13:08:38 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Mozilla

[2011.04.22 18:38:38 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Mozilla-Cache

[2009.03.09 21:27:41 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\myphotobook

[2009.08.21 14:29:50 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\PlayFirst

[2009.12.15 13:20:28 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Skip-Bo

[2011.12.30 18:19:50 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Skype

[2011.10.20 00:51:13 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\skypePM

[2011.10.28 17:12:56 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\toolplugin

[2011.12.30 10:05:33 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\TuneUp Software

[2009.04.20 11:19:34 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\WinRAR

[2009.10.07 13:05:29 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Yahoo!

[2009.05.04 21:46:32 | 000,000,000 | ---D | M] -- C:\Users\chrissi-pissi\AppData\Roaming\Zylom

 
 < %APPDATA%\*.exe /s >

[2007.01.01 17:01:24 | 000,009,728 | ---- | M] () -- C:\Users\chrissi-pissi\AppData\Roaming\myphotobook\xtras\localVista.exe

[2007.01.08 09:34:46 | 000,006,656 | ---- | M] () -- C:\Users\chrissi-pissi\AppData\Roaming\myphotobook\xtras\localXP.exe

[2006.12.21 12:16:20 | 000,021,504 | ---- | M] (Optimum X) -- C:\Users\chrissi-pissi\AppData\Roaming\myphotobook\xtras\shellExecute.exe

[2006.12.21 12:16:14 | 000,009,216 | ---- | M] () -- C:\Users\chrissi-pissi\AppData\Roaming\myphotobook\xtras\sleep.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2008.03.25 04:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_3e1ecd89\AGP440.sys

[2008.03.25 04:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.22142_none_ba734aead7ed1bb6\AGP440.sys

[2008.03.26 04:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_e4087235\AGP440.sys

[2008.03.26 04:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20800_none_b8b64d46daa7e57a\AGP440.sys

[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys

[2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2008.03.12 07:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2008.04.15 17:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

[2008.04.15 17:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2008.04.15 17:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys

[2008.04.15 17:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\Temp\user32.dll

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:BC6FE71D

@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:1969F3F5

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:E71141D2

@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E6E9EB6C
 

< End of report >

--- --- ---

Es wurde noch eine weitere Datei erstellt und zwar Extras.txt. Soll ich die auch posten?

MfG
celtic

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;

FF - prefs.js..browser.search.defaultenginename: "Search the web"

FF - prefs.js..browser.search.order.1: "Search the web"

FF - prefs.js..browser.search.selectedEngine: "Search the web"

FF - prefs.js..keyword.URL: "http://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

FF - user.js..browser.search.selectedEngine: "Search the web"

FF - user.js..browser.search.order.1: "Search the web"

FF - user.js..browser.search.defaultenginename: "Search the web"

FF - user.js..keyword.URL: "http://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

[2011.10.28 17:12:57 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src

O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\chrissi-pissi\Desktop\PartyPoker.lnk File not found

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\chrissi-pissi\Desktop\PartyPoker.lnk File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{19644983-e3b0-11df-a5c1-001e339dfb8f}\Shell - "" = AutoRun

O33 - MountPoints2\{19644983-e3b0-11df-a5c1-001e339dfb8f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:BC6FE71D

@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:1969F3F5

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:E71141D2

@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E6E9EB6C
 

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Ich habe den Fix ausführen lassen.
Danach funktionierte allerdings kein Windows-externes Programm (z.B. Feed-Reader) mehr und vor allem die Dienste, die für die WLan-Verbindung zuständig sind und die Windows-Firewall waren hinüber. Habe daraufhin eine Systemwiderherstellung machen müssen.
Hier dennoch das Fix-Log:

Code:

 All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

Prefs.js: "Search the web" removed from browser.search.defaultenginename

Prefs.js: "Search the web" removed from browser.search.order.1

Prefs.js: "Search the web" removed from browser.search.selectedEngine

Prefs.js: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL

C:\Users\chrissi-pissi\AppData\Roaming\Mozilla\FireFox\Profiles\l1fgr8de.default\user.js moved successfully.

C:\Programme\Mozilla Firefox\searchplugins\Search the web.src moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\cfFncEnabler.exe deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007\ deleted successfully.

C:\Programme\Bonjour\mdnsNSP.dll moved successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19644983-e3b0-11df-a5c1-001e339dfb8f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19644983-e3b0-11df-a5c1-001e339dfb8f}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19644983-e3b0-11df-a5c1-001e339dfb8f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19644983-e3b0-11df-a5c1-001e339dfb8f}\ not found.

File G:\LaunchU3.exe -a not found.

ADS C:\ProgramData\TEMP:BC6FE71D deleted successfully.

ADS C:\ProgramData\TEMP:1969F3F5 deleted successfully.

ADS C:\ProgramData\TEMP:E71141D2 deleted successfully.

ADS C:\ProgramData\TEMP:E6E9EB6C deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: chrissi-pissi

->Temp folder emptied: 23454160 bytes

->Temporary Internet Files folder emptied: 25204182 bytes

->Java cache emptied: 15392194 bytes

->FireFox cache emptied: 1002197295 bytes

->Flash cache emptied: 893503 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 39568128 bytes

RecycleBin emptied: 162 bytes

 

Total Files Cleaned = 1.055,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 01032012_204105
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

MfG
celtic

Zitat:

Danach funktionierte allerdings kein Windows-externes Programm (z.B. Feed-Reader) mehr und vor allem die Dienste, die für die WLan-Verbindung zuständig sind und die Windows-Firewall waren hinüber. Habe daraufhin eine Systemwiderherstellung machen müssen.

