Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Bundespolizei-Virus / Affiliate tracking cookie (https://www.trojaner-board.de/111762-bundespolizei-virus-affiliate-tracking-cookie.html)

vmeu 18.03.2012 14:25
Bundespolizei-Virus / Affiliate tracking cookie
 
Guten Tag,
ich habe eine Laptop mit Windows 7 Home Premium und mir gestern so einen 'Bundespolizei-Virus' eingehandelt.
Es erschien nur noch dieses Bild mit der Aufforderung 100€ zu bezahlen, ich habe dann meinen Laptop durch langes drücken des Ausschaltknopf heruntergefahren, beim wieder starten war alles auf meinem Desktop,sowie die Taskleiste verschwunden. Es öffnete sich aber mein Ordner "Bibliothek" über den in ich alles öffnen könnte. Darüber habe ich eine Systhemwiederherstellung gemacht, dann ging erstmal wieder alles.
Ich benutze AntiVir und habe einen kompletten Suchlauf gestartet, es wurden 2 Dateien gefunden,die ich in Garantäne verschoben & gelöscht habe.
Desweiter habe ich mir AVAST Free & SpyTerminator 2012 runtergeladen und durchlaufen lassen. Gestern Abend gab es dann keine weiteren Meldungen mehr.
Heute habe ich mein Laptop im gesichterten Modus mit Netzwerktreibern gestartet und dort noch AVAST & SpyTerminator durchlaufen lassen.
Es gab folgende Befunde:

AVAST
Ursprünglicher Dateiname: 6c1a5912-3fc47bed
Ursprünglicher Odner: C:\Users\verena\AppData\LocalLow\Sun\Java
\Deployment\cache\6.0\18
Dateigröße: 53752
Beschreibung: WIN32:Malware-gen

SpyTerminator2012:
Fund: Affiliate tracking cookie
insgesamt 74 infizierte Positionen sagt es an.

Meine Frage ist jetzt, wie bekomme ich die gelöscht und ist mein PC dann sauber?

Ich habe von so etwas wirklich keine Ahnung.
Ich stell euch die Dateien vom defogger,so wie es in der Anleitung stand mit rein.
Ich würde mich über eure Hilfe sehr freuen.