Schon merkwürdig, denn ich hab keine systemrelevanten Sachen gefixt.

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

So hier ist es:

Code:

 23:44:14.0537 4860        TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

23:44:14.0646 4860        ============================================================

23:44:14.0646 4860        Current date / time: 2012/01/05 23:44:14.0646

23:44:14.0646 4860        SystemInfo:

23:44:14.0646 4860        

23:44:14.0646 4860        OS Version: 6.0.6002 ServicePack: 2.0

23:44:14.0646 4860        Product type: Workstation

23:44:14.0646 4860        ComputerName: USP-RULES

23:44:14.0646 4860        UserName: chrissi-pissi

23:44:14.0646 4860        Windows directory: C:\Windows

23:44:14.0646 4860        System windows directory: C:\Windows

23:44:14.0646 4860        Processor architecture: Intel x86

23:44:14.0646 4860        Number of processors: 2

23:44:14.0646 4860        Page size: 0x1000

23:44:14.0646 4860        Boot type: Normal boot

23:44:14.0646 4860        ============================================================

23:44:15.0098 4860        Initialize success

23:44:23.0257 3768        ============================================================

23:44:23.0257 3768        Scan started

23:44:23.0257 3768        Mode: Manual; SigCheck; TDLFS; 

23:44:23.0257 3768        ============================================================

23:44:23.0897 3768        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

23:44:24.0099 3768        ACPI - ok

23:44:24.0271 3768        adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

23:44:24.0318 3768        adp94xx - ok

23:44:24.0380 3768        adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

23:44:24.0396 3768        adpahci - ok

23:44:24.0505 3768        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

23:44:24.0521 3768        adpu160m - ok

23:44:24.0567 3768        adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

23:44:24.0583 3768        adpu320 - ok

23:44:24.0739 3768        AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

23:44:24.0801 3768        AFD - ok

23:44:25.0004 3768        AgereSoftModem  (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys

23:44:25.0098 3768        AgereSoftModem - ok

23:44:25.0223 3768        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

23:44:25.0238 3768        agp440 - ok

23:44:25.0269 3768        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

23:44:25.0285 3768        aic78xx - ok

23:44:25.0316 3768        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

23:44:25.0332 3768        aliide - ok

23:44:25.0441 3768        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

23:44:25.0457 3768        amdagp - ok

23:44:25.0488 3768        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

23:44:25.0503 3768        amdide - ok

23:44:25.0550 3768        AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

23:44:25.0613 3768        AmdK7 - ok

23:44:25.0706 3768        AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

23:44:25.0769 3768        AmdK8 - ok

23:44:25.0909 3768        arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

23:44:25.0925 3768        arc - ok

23:44:25.0971 3768        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

23:44:25.0987 3768        arcsas - ok

23:44:26.0065 3768        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

23:44:26.0127 3768        AsyncMac - ok

23:44:26.0190 3768        atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

23:44:26.0221 3768        atapi - ok

23:44:26.0330 3768        athr            (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys

23:44:26.0424 3768        athr - ok

23:44:26.0627 3768        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

23:44:26.0705 3768        Beep - ok

23:44:26.0814 3768        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

23:44:26.0876 3768        blbdrive - ok

23:44:27.0001 3768        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

23:44:27.0063 3768        bowser - ok

23:44:27.0188 3768        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

23:44:27.0297 3768        BrFiltLo - ok

23:44:27.0422 3768        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

23:44:27.0485 3768        BrFiltUp - ok

23:44:27.0547 3768        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

23:44:27.0750 3768        Brserid - ok

23:44:27.0875 3768        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

23:44:27.0984 3768        BrSerWdm - ok

23:44:28.0031 3768        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

23:44:28.0155 3768        BrUsbMdm - ok

23:44:28.0296 3768        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

23:44:28.0389 3768        BrUsbSer - ok

23:44:28.0467 3768        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

23:44:28.0561 3768        BTHMODEM - ok

23:44:28.0655 3768        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

23:44:28.0717 3768        cdfs - ok

23:44:28.0842 3768        cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

23:44:28.0904 3768        cdrom - ok

23:44:28.0982 3768        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

23:44:29.0029 3768        circlass - ok

23:44:29.0123 3768        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

23:44:29.0138 3768        CLFS - ok

23:44:29.0263 3768        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

23:44:29.0325 3768        CmBatt - ok

23:44:29.0403 3768        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

23:44:29.0419 3768        cmdide - ok

23:44:29.0481 3768        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

23:44:29.0497 3768        Compbatt - ok

23:44:29.0575 3768        crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

23:44:29.0591 3768        crcdisk - ok

23:44:29.0622 3768        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

23:44:29.0669 3768        Crusoe - ok

23:44:29.0778 3768        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

23:44:29.0840 3768        DfsC - ok

23:44:30.0027 3768        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

23:44:30.0043 3768        disk - ok

23:44:30.0121 3768        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

23:44:30.0183 3768        drmkaud - ok

23:44:30.0293 3768        DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

23:44:30.0355 3768        DXGKrnl - ok

23:44:30.0386 3768        E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

23:44:30.0449 3768        E1G60 - ok

23:44:30.0558 3768        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

23:44:30.0573 3768        Ecache - ok

23:44:30.0667 3768        elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

23:44:30.0698 3768        elxstor - ok

23:44:30.0807 3768        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

23:44:30.0854 3768        ErrDev - ok

23:44:30.0917 3768        exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

23:44:30.0979 3768        exfat - ok

23:44:31.0073 3768        fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

23:44:31.0119 3768        fastfat - ok

23:44:31.0166 3768        fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

23:44:31.0229 3768        fdc - ok

23:44:31.0322 3768        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

23:44:31.0338 3768        FileInfo - ok

23:44:31.0369 3768        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

23:44:31.0416 3768        Filetrace - ok

23:44:31.0463 3768        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

23:44:31.0525 3768        flpydisk - ok

23:44:31.0650 3768        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

23:44:31.0665 3768        FltMgr - ok

23:44:31.0728 3768        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

23:44:31.0775 3768        Fs_Rec - ok

23:44:31.0899 3768        FwLnk           (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys

23:44:31.0931 3768        FwLnk - ok

23:44:31.0977 3768        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

23:44:31.0993 3768        gagp30kx - ok

23:44:32.0087 3768        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

23:44:32.0102 3768        GEARAspiWDM - ok

23:44:32.0258 3768        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

23:44:32.0414 3768        HdAudAddService - ok

23:44:32.0461 3768        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

23:44:32.0555 3768        HDAudBus - ok

23:44:32.0679 3768        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

23:44:32.0773 3768        HidBth - ok

23:44:32.0804 3768        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

23:44:32.0898 3768        HidIr - ok

23:44:32.0991 3768        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

23:44:33.0054 3768        HidUsb - ok

23:44:33.0101 3768        HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

23:44:33.0132 3768        HpCISSs - ok

23:44:33.0241 3768        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

23:44:33.0303 3768        HTTP - ok

23:44:33.0413 3768        i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

23:44:33.0428 3768        i2omp - ok

23:44:33.0491 3768        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

23:44:33.0537 3768        i8042prt - ok

23:44:33.0647 3768        iaStor          (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys

23:44:33.0709 3768        iaStor - ok

23:44:33.0756 3768        iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

23:44:33.0771 3768        iaStorV - ok

23:44:33.0943 3768        igfx            (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys

23:44:34.0115 3768        igfx - ok

23:44:34.0239 3768        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

23:44:34.0255 3768        iirsp - ok

23:44:34.0364 3768        IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys

23:44:34.0505 3768        IntcAzAudAddService - ok

23:44:34.0676 3768        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

23:44:34.0692 3768        intelide - ok

23:44:34.0739 3768        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

23:44:34.0801 3768        intelppm - ok

23:44:34.0926 3768        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:44:34.0973 3768        IpFilterDriver - ok

23:44:35.0019 3768        IpInIp - ok

23:44:35.0066 3768        IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

23:44:35.0113 3768        IPMIDRV - ok

23:44:35.0207 3768        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

23:44:35.0269 3768        IPNAT - ok

23:44:35.0316 3768        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

23:44:35.0378 3768        IRENUM - ok

23:44:35.0472 3768        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

23:44:35.0503 3768        isapnp - ok

23:44:35.0565 3768        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

23:44:35.0597 3768        iScsiPrt - ok

23:44:35.0675 3768        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

23:44:35.0690 3768        iteatapi - ok

23:44:35.0737 3768        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

23:44:35.0753 3768        iteraid - ok

23:44:35.0846 3768        jswpslwf        (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys

23:44:35.0893 3768        jswpslwf - ok

23:44:35.0987 3768        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

23:44:36.0002 3768        kbdclass - ok

23:44:36.0049 3768        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys

23:44:36.0111 3768        kbdhid - ok

23:44:36.0205 3768        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

23:44:36.0252 3768        KSecDD - ok

23:44:36.0330 3768        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

23:44:36.0377 3768        lltdio - ok

23:44:36.0470 3768        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

23:44:36.0501 3768        LSI_FC - ok

23:44:36.0533 3768        LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

23:44:36.0548 3768        LSI_SAS - ok

23:44:36.0642 3768        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

23:44:36.0673 3768        LSI_SCSI - ok

23:44:36.0735 3768        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

23:44:36.0798 3768        luafv - ok

23:44:36.0860 3768        MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

23:44:36.0876 3768        MBAMProtector - ok

23:44:36.0969 3768        megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

23:44:36.0985 3768        megasas - ok

23:44:37.0047 3768        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

23:44:37.0094 3768        MegaSR - ok

23:44:37.0172 3768        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

23:44:37.0235 3768        Modem - ok

23:44:37.0313 3768        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

23:44:37.0359 3768        monitor - ok

23:44:37.0437 3768        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

23:44:37.0453 3768        mouclass - ok

23:44:37.0484 3768        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

23:44:37.0531 3768        mouhid - ok

23:44:37.0593 3768        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

23:44:37.0609 3768        MountMgr - ok

23:44:37.0703 3768        MpFilter        (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys

23:44:37.0734 3768        MpFilter - ok

23:44:37.0812 3768        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

23:44:37.0827 3768        mpio - ok

23:44:37.0905 3768        MpKsl5a4cd541 - ok

23:44:37.0983 3768        MpKsl6d126f6f   (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{63F75C40-ABE6-4C9F-A357-07DDA54F65A2}\MpKsl6d126f6f.sys

23:44:37.0999 3768        MpKsl6d126f6f - ok

23:44:38.0139 3768        MpNWMon         (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys

23:44:38.0155 3768        MpNWMon - ok

23:44:38.0186 3768        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

23:44:38.0249 3768        mpsdrv - ok

23:44:38.0342 3768        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

23:44:38.0358 3768        Mraid35x - ok

23:44:38.0405 3768        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

23:44:38.0483 3768        MRxDAV - ok

23:44:38.0576 3768        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

23:44:38.0639 3768        mrxsmb - ok

23:44:38.0701 3768        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:44:38.0732 3768        mrxsmb10 - ok