Mit freundlichen Grüßen
Verena

DDS-Datei
.DDS Logfile:
Code:
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.0.0
Run by verena at 13:35:10 on 2012-03-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6056.5171 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.jzip.com/
uDefault_Page_URL = hxxp://toshiba.msn.com
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR
uRun: [EPSON Stylus DX4000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBEE.EXE /FU "C:\Windows\TEMP\E_SC1AC.tmp" /EF "HKCU"
uRun: [Sony Ericsson PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NBAgent] "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [WinampAgent] C:\Users\verena\Winamp\winampa.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
StartupFolder: C:\Users\verena\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\verena\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOSHIB~1.LNK - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: An OneNote s&enden - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{57F8E3EC-A05E-4E59-8B48-877903C1FF3E} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{57F8E3EC-A05E-4E59-8B48-877903C1FF3E}\6484D2F437E6162627575636B6 : DhcpNameServer = 131.173.245.9 131.173.245.10
TCP: Interfaces\{57F8E3EC-A05E-4E59-8B48-877903C1FF3E}\754564C414E4 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{57F8E3EC-A05E-4E59-8B48-877903C1FF3E}\A457474716370264279647A726F687 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{FE1B9702-AFC5-4289-BACF-DE8490E737DA} : DhcpNameServer = 192.168.178.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs:
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{F3C88694-EFFA-4d78-B409-54B7B2535B14}
TB-X64: {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [NBAgent] "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun-x64: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun-x64: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [WinampAgent] C:\Users\verena\Winamp\winampa.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
IE-X64: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
AppInit_DLLs-X64:
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=
FF - prefs.js: browser.search.selectedEngine - foxsearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
FF - plugin: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - foxsearch
FF - user.js: browser.search.order.1 - foxsearch
FF - user.js: browser.search.defaultenginename - foxsearch
FF - user.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
.
============= SERVICES / DRIVERS ===============
.
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\system32\DRIVERS\tos_sps64.sys --> C:\Windows\system32\DRIVERS\tos_sps64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
S1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-7-30 136360]
S2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-7-30 269480]
S2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
S2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-3-17 44768]
S2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
S2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
S2 GFNEXSrv;GFNEX Service;C:\Windows\System32\GFNEXSrv.exe --> C:\Windows\System32\GFNEXSrv.exe [?]
S2 gupdate;Google Update-Dienst (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-5 136176]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-1-14 572712]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;C:\Windows\system32\DRIVERS\stflt.sys --> C:\Windows\system32\DRIVERS\stflt.sys [?]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2012-3-17 1148632]
S2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080]
S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-10 2656280]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys --> C:\Windows\system32\DRIVERS\ggflt.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-5 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-11-14 155344]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-7-10 54136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S4 Fdscacleu;Fdscacleu; [x]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-17 21:41:36    5559152    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2012-03-17 21:41:35    3968368    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-17 21:41:34    3913584    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2012-03-17 20:46:18    53080    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2012-03-17 20:46:16    819032    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2012-03-17 20:46:16    69976    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2012-03-17 20:45:41    41184    ----a-w-    C:\Windows\avastSS.scr
2012-03-17 20:45:28    --------    d-----w-    C:\ProgramData\AVAST Software
2012-03-17 20:45:28    --------    d-----w-    C:\Program Files\AVAST Software
2012-03-17 20:24:28    51496    ----a-w-    C:\Windows\System32\drivers\stflt.sys
2012-03-17 20:24:27    --------    d-----w-    C:\Users\verena\AppData\Roaming\Spyware Terminator
2012-03-17 20:24:27    --------    d-----w-    C:\ProgramData\Spyware Terminator
2012-03-17 20:24:24    --------    d-----w-    C:\Program Files (x86)\Spyware Terminator
2012-03-17 20:22:40    8643640    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AECEAD67-E0A2-4FD9-A29B-B636CB26E7E0}\mpengine.dll
2012-03-17 20:22:24    3145728    ----a-w-    C:\Windows\System32\win32k.sys
2012-03-17 20:22:15    1544192    ----a-w-    C:\Windows\System32\DWrite.dll
2012-03-17 20:22:15    1077248    ----a-w-    C:\Windows\SysWow64\DWrite.dll
2012-03-17 20:21:56    9216    ----a-w-    C:\Windows\System32\rdrmemptylst.exe
2012-03-17 20:21:56    77312    ----a-w-    C:\Windows\System32\rdpwsx.dll
2012-03-17 20:21:56    149504    ----a-w-    C:\Windows\System32\rdpcorekmts.dll
2012-03-17 20:21:40    826880    ----a-w-    C:\Windows\SysWow64\rdpcore.dll
2012-03-17 20:21:40    23552    ----a-w-    C:\Windows\System32\drivers\tdtcp.sys
2012-03-17 20:21:40    210944    ----a-w-    C:\Windows\System32\drivers\rdpwd.sys
2012-03-17 20:21:40    1031680    ----a-w-    C:\Windows\System32\rdpcore.dll
2012-03-17 17:32:30    --------    d-----w-    C:\Users\verena\AppData\Roaming\UAs
2012-03-17 17:32:30    --------    d-----w-    C:\Users\verena\AppData\Roaming\10017
2012-03-17 17:32:26    136    ----a-w-    C:\Users\verena\AppData\Roaming\srvblck2.tmp
2012-03-17 17:32:20    --------    d-----w-    C:\Users\verena\AppData\Roaming\xmldm
2012-03-17 17:32:17    --------    d-----w-    C:\Users\verena\AppData\Roaming\kock
2012-02-22 17:19:34    84992    ----a-w-    C:\Windows\System32\Spool\prtprocs\x64\CNBPP4.DLL
2012-02-21 09:19:40    --------    d-----w-    C:\Users\verena\AppData\Roaming\IrfanView
2012-02-21 09:19:40    --------    d-----w-    C:\Program Files (x86)\IrfanView
2012-02-21 09:15:31    --------    d-----w-    C:\Users\verena\AppData\Local\{39935EDA-823D-405F-BEEC-7AB2154463F3}
.
==================== Find3M ====================
.
2012-02-25 11:08:55    414368    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 08:18:36    279656    ------w-    C:\Windows\System32\MpSigStub.exe
2012-01-04 10:44:20    509952    ----a-w-    C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41    442880    ----a-w-    C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08    515584    ----a-w-    C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56    478720    ----a-w-    C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24    498688    ----a-w-    C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 13:36:10,98 ===============
--- --- ---


Ich habe jetzt eigentlich alles was mir meine Viren-Programme angezeigt haben als "Bedrohung" gelöscht und einmal mit OTL durchlaufen lassen.

OTL Logfile:
Code:
OTL logfile created on: 3/18/2012 7:30:14 PM - Run 1
OTL by OldTimer - Version 3.2.39.1    Folder = C:\Users\verena\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5.91 Gb Total Physical Memory | 4.58 Gb Available Physical Memory | 77.47% Memory free
11.83 Gb Paging File | 10.77 Gb Available in Paging File | 91.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.61 Gb Total Space | 155.56 Gb Free Space | 66.88% Space Free | Partition Type: NTFS
Drive D: | 232.76 Gb Total Space | 216.97 Gb Free Space | 93.22% Space Free | Partition Type: NTFS
 