23:44:38.0826 3768        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:44:38.0873 3768        mrxsmb20 - ok

23:44:38.0951 3768        msahci          (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys

23:44:38.0966 3768        msahci - ok

23:44:39.0044 3768        msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

23:44:39.0060 3768        msdsm - ok

23:44:39.0107 3768        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

23:44:39.0169 3768        Msfs - ok

23:44:39.0216 3768        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

23:44:39.0231 3768        msisadrv - ok

23:44:39.0356 3768        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

23:44:39.0403 3768        MSKSSRV - ok

23:44:39.0543 3768        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

23:44:39.0606 3768        MSPCLOCK - ok

23:44:39.0621 3768        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

23:44:39.0699 3768        MSPQM - ok

23:44:39.0809 3768        MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

23:44:39.0824 3768        MsRPC - ok

23:44:39.0887 3768        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

23:44:39.0902 3768        mssmbios - ok

23:44:40.0027 3768        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

23:44:40.0089 3768        MSTEE - ok

23:44:40.0136 3768        Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

23:44:40.0167 3768        Mup - ok

23:44:40.0277 3768        NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

23:44:40.0323 3768        NativeWifiP - ok

23:44:40.0386 3768        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

23:44:40.0448 3768        NDIS - ok

23:44:40.0542 3768        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

23:44:40.0589 3768        NdisTapi - ok

23:44:40.0635 3768        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

23:44:40.0682 3768        Ndisuio - ok

23:44:40.0776 3768        NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

23:44:40.0823 3768        NdisWan - ok

23:44:40.0869 3768        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

23:44:40.0932 3768        NDProxy - ok

23:44:41.0010 3768        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

23:44:41.0072 3768        NetBIOS - ok

23:44:41.0119 3768        netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

23:44:41.0181 3768        netbt - ok

23:44:41.0291 3768        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

23:44:41.0306 3768        nfrd960 - ok

23:44:41.0353 3768        NisDrv          (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

23:44:41.0369 3768        NisDrv - ok

23:44:41.0493 3768        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

23:44:41.0556 3768        Npfs - ok

23:44:41.0603 3768        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

23:44:41.0665 3768        nsiproxy - ok

23:44:41.0805 3768        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

23:44:41.0868 3768        Ntfs - ok

23:44:41.0899 3768        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

23:44:41.0993 3768        ntrigdigi - ok

23:44:42.0071 3768        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

23:44:42.0133 3768        Null - ok

23:44:42.0195 3768        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

23:44:42.0211 3768        nvraid - ok

23:44:42.0242 3768        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

23:44:42.0273 3768        nvstor - ok

23:44:42.0351 3768        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

23:44:42.0367 3768        nv_agp - ok

23:44:42.0383 3768        NwlnkFlt - ok

23:44:42.0398 3768        NwlnkFwd - ok

23:44:42.0461 3768        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

23:44:42.0554 3768        ohci1394 - ok

23:44:42.0663 3768        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

23:44:42.0757 3768        Parport - ok

23:44:42.0804 3768        partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

23:44:42.0819 3768        partmgr - ok

23:44:42.0851 3768        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

23:44:42.0960 3768        Parvdm - ok

23:44:43.0069 3768        pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

23:44:43.0085 3768        pci - ok

23:44:43.0116 3768        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys

23:44:43.0131 3768        pciide - ok

23:44:43.0178 3768        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

23:44:43.0209 3768        pcmcia - ok

23:44:43.0334 3768        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

23:44:43.0490 3768        PEAUTH - ok

23:44:43.0662 3768        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

23:44:43.0724 3768        PptpMiniport - ok

23:44:43.0740 3768        Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

23:44:43.0802 3768        Processor - ok

23:44:43.0911 3768        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

23:44:43.0943 3768        PSched - ok

23:44:43.0989 3768        PxHelp20        (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys

23:44:44.0005 3768        PxHelp20 - ok

23:44:44.0130 3768        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

23:44:44.0192 3768        ql2300 - ok

23:44:44.0286 3768        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

23:44:44.0301 3768        ql40xx - ok

23:44:44.0411 3768        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

23:44:44.0473 3768        QWAVEdrv - ok

23:44:44.0535 3768        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

23:44:44.0582 3768        RasAcd - ok

23:44:44.0645 3768        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

23:44:44.0707 3768        Rasl2tp - ok

23:44:44.0754 3768        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

23:44:44.0801 3768        RasPppoe - ok

23:44:44.0879 3768        RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

23:44:44.0910 3768        RasSstp - ok

23:44:44.0988 3768        rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

23:44:45.0035 3768        rdbss - ok

23:44:45.0113 3768        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

23:44:45.0175 3768        RDPCDD - ok

23:44:45.0253 3768        rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

23:44:45.0300 3768        rdpdr - ok

23:44:45.0362 3768        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

23:44:45.0425 3768        RDPENCDD - ok

23:44:45.0471 3768        RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

23:44:45.0518 3768        RDPWD - ok

23:44:45.0690 3768        RMCAST          (eec7ee5675294b03e88aa868540007c1) C:\Windows\system32\DRIVERS\RMCAST.sys

23:44:45.0737 3768        RMCAST - ok

23:44:45.0768 3768        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

23:44:45.0830 3768        rspndr - ok

23:44:45.0939 3768        RTL8169         (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys

23:44:46.0002 3768        RTL8169 - ok

23:44:46.0049 3768        RTSTOR          (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS

23:44:46.0095 3768        RTSTOR - ok

23:44:46.0189 3768        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

23:44:46.0205 3768        sbp2port - ok

23:44:46.0251 3768        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

23:44:46.0345 3768        secdrv - ok

23:44:46.0392 3768        Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

23:44:46.0485 3768        Serenum - ok

23:44:46.0563 3768        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

23:44:46.0641 3768        Serial - ok

23:44:46.0673 3768        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

23:44:46.0735 3768        sermouse - ok

23:44:46.0782 3768        sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

23:44:46.0829 3768        sffdisk - ok

23:44:46.0907 3768        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

23:44:46.0969 3768        sffp_mmc - ok

23:44:46.0985 3768        sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

23:44:47.0047 3768        sffp_sd - ok

23:44:47.0094 3768        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

23:44:47.0172 3768        sfloppy - ok

23:44:47.0265 3768        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

23:44:47.0281 3768        sisagp - ok

23:44:47.0312 3768        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

23:44:47.0328 3768        SiSRaid2 - ok

23:44:47.0359 3768        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

23:44:47.0375 3768        SiSRaid4 - ok

23:44:47.0499 3768        Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

23:44:47.0562 3768        Smb - ok

23:44:47.0624 3768        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

23:44:47.0640 3768        spldr - ok

23:44:47.0765 3768        srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

23:44:47.0827 3768        srv - ok

23:44:47.0905 3768        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

23:44:47.0952 3768        srv2 - ok

23:44:47.0999 3768        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

23:44:48.0045 3768        srvnet - ok

23:44:48.0155 3768        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

23:44:48.0170 3768        swenum - ok

23:44:48.0217 3768        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

23:44:48.0233 3768        Symc8xx - ok

23:44:48.0311 3768        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

23:44:48.0342 3768        Sym_hi - ok

23:44:48.0404 3768        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

23:44:48.0420 3768        Sym_u3 - ok

23:44:48.0482 3768        SynTP           (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys

23:44:48.0513 3768        SynTP - ok

23:44:48.0560 3768        tap0901         (11d34fc869f5bda29949fe3858380894) C:\Windows\system32\DRIVERS\tap0901.sys

23:44:48.0607 3768        tap0901 - ok

23:44:48.0716 3768        Tcpip           (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys

23:44:48.0779 3768        Tcpip - ok

23:44:48.0857 3768        Tcpip6          (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys

23:44:48.0903 3768        Tcpip6 - ok

23:44:48.0997 3768        tcpipreg        (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys

23:44:49.0059 3768        tcpipreg - ok

23:44:49.0200 3768        tdcmdpst        (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys

23:44:49.0247 3768        tdcmdpst - ok

23:44:49.0325 3768        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

23:44:49.0387 3768        TDPIPE - ok

23:44:49.0434 3768        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

23:44:49.0481 3768        TDTCP - ok

23:44:49.0559 3768        tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

23:44:49.0605 3768        tdx - ok

23:44:49.0668 3768        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

23:44:49.0699 3768        TermDD - ok

23:44:49.0902 3768        tos_sps32       (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys

23:44:49.0933 3768        tos_sps32 - ok

23:44:49.0980 3768        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

23:44:50.0027 3768        tssecsrv - ok

23:44:50.0136 3768        TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys

23:44:50.0167 3768        TuneUpUtilitiesDrv - ok

23:44:50.0307 3768        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

23:44:50.0354 3768        tunmp - ok

23:44:50.0385 3768        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

23:44:50.0417 3768        tunnel - ok

23:44:50.0541 3768        TVALZ           (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS

23:44:50.0557 3768        TVALZ - ok

23:44:50.0604 3768        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

23:44:50.0619 3768        uagp35 - ok

23:44:50.0682 3768        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

23:44:50.0729 3768        udfs - ok

23:44:50.0822 3768        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

23:44:50.0838 3768        uliagpkx - ok

23:44:50.0885 3768        uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

23:44:50.0916 3768        uliahci - ok

23:44:50.0978 3768        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

23:44:50.0994 3768        UlSata - ok

23:44:51.0087 3768        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

23:44:51.0103 3768        ulsata2 - ok

23:44:51.0134 3768        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

23:44:51.0212 3768        umbus - ok

23:44:51.0321 3768        USBAAPL         (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys

23:44:51.0368 3768        USBAAPL - ok

23:44:51.0399 3768        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

23:44:51.0446 3768        usbccgp - ok

23:44:51.0524 3768        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

23:44:51.0602 3768        usbcir - ok

23:44:51.0665 3768        usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

23:44:51.0696 3768        usbehci - ok

23:44:51.0743 3768        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

23:44:51.0789 3768        usbhub - ok

23:44:51.0899 3768        usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

23:44:51.0977 3768        usbohci - ok

23:44:52.0023 3768        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

23:44:52.0070 3768        usbprint - ok

23:44:52.0179 3768        usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

23:44:52.0226 3768        usbscan - ok

23:44:52.0257 3768        USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

23:44:52.0304 3768        USBSTOR - ok

23:44:52.0335 3768        usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

23:44:52.0398 3768        usbuhci - ok

23:44:52.0523 3768        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

23:44:52.0585 3768        usbvideo - ok

23:44:52.0632 3768        UVCFTR          (237c444fbd1c697a2e3fa60f02c61f22) C:\Windows\system32\Drivers\UVCFTR_S.SYS

23:44:52.0663 3768        UVCFTR - ok

23:44:52.0803 3768        vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

23:44:52.0866 3768        vga - ok

23:44:52.0897 3768        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

23:44:52.0959 3768        VgaSave - ok

23:44:53.0084 3768        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

23:44:53.0100 3768        viaagp - ok

23:44:53.0131 3768        ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

23:44:53.0193 3768        ViaC7 - ok

23:44:53.0225 3768        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

23:44:53.0240 3768        viaide - ok

23:44:53.0349 3768        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

23:44:53.0381 3768        volmgr - ok

23:44:53.0427 3768        volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

23:44:53.0459 3768        volmgrx - ok

23:44:53.0521 3768        volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

23:44:53.0552 3768        volsnap - ok

23:44:53.0630 3768        vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

23:44:53.0661 3768        vsmraid - ok

23:44:53.0739 3768        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

23:44:53.0833 3768        WacomPen - ok

23:44:53.0864 3768        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

23:44:53.0895 3768        Wanarp - ok

23:44:53.0911 3768        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

23:44:53.0942 3768        Wanarpv6 - ok

23:44:54.0036 3768        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

23:44:54.0051 3768        Wd - ok

23:44:54.0129 3768        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

23:44:54.0176 3768        Wdf01000 - ok

23:44:54.0317 3768        WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys

23:44:54.0379 3768        WmiAcpi - ok

23:44:54.0473 3768        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

23:44:54.0504 3768        WpdUsb - ok

23:44:54.0566 3768        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

23:44:54.0629 3768        ws2ifsl - ok

23:44:54.0722 3768        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

23:44:54.0785 3768        WUDFRd - ok

23:44:54.0847 3768        MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

23:44:55.0752 3768        \Device\Harddisk0\DR0 - ok

23:44:55.0783 3768        Boot (0x1200)   (e92df5591b8280d6ed03b432699cf8d8) \Device\Harddisk0\DR0\Partition0

23:44:55.0799 3768        \Device\Harddisk0\DR0\Partition0 - ok

23:44:55.0814 3768        Boot (0x1200)   (b5fa31692f7413ff0607546f4154ba1d) \Device\Harddisk0\DR0\Partition1

23:44:55.0814 3768        \Device\Harddisk0\DR0\Partition1 - ok

23:44:55.0814 3768        ============================================================

23:44:55.0814 3768        Scan finished

23:44:55.0814 3768        ============================================================

23:44:55.0908 4492        Detected object count: 0

23:44:55.0908 4492        Actual detected object count: 0

Muss dazu sagen, dass sich das Problem mit den Spam-Mails bis jetzt nicht wieder aufgetreten ist. Vielleicht war die Prozedur und das Passwort ändern ja ausreichend. Aber schließlich sind sie der Profi und vllt. überseh ich ja auch was.

MfG
celtic

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Erledigt! :D
Combofix Logfile:

Code:

ComboFix 12-01-06.01 - chrissi-pissi 06.01.2012  16:43:41.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2939.1882 [GMT 1:00]

ausgeführt von:: c:\users\chrissi-pissi\Desktop\Tools\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\chrissi-pissi\AppData\Roaming\toolplugin\toolbar.dll

.

Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert 

Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe wurde wiederhergestellt 

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-12-06 bis 2012-01-06  ))))))))))))))))))))))))))))))

.

.

2012-01-06 14:25 . 2011-11-21 01:47        6823496        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5477E8E1-E11E-4DBF-8A16-1BDB49422DDF}\mpengine.dll

2012-01-03 19:41 . 2012-01-03 19:41        --------        d-----w-        C:\_OTL

2011-12-31 05:22 . 2011-11-30 01:21        6823496        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{83DAEA07-F4E3-4629-87B7-D7418DCFEFBD}\mpengine.dll

2011-12-30 09:06 . 2011-12-14 11:23        21312        ----a-w-        c:\windows\system32\authuitu.dll

2011-12-30 09:05 . 2011-12-30 09:05        --------        d-----w-        c:\users\chrissi-pissi\AppData\Roaming\TuneUp Software

2011-12-30 09:05 . 2011-12-30 09:06        --------        d-----w-        c:\program files\TuneUp Utilities 2012

2011-12-30 09:03 . 2011-12-30 09:06        --------        d-----w-        c:\programdata\TuneUp Software

2011-12-30 09:03 . 2011-12-30 09:03        --------        d-sh--w-        c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}

2011-12-30 06:03 . 2011-12-30 06:03        --------        d-----w-        c:\program files\ESET

2011-12-30 01:46 . 2011-12-30 01:46        --------        d-----w-        c:\users\chrissi-pissi\AppData\Roaming\Malwarebytes

2011-12-30 01:46 . 2011-12-30 01:46        --------        d-----w-        c:\programdata\Malwarebytes

2011-12-30 01:46 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-12-30 01:46 . 2011-12-30 01:46        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-12-19 02:00 . 2011-12-19 02:00        --------        d-----w-        c:\windows\CheckSur

2011-12-15 17:15 . 2011-11-04 14:54        1383424        ----a-w-        c:\windows\system32\mshtml.tlb

2011-12-15 17:15 . 2011-10-20 14:08        389632        ----a-w-        c:\windows\system32\html.iec

2011-12-15 17:15 . 2011-10-14 16:02        429056        ----a-w-        c:\windows\system32\EncDec.dll

2011-12-15 17:14 . 2011-10-27 08:01        3550080        ----a-w-        c:\windows\system32\ntoskrnl.exe