Computer Name: SÜTTI | User Name: verena | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/03/18 16:43:21 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/03/17 22:25:06 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\verena\Downloads\OTL.exe
PRC - [2012/03/07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/03/18 16:43:21 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/12/09 16:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/12/08 14:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010/10/20 13:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/09 16:26:34 | 000,162,824 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\GFNEXSrv.exe -- (GFNEXSrv)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/02/20 06:58:00 | 001,148,632 | ---- | M] (Crawler.com) [Auto | Stopped] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc)
SRV - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/07/30 11:14:53 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011/04/21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/02/10 08:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2011/01/14 10:55:14 | 000,572,712 | ---- | M] (Nero AG) [Auto | Stopped] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @c:\Program Files (x86)
SRV - [2010/12/20 17:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/12/20 17:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/11/29 13:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/04/12 09:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 15:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/12/23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 17:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/03/17 21:24:28 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2)
DRV:64bit: - [2012/03/07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/03/07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/03/07 01:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/07 01:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/03/07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/03/07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/12/06 20:39:14 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2011/12/06 20:39:14 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2011/08/22 18:59:37 | 000,503,352 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/08/02 16:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/30 11:14:54 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/30 11:14:54 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/04/04 19:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/23 10:03:42 | 000,291,120 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2011/02/08 18:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 18:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/27 14:27:04 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2011/01/13 19:58:30 | 000,413,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/01/12 16:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/17 18:46:46 | 002,675,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/29 15:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/10/19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/18 13:14:02 | 000,042,096 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/06/18 15:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009/09/03 16:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV:64bit: - [2009/07/30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/24 14:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{C489885B-999B-4ACB-9500-CD783A12283F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&q={searchTerms}
IE - HKLM\..\SearchScopes\{C489885B-999B-4ACB-9500-CD783A12283F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/places?touch=4&cat=1 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/places?touch=4&cat=1 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.jzip.com/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKCU\..\SearchScopes\{4D76D63E-31D6-4912-BBA7-02F02DE30E10}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67F5FD72-6093-432E-855C-412BB7CE8599}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&q={searchTerms}
IE - HKCU\..\SearchScopes\{F195DC57-9BB5-4445-A23B-86AF1559B5BE}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q="
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.type: 0
 
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/17 21:45:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/18 16:43:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/13 20:54:53 | 000,000,000 | ---D | M]
 