2011-12-15 17:14 . 2011-10-27 08:01        3602816        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2011-12-15 17:14 . 2011-10-25 15:56        49152        ----a-w-        c:\windows\system32\csrsrv.dll

2011-12-15 17:14 . 2011-11-08 12:10        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat

2011-12-14 15:58 . 2011-12-14 15:58        --------        d-----w-        c:\programdata\DivX

2011-12-09 14:26 . 2011-09-20 21:02        913280        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2011-12-09 14:26 . 2011-09-20 13:44        31232        ----a-w-        c:\windows\system32\drivers\tcpipreg.sys

2011-12-09 14:26 . 2011-09-30 15:57        707584        ----a-w-        c:\program files\Common Files\System\wab32.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-14 11:23 . 2011-12-30 09:06        31552        ----a-w-        c:\windows\system32\TURegOpt.exe

2011-11-23 13:37 . 2011-12-15 17:14        2043904        ----a-w-        c:\windows\system32\win32k.sys

2011-11-21 01:47 . 2010-02-13 20:01        6823496        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-11-15 13:29 . 2010-01-14 10:12        222080        ------w-        c:\windows\system32\MpSigStub.exe

2011-11-08 14:42 . 2011-12-15 17:15        2048        ----a-w-        c:\windows\system32\tzres.dll

2011-10-20 15:55 . 2011-12-15 17:15        834048        ----a-w-        c:\windows\system32\wininet.dll

2011-12-11 19:43 . 2011-05-06 02:02        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AAA4C1FB-CF94-420D-9EB4-B3D9148BA73F}]

2011-09-02 14:44        269312        ----a-w-        c:\users\chrissi-pissi\AppData\LocalLow\Picasa\IE\Picasa.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"EPSON SX100 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE" [2008-02-05 188928]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]

"feedreader.exe"="c:\program files\FeedReader30\feedreader.exe" [2009-03-29 2058240]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]

"NDSTray.exe"="NDSTray.exe" [BU]

"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]

"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]

"Skytel"="Skytel.exe" [2007-11-20 1826816]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]

"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]

"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2009-04-21 1045904]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter

"MigAutil"=rundll32 "c:\windows\TEMP\NetPesvc.dll",CreateProcessNotify

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Toshiba Registration"=c:\program files\Toshiba\Registration\ToshibaRegistration.exe

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"Google EULA Launcher"=c:\program files\Google\Google EULA\GoogleEULALauncher.exe IE PA

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

NETSVCS BENÖTIGT REPARATUR - Derzeitig vorhandene Einträge:

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

.

.

Inhalt des "geplante Tasks" Ordners

.

2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-06 04:49]

.

2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-06 04:49]

.

2012-01-06 c:\windows\Tasks\User_Feed_Synchronization-{08844B6D-CDC8-402B-8846-67B276A762DD}.job

- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://fussball.de/

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA

uInternet Settings,ProxyOverride = *.local

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} - hxxp://www.powerchallenge.com/applet/PowerLoader.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game14.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath - c:\users\chrissi-pissi\AppData\Roaming\Mozilla\Firefox\Profiles\l1fgr8de.default\

FF - prefs.js: browser.search.selectedEngine - Search the web

FF - prefs.js: browser.startup.homepage - hxxp://fussball.de/

FF - prefs.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=

FF - user.js: browser.search.selectedEngine - Search the web

FF - user.js: browser.search.order.1 - Search the web

FF - user.js: browser.search.defaultenginename - Search the web

FF - user.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=

FF - user.js: privacy.item.cookies - false

FF - user.js: privacy.sanitize.promptOnSanitize - false

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKCU-Run-TOSCDSPD - TOSCDSPD.EXE

HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe

AddRemove-{E02D067B-1AD7-4016-A872-8665D223EDDD} - c:\users\chrissi-pissi\AppData\Local\{387B4D62-1EB1-47D1-88CD-6D794CF20A08}\anonymous web surfing.exe

.

.

.

**************************************************************************

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\windows\system32\WLANExt.exe

c:\windows\system32\agrsmsvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe

c:\users\chrissi-pissi\AppData\LocalLow\Picasa\IE\PicasaUpdater.exe

c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

c:\windows\system32\TODDSrv.exe

c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe

c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe

c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe

c:\windows\system32\conime.exe

c:\program files\TOSHIBA\ConfigFree\NDSTray.exe

c:\windows\RtHDVCpl.exe

c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\igfxext.exe

c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

c:\program files\TuneUp Utilities 2012\OneClickStarter.exe

c:\windows\system32\WerFault.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\system32\DllHost.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-01-06  17:02:10 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-01-06 16:01

.

Vor Suchlauf: 12 Verzeichnis(se), 81.585.037.312 Bytes frei

Nach Suchlauf: 17 Verzeichnis(se), 81.547.563.008 Bytes frei

.