[2011/10/15 15:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\verena\AppData\Roaming\mozilla\Extensions
[2012/03/17 21:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\rosdq6me.default\extensions
[2012/01/04 21:49:13 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\rosdq6me.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011/12/19 11:45:46 | 000,000,853 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\11-suche.xml
[2011/12/19 11:45:46 | 000,002,226 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\englische-ergebnisse.xml
[2011/12/19 11:45:46 | 000,010,506 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\gmx-suche.xml
[2012/03/14 10:27:10 | 000,000,950 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\icqplugin-1.xml
[2011/08/22 19:02:23 | 000,000,950 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\icqplugin-2.xml
[2011/09/07 17:28:13 | 000,000,950 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\icqplugin-3.xml
[2011/10/02 19:15:02 | 000,000,950 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\icqplugin-4.xml
[2011/10/02 21:18:03 | 000,000,950 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\icqplugin-5.xml
[2011/10/07 13:09:00 | 000,000,950 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\icqplugin-6.xml
[2011/11/27 20:50:27 | 000,000,950 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\icqplugin-7.xml
[2011/08/14 15:10:21 | 000,001,056 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\icqplugin.xml
[2011/12/19 11:45:46 | 000,002,457 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\lastminute.xml
[2011/10/07 12:55:32 | 000,002,497 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\SearchResults.xml
[2011/12/19 11:45:46 | 000,005,500 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\webde-suche.xml
[2011/11/27 20:50:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/17 21:45:54 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\VERENA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ROSDQ6ME.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\VERENA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ROSDQ6ME.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012/03/18 16:43:21 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/09 17:18:03 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/12/31 12:50:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/12/31 12:50:37 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/31 12:50:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/08/22 19:06:38 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
[2011/12/31 12:50:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/07 12:55:32 | 000,002,497 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2011/12/31 12:50:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/12/31 12:50:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Users\verena\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [EPSON Stylus DX4000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBEE.EXE /FU "C:\Windows\TEMP\E_SC1AC.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKCU..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - Startup: C:\Users\verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - Reg Error: Key error. File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57F8E3EC-A05E-4E59-8B48-877903C1FF3E}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE1B9702-AFC5-4289-BACF-DE8490E737DA}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5d12d590-0eda-11e1-8702-e06995ff16bd}\Shell - "" = AutoRun
O33 - MountPoints2\{5d12d590-0eda-11e1-8702-e06995ff16bd}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{9aefcb74-cce8-11e0-ba71-e06995ff16bd}\Shell - "" = AutoRun
O33 - MountPoints2\{9aefcb74-cce8-11e0-ba71-e06995ff16bd}\Shell\AutoRun\command - "" = G:\AutoPlay.exe -auto
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/03/18 18:17:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/03/18 17:07:57 | 000,000,000 | ---D | C] -- C:\avast! sandbox
[2012/03/18 15:09:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/03/17 21:46:20 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/03/17 21:46:20 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/03/17 21:46:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/03/17 21:46:18 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/03/17 21:46:17 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/03/17 21:46:16 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/03/17 21:46:16 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/03/17 21:46:15 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/03/17 21:45:41 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/03/17 21:45:40 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/03/17 21:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/03/17 21:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/03/17 21:24:28 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2012/03/17 21:24:27 | 000,000,000 | ---D | C] -- C:\Users\verena\AppData\Roaming\Spyware Terminator
[2012/03/17 21:24:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2012/03/17 21:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2012/03/17 21:24:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2012/03/17 18:32:30 | 000,000,000 | ---D | C] -- C:\Users\verena\AppData\Roaming\UAs
[2012/03/17 18:32:30 | 000,000,000 | ---D | C] -- C:\Users\verena\AppData\Roaming\10017
[2012/03/17 18:32:20 | 000,000,000 | ---D | C] -- C:\Users\verena\AppData\Roaming\xmldm
[2012/03/17 18:32:17 | 000,000,000 | ---D | C] -- C:\Users\verena\AppData\Roaming\kock
[2012/03/16 11:21:12 | 000,000,000 | ---D | C] -- C:\Users\verena\Documents\MasingHBQM
[2012/02/22 18:19:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012/02/21 10:19:53 | 000,000,000 | ---D | C] -- C:\Users\verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2012/02/21 10:19:40 | 000,000,000 | ---D | C] -- C:\Users\verena\AppData\Roaming\IrfanView
[2012/02/21 10:19:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2012/02/21 10:15:31 | 000,000,000 | ---D | C] -- C:\Users\verena\AppData\Local\{39935EDA-823D-405F-BEEC-7AB2154463F3}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\verena\Desktop\*.tmp files -> C:\Users\verena\Desktop\*.tmp -> ]
[1 C:\Users\verena\AppData\Roaming\*.tmp files -> C:\Users\verena\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/03/18 17:18:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/18 17:18:01 | 467,648,511 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/18 16:25:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/18 15:32:43 | 000,024,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/18 15:32:43 | 000,024,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/18 15:25:02 | 000,000,432 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012/03/18 15:24:52 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/18 15:24:20 | 004,998,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/18 13:48:08 | 000,002,956 | ---- | M] () -- C:\Users\verena\Desktop\Attach.zip
[2012/03/18 13:33:43 | 000,000,214 | ---- | M] () -- C:\Users\verena\defogger_reenable
[2012/03/17 21:46:20 | 000,001,848 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/03/17 21:46:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/03/17 21:24:28 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2012/03/17 21:24:26 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2012/03/17 19:31:15 | 000,000,016 | ---- | M] () -- C:\Users\verena\AppData\Roaming\blckdom.res
[2012/03/13 18:32:46 | 001,507,342 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/13 18:32:46 | 000,657,910 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/03/13 18:32:46 | 000,619,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/13 18:32:46 | 000,131,250 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/03/13 18:32:46 | 000,107,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/07 01:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/03/07 01:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/03/07 01:15:03 | 000,258,520 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/03/07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/03/07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/03/07 01:02:20 | 000,053,080 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/03/07 01:01:57 | 000,059,224 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/03/07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/03/07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/03/01 17:22:30 | 000,037,568 | ---- | M] () -- C:\Users\verena\Desktop\wohnungsuebergabeprotokoll.pdf
[2012/02/26 19:14:58 | 000,033,232 | ---- | M] () -- C:\Users\verena\Desktop\grundriss_b.jpg
[2012/02/21 10:19:53 | 000,001,897 | ---- | M] () -- C:\Users\verena\Desktop\IrfanView Thumbnails.lnk
[2012/02/21 10:19:53 | 000,001,005 | ---- | M] () -- C:\Users\verena\Desktop\IrfanView.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\verena\Desktop\*.tmp files -> C:\Users\verena\Desktop\*.tmp -> ]
[1 C:\Users\verena\AppData\Roaming\*.tmp files -> C:\Users\verena\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/03/18 13:48:08 | 000,002,956 | ---- | C] () -- C:\Users\verena\Desktop\Attach.zip
[2012/03/18 13:33:43 | 000,000,214 | ---- | C] () -- C:\Users\verena\defogger_reenable
[2012/03/17 21:46:20 | 000,001,848 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/03/17 21:46:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/03/17 21:24:26 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2012/03/17 18:32:27 | 000,000,016 | ---- | C] () -- C:\Users\verena\AppData\Roaming\blckdom.res
[2012/03/01 17:22:27 | 000,037,568 | ---- | C] () -- C:\Users\verena\Desktop\wohnungsuebergabeprotokoll.pdf
[2012/02/23 13:56:45 | 000,033,232 | ---- | C] () -- C:\Users\verena\Desktop\grundriss_b.jpg
[2012/02/21 10:19:53 | 000,001,897 | ---- | C] () -- C:\Users\verena\Desktop\IrfanView Thumbnails.lnk
[2012/02/21 10:19:53 | 000,001,005 | ---- | C] () -- C:\Users\verena\Desktop\IrfanView.lnk
[2011/11/14 18:05:46 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/29 18:53:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/07/10 23:46:57 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011/07/10 23:20:51 | 000,128,312 | ---- | C] () -- C:\Windows\SysWow64\GFNEX.dll
[2011/04/04 19:07:00 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/04/04 19:06:58 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/04/04 19:06:58 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/02/03 18:56:58 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
 
========== LOP Check ==========
 
[2012/03/17 19:39:18 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\10017
[2012/01/03 19:45:56 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/29 20:15:02 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\gtk-2.0
[2011/10/09 18:14:47 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Gutscheinmieze
[2012/03/04 22:44:52 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\ICQ
[2012/02/21 10:19:40 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\IrfanView
[2012/03/17 18:32:17 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\kock
[2011/07/30 13:28:14 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\OpenOffice.org
[2011/10/22 15:46:19 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\redsn0w
[2011/11/14 18:13:22 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Sony
[2012/03/17 21:24:27 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Spyware Terminator
[2011/12/28 19:02:34 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/07/30 11:25:52 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Toshiba
[2011/07/31 13:23:47 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\TOSHIBA Online Product Information
[2012/03/17 18:32:34 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\UAs
[2012/02/05 16:32:58 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\WinBatch
[2012/03/17 18:33:28 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\xmldm
[2012/02/29 10:39:08 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
< End of report >
--- --- ---

cosinus 19.03.2012 19:25
Zitat:
Boot Mode: SafeMode with Networking |
na wenn der Modus geht wirst du erstmal MBAM/ESET probieren können:

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

vmeu 19.03.2012 23:24
Guten Abend,
danke für deine Antwort=)
Also mein Laptop läuft zur zeit auch im normalen Modus.
Ich hatte vorhin einmal Malwarebytes laufen lassen,währendessen kam von Avira AntiVir der Hinweiß auf eine Bedrohnung, diese habe ich in Quarantäne gepackt.
Danach habe ich noch einmal einen vollscan mit AVAST durchlaufen lassen und danach deine Antwort gelesen und noch ein mal ESET laufen lassen. Ich poste dir einfach mal alle Berichte.


Avira Antivir
Code:

Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Montag, 19. März 2012  19:24

Es wird nach 3569307 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira AntiVir Personal - Free Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows 7 x64
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus    : Normal gebootet
Benutzername  : SYSTEM
Computername  : SÜTTI