- - End Of File - - 0491DCBA4B23DCFCA18E56E170EF35B7

--- --- ---

MfG
celtic

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Auch erledigt. :)
GMER:
GMER Logfile:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-01-07 01:10:19

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.LV01

Running: difqu600.exe; Driver: C:\WINDOWS\TEMP\pxtyypow.sys
 
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           C:\Windows\system32\DRIVERS\tos_sps32.sys  section is writeable [0x8A755480, 0x3C939, 0xE8000020]

.dsrt           C:\Windows\system32\DRIVERS\tos_sps32.sys  unknown last section [0x8A796900, 0x3CA, 0x48000040]
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0    Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1    Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
 

---- EOF - GMER 1.0.15 ----

--- --- ---

OSAM:
OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 22:44:57 on 06.01.2012
 

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit

Default Browser: Mozilla Corporation Firefox 8.0.1
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

"TOSCDSPD.cpl" - "TOSHIBA" - C:\Windows\system32\TOSCDSPD.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys

"MpKsl5a4cd541" (MpKsl5a4cd541) - ? - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E14F9B7-6C21-4AF4-A608-D8E121242493}\MpKsl5a4cd541.sys  (File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys

"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - C:\PROGRA~1\MI239C~1\shellext.dll

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll

{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)

{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2012\DseShExt-x86.dll

{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2012\SDShelEx-win32.dll

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.6.0_06" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

{4BFD075D-C36E-4F28-BB0A-5D472795197A} "PowerLoader Class" - "Power Challenge AB" - C:\Windows\Downloaded Program Files\PowerLoader.dll / hxxp://www.powerchallenge.com/applet/PowerLoader.cab

{233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10b.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} "{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}" - ? -   (File not found | COM-object registry key not found) / hxxp://game14.zylom.com/activex/zylomgamesplayer.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"Amazon.de" - ? - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home  (HTTP value)

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

"eBay - Der weltweite Online Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4  (HTTP value)

"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe

"PokerStars" - "PokerStars" - C:\Program Files\PokerStars\PokerStarsUpdate.exe

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{AAA4C1FB-CF94-420D-9EB4-B3D9148BA73F} "Picasa" - "Google Inc." - C:\Users\chrissi-pissi\AppData\LocalLow\Picasa\IE\Picasa.dll

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\chrissi-pissi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"feedreader.exe" - ? - "C:\Program Files\FeedReader30\feedreader.exe"

"ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4                                                                                                                                                                                                                     

"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized                                                                                                                                                                                                            

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"00TCrdMain" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

"Camera Assistant Software" - "Chicony" - "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start                                                                                                                                                                                              

"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"MSC" - "Microsoft Corporation" - "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

"NDSTray.exe" - ? - NDSTray.exe  (File not found)

"SmoothView" - "TOSHIBA Corporation" - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

"topi" - "TOSHIBA" - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup

"Toshiba TEMPRO" - "Toshiba Europe GmbH" - C:\Program Files\Toshiba TEMPRO\TemproTray.exe                                                                                                                                                                                                                           

"TPwrMain" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

"ConfigFree Service" (ConfigFree Service) - "TOSHIBA CORPORATION" - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe

"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Jumpstart Wifi Protected Setup" (jswpsapi) - "Atheros Communications, Inc." - C:\Program Files\Jumpstart\jswpsapi.exe

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"OpenVPN Service" (OpenVPNService) - ? - C:\Program Files\OpenVPN\bin\openvpnserv.exe  (File found, but it contains no detailed information)

"Picasa Updater" (PicasaUpdater) - ? - C:\Users\chrissi-pissi\AppData\LocalLow\Picasa\IE\PicasaUpdater.exe  (File found, but it contains no detailed information)

"SmartFaceVWatchSrv" (SmartFaceVWatchSrv) - "Toshiba" - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe

"TOSHIBA Navi Support Service" (TNaviSrv) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

"TOSHIBA Optical Disc Drive Service" (TODDSrv) - "TOSHIBA Corporation" - C:\Windows\system32\TODDSrv.exe

"TOSHIBA Power Saver" (TosCoSrv) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

"TOSHIBA SMART Log Service" (TOSHIBA SMART Log Service) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code]

aswMBR:

Code:

 aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software

Run date: 2012-01-06 23:08:28

-----------------------------

23:08:28.791    OS Version: Windows 6.0.6002 Service Pack 2

23:08:28.791    Number of processors: 2 586 0xF0D

23:08:28.807    ComputerName: USP-RULES  UserName: 

23:08:30.413    Initialize success

23:09:59.419    AVAST engine defs: 12010601

23:11:10.306    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

23:11:10.321    Disk 0 Vendor: TOSHIBA_ LV01 Size: 305245MB BusType: 3

23:11:10.321    Disk 0 MBR read successfully

23:11:10.321    Disk 0 MBR scan

23:11:10.337    Disk 0 Windows VISTA default MBR code

23:11:10.353    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         1500 MB offset 2048

23:11:10.399    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       152463 MB offset 3074048

23:11:10.446    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       151280 MB offset 315318272

23:11:10.477    Disk 0 scanning sectors +625140400

23:11:10.587    Disk 0 scanning C:\Windows\system32\drivers

23:11:30.336    Service scanning

23:11:31.194    Service MpKsldf98fede C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5DBB35DE-E082-4122-821C-41A329DC1D34}\MpKsldf98fede.sys **LOCKED** 32

23:11:31.210    Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32

23:11:31.974    Modules scanning

23:11:40.273    Disk 0 trace - called modules:

23:11:40.383    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 

23:11:40.398    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a5dac8]

23:11:40.414    3 CLASSPNP.SYS[8a5178b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x84ea9028]

23:11:41.194    AVAST engine scan C:\Windows

23:11:51.552    AVAST engine scan C:\Windows\system32

23:16:03.243    AVAST engine scan C:\Windows\system32\drivers

23:16:23.039    AVAST engine scan C:\Users\chrissi-pissi

23:24:18.808    Disk 0 MBR has been saved successfully to "C:\Users\chrissi-pissi\Desktop\MBR.dat"

23:24:18.839    The log file has been saved successfully to "C:\Users\chrissi-pissi\Desktop\aswMBR.txt"

MfG
celtic