Versionsinformationen:
BUILD.DAT      : 10.2.0.707    36070 Bytes  25.01.2012 12:53:00
AVSCAN.EXE    : 10.3.0.7      484008 Bytes  30.07.2011 10:14:53
AVSCAN.DLL    : 10.0.5.0      57192 Bytes  30.07.2011 10:14:53
LUKE.DLL      : 10.3.0.5      45416 Bytes  30.07.2011 10:14:54
LUKERES.DLL    : 10.0.0.0      13672 Bytes  14.01.2010 12:22:40
AVSCPLR.DLL    : 10.3.0.7      119656 Bytes  30.07.2011 10:14:54
AVREG.DLL      : 10.3.0.9      88833 Bytes  30.07.2011 10:14:54
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 10:49:21
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 05:52:59
VBASE002.VDF  : 7.11.19.170 14374912 Bytes  20.12.2011 16:34:41
VBASE003.VDF  : 7.11.21.238  4472832 Bytes  01.02.2012 18:14:21
VBASE004.VDF  : 7.11.21.239    2048 Bytes  01.02.2012 18:14:23
VBASE005.VDF  : 7.11.21.240    2048 Bytes  01.02.2012 18:14:23
VBASE006.VDF  : 7.11.21.241    2048 Bytes  01.02.2012 18:14:23
VBASE007.VDF  : 7.11.21.242    2048 Bytes  01.02.2012 18:14:23
VBASE008.VDF  : 7.11.21.243    2048 Bytes  01.02.2012 18:14:23
VBASE009.VDF  : 7.11.21.244    2048 Bytes  01.02.2012 18:14:24
VBASE010.VDF  : 7.11.21.245    2048 Bytes  01.02.2012 18:14:24
VBASE011.VDF  : 7.11.21.246    2048 Bytes  01.02.2012 18:14:24
VBASE012.VDF  : 7.11.21.247    2048 Bytes  01.02.2012 18:14:25
VBASE013.VDF  : 7.11.22.33  1486848 Bytes  03.02.2012 09:27:39
VBASE014.VDF  : 7.11.22.56    687616 Bytes  03.02.2012 09:28:06
VBASE015.VDF  : 7.11.22.92    178176 Bytes  06.02.2012 11:59:51
VBASE016.VDF  : 7.11.22.154  144896 Bytes  08.02.2012 13:26:21
VBASE017.VDF  : 7.11.22.220  183296 Bytes  13.02.2012 13:42:39
VBASE018.VDF  : 7.11.23.34    202752 Bytes  15.02.2012 13:42:40
VBASE019.VDF  : 7.11.23.98    126464 Bytes  17.02.2012 13:42:40
VBASE020.VDF  : 7.11.23.150  148480 Bytes  20.02.2012 13:42:41
VBASE021.VDF  : 7.11.23.224  172544 Bytes  23.02.2012 13:42:41
VBASE022.VDF  : 7.11.24.52    219648 Bytes  28.02.2012 13:42:42
VBASE023.VDF  : 7.11.24.152  165888 Bytes  05.03.2012 13:42:43
VBASE024.VDF  : 7.11.24.204  177664 Bytes  07.03.2012 13:55:50
VBASE025.VDF  : 7.11.25.30    245248 Bytes  12.03.2012 13:55:51
VBASE026.VDF  : 7.11.25.121  252416 Bytes  15.03.2012 13:55:52
VBASE027.VDF  : 7.11.25.122    2048 Bytes  15.03.2012 13:55:53
VBASE028.VDF  : 7.11.25.123    2048 Bytes  15.03.2012 13:55:53
VBASE029.VDF  : 7.11.25.124    2048 Bytes  15.03.2012 13:55:53
VBASE030.VDF  : 7.11.25.125    2048 Bytes  15.03.2012 13:55:53
VBASE031.VDF  : 7.11.25.142    71680 Bytes  16.03.2012 13:55:53
Engineversion  : 8.2.10.24
AEVDF.DLL      : 8.1.2.2      106868 Bytes  25.10.2011 16:58:50
AESCRIPT.DLL  : 8.1.4.10      455035 Bytes  18.03.2012 13:56:07
AESCN.DLL      : 8.1.8.2      131444 Bytes  27.01.2012 08:32:22
AESBX.DLL      : 8.2.5.5      606579 Bytes  18.03.2012 13:56:08
AERDL.DLL      : 8.1.9.15      639348 Bytes  12.09.2011 15:59:27
AEPACK.DLL    : 8.2.16.5      803190 Bytes  18.03.2012 13:56:05
AEOFFICE.DLL  : 8.1.2.25      201084 Bytes  31.12.2011 11:50:28
AEHEUR.DLL    : 8.1.4.7      4501878 Bytes  18.03.2012 13:56:03
AEHELP.DLL    : 8.1.19.0      254327 Bytes  23.01.2012 16:00:24
AEGEN.DLL      : 8.1.5.23      409973 Bytes  18.03.2012 13:55:55
AEEXP.DLL      : 8.1.0.25      74101 Bytes  18.03.2012 13:56:08
AEEMU.DLL      : 8.1.3.0      393589 Bytes  21.04.2011 05:52:17
AECORE.DLL    : 8.1.25.6      201078 Bytes  18.03.2012 13:55:55
AEBB.DLL      : 8.1.1.0        53618 Bytes  21.04.2011 05:52:16
AVWINLL.DLL    : 10.0.0.0      19304 Bytes  21.04.2011 05:52:39
AVPREF.DLL    : 10.0.3.2      44904 Bytes  30.07.2011 10:14:53
AVREP.DLL      : 10.0.0.10    174120 Bytes  30.07.2011 10:14:54
AVARKT.DLL    : 10.0.26.1    255336 Bytes  30.07.2011 10:14:53
AVEVTLOG.DLL  : 10.0.0.9      203112 Bytes  30.07.2011 10:14:53
SQLITE3.DLL    : 3.6.19.0      355688 Bytes  28.01.2010 11:59:50
AVSMTP.DLL    : 10.0.0.17      63848 Bytes  21.04.2011 05:52:38
NETNT.DLL      : 10.0.0.0      11624 Bytes  21.04.2011 05:52:50
RCIMAGE.DLL    : 10.0.0.35    2589544 Bytes  30.07.2011 10:14:52
RCTEXT.DLL    : 10.0.64.0      98664 Bytes  30.07.2011 10:14:52

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: avguard_async_scan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4f8d3a48\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig

Beginn des Suchlaufs: Montag, 19. März 2012  19:24

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NASvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFSvcs.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFSwMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AvastUI.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winampa.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ItSecMng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NDSTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'E_FATIBEE.EXE' - '1' Modul(e) wurden durchsucht
  Modul ist OK -> <C:\Windows\System32\drivers\x64\3\E_FATIBEE.EXE>
  [WARNUNG]  Die Datei konnte nicht geöffnet werden!
Durchsuche Prozess 'StarWindServiceAE.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AvastSvc.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\verena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SKY541QG\91_217_200_85[1].htm'
C:\Users\verena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SKY541QG\91_217_200_85[1].htm
  [FUND]      Enthält Erkennungsmuster des HTML-Scriptvirus HTML/FakeAlert.AP

Beginne mit der Desinfektion:
C:\Users\verena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SKY541QG\91_217_200_85[1].htm
  [FUND]      Enthält Erkennungsmuster des HTML-Scriptvirus HTML/FakeAlert.AP
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49e3d526.qua' verschoben!


Ende des Suchlaufs: Montag, 19. März 2012  19:27
Benötigte Zeit: 00:19 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
    24 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      1 Dateien konnten nicht durchsucht werden
    22 Dateien ohne Befall
      0 Archive wurden durchsucht
      1 Warnungen
      1 Hinweise


Die Suchergebnisse werden an den Guard übermittelt.
Malwarebytes
Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.19.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
verena :: SÜTTI [Administrator]

19.03.2012 18:56:55
mbam-log-2012-03-19 (18-56-55).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 346758
Laufzeit: 59 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
ESET
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ca6c64e4d077034497382faa18f05c86
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-18 06:21:53
# local_time=2012-03-18 07:21:53 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775166 100 94 14200 68623074 7994 0
# compatibility_mode=5893 16776573 100 94 16351 83721061 0 0
# compatibility_mode=7937 16777214 28 75 78938 2377357 0 0
# compatibility_mode=8192 67108863 100 0 3779 3779 0 0
# scanned=163203
# found=2
# cleaned=0
# scan_time=3701
C:\Users\verena\AppData\Local\Temp\nsxEE26.tmp.exe        a variant of Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I
C:\Users\verena\AppData\Local\Temp\SetupDataMngr_jZip.exe        a variant of Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ca6c64e4d077034497382faa18f05c86
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-19 10:07:54
# local_time=2012-03-19 11:07:54 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 109285 68721759 2817 0
# compatibility_mode=5893 16776573 100 94 111436 83819746 0 0
# compatibility_mode=8192 67108863 100 0 98864 98864 0 0
# scanned=163299
# found=0
# cleaned=0
# scan_time=4977
Von ESET habe ich von gestern Abend noch ein log.
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ca6c64e4d077034497382faa18f05c86
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-18 06:21:53
# local_time=2012-03-18 07:21:53 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775166 100 94 14200 68623074 7994 0
# compatibility_mode=5893 16776573 100 94 16351 83721061 0 0
# compatibility_mode=7937 16777214 28 75 78938 2377357 0 0
# compatibility_mode=8192 67108863 100 0 3779 3779 0 0
# scanned=163203
# found=2
# cleaned=0
# scan_time=3701
C:\Users\verena\AppData\Local\Temp\nsxEE26.tmp.exe        a variant of Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I
C:\Users\verena\AppData\Local\Temp\SetupDataMngr_jZip.exe        a variant of Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I
Aber von meinem AVAST bekomme ich irgendwie keinen Report zu sehen. Ich kann mir das Protokoll zwar in der Liste anschauen,aber bei der weiteren Einsicht steht da nichts. Es gab vorhin bei dem Durchlauf auch keine Ergebnis,also war alles ok.

Ich weiß bloß einfach nicht,ob wirklich alles weg ist oder noch irgendwo sich Reste verstecken.

Gruß Verena

cosinus 20.03.2012 16:21
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

vmeu 20.03.2012 22:42
N'Abend,
OTL von heute.
Code:
OTL logfile created on: 3/20/2012 10:25:04 PM - Run 2
OTL by OldTimer - Version 3.2.39.1    Folder = C:\Users\verena\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5.91 Gb Total Physical Memory | 4.09 Gb Available Physical Memory | 69.21% Memory free
11.83 Gb Paging File | 9.77 Gb Available in Paging File | 82.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.61 Gb Total Space | 154.32 Gb Free Space | 66.34% Space Free | Partition Type: NTFS
Drive D: | 232.76 Gb Total Space | 216.97 Gb Free Space | 93.22% Space Free | Partition Type: NTFS
 
Computer Name: SÜTTI | User Name: verena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2012/03/17 22:25:06 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\verena\Downloads\OTL.exe
PRC - [2012/03/07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/07/30 11:14:53 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/07/11 22:47:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Users\verena\Winamp\winampa.exe
PRC - [2011/04/21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/21 06:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/01/17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011/01/14 10:55:14 | 000,572,712 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/12/20 17:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 17:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/12/03 13:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/12/23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
PRC - [2009/07/28 19:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/22 12:40:00 | 000,083,336 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2009/03/10 17:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/07/30 12:35:25 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/12/09 16:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/12/08 14:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010/10/20 13:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/09 16:26:34 | 000,162,824 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\GFNEXSrv.exe -- (GFNEXSrv)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/07/30 11:14:53 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011/04/21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/02/10 08:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2011/01/14 10:55:14 | 000,572,712 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @c:\Program Files (x86)
SRV - [2010/12/20 17:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/12/20 17:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/11/29 13:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/04/12 09:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 15:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/12/23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 17:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/03/07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/03/07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/03/07 01:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/07 01:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/03/07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/03/07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/12/06 20:39:14 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2011/12/06 20:39:14 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2011/08/22 18:59:37 | 000,503,352 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/08/02 16:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/30 11:14:54 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/30 11:14:54 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/04/04 19:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/23 10:03:42 | 000,291,120 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2011/02/08 18:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 18:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/27 14:27:04 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2011/01/13 19:58:30 | 000,413,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/01/12 16:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/17 18:46:46 | 002,675,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/29 15:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/10/19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/18 13:14:02 | 000,042,096 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/06/18 15:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009/09/03 16:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV:64bit: - [2009/07/30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/24 14:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{C489885B-999B-4ACB-9500-CD783A12283F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&q={searchTerms}
IE - HKLM\..\SearchScopes\{C489885B-999B-4ACB-9500-CD783A12283F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-390321080-3498180129-1257558722-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
IE - HKU\S-1-5-21-390321080-3498180129-1257558722-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/places?touch=4&cat=1 [binary data]
IE - HKU\S-1-5-21-390321080-3498180129-1257558722-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-390321080-3498180129-1257558722-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/places?touch=4&cat=1 [binary data]
IE - HKU\S-1-5-21-390321080-3498180129-1257558722-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.jzip.com/
IE - HKU\S-1-5-21-390321080-3498180129-1257558722-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-390321080-3498180129-1257558722-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKU\S-1-5-21-390321080-3498180129-1257558722-1000\..\SearchScopes\{4D76D63E-31D6-4912-BBA7-02F02DE30E10}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-390321080-3498180129-1257558722-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-390321080-3498180129-1257558722-1000\..\SearchScopes\{67F5FD72-6093-432E-855C-412BB7CE8599}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-390321080-3498180129-1257558722-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&q={searchTerms}
IE - HKU\S-1-5-21-390321080-3498180129-1257558722-1000\..\SearchScopes\{F195DC57-9BB5-4445-A23B-86AF1559B5BE}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKU\S-1-5-21-390321080-3498180129-1257558722-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q="
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.type: 0
 
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/17 21:45:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/18 16:43:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/13 20:54:53 | 000,000,000 | ---D | M]
 
[2011/10/15 15:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\verena\AppData\Roaming\mozilla\Extensions
[2012/03/17 21:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\rosdq6me.default\extensions
[2012/01/04 21:49:13 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\rosdq6me.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011/12/19 11:45:46 | 000,000,853 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\11-suche.xml
[2011/12/19 11:45:46 | 000,002,226 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\englische-ergebnisse.xml
[2011/12/19 11:45:46 | 000,010,506 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\gmx-suche.xml
[2012/03/14 10:27:10 | 000,000,950 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\icqplugin-1.xml
[2011/08/22 19:02:23 | 000,000,950 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\icqplugin-2.xml
[2011/09/07 17:28:13 | 000,000,950 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\icqplugin-3.xml
[2011/10/02 19:15:02 | 000,000,950 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\icqplugin-4.xml
[2011/10/02 21:18:03 | 000,000,950 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\icqplugin-5.xml
[2011/10/07 13:09:00 | 000,000,950 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\icqplugin-6.xml
[2011/11/27 20:50:27 | 000,000,950 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\icqplugin-7.xml
[2011/08/14 15:10:21 | 000,001,056 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\icqplugin.xml
[2011/12/19 11:45:46 | 000,002,457 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\lastminute.xml
[2011/10/07 12:55:32 | 000,002,497 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\SearchResults.xml
[2011/12/19 11:45:46 | 000,005,500 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\webde-suche.xml
[2011/11/27 20:50:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/17 21:45:54 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\VERENA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ROSDQ6ME.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\VERENA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ROSDQ6ME.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012/03/18 16:43:21 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/09 17:18:03 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/12/31 12:50:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/12/31 12:50:37 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/31 12:50:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/08/22 19:06:38 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
[2011/12/31 12:50:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/07 12:55:32 | 000,002,497 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2011/12/31 12:50:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/12/31 12:50:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-390321080-3498180129-1257558722-1000\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Users\verena\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-390321080-3498180129-1257558722-1000..\Run: [EPSON Stylus DX4000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBEE.EXE /FU "C:\Windows\TEMP\E_SC1AC.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-390321080-3498180129-1257558722-1000..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKU\S-1-5-21-390321080-3498180129-1257558722-1000..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - Reg Error: Key error. File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57F8E3EC-A05E-4E59-8B48-877903C1FF3E}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE1B9702-AFC5-4289-BACF-DE8490E737DA}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5d12d590-0eda-11e1-8702-e06995ff16bd}\Shell - "" = AutoRun
O33 - MountPoints2\{5d12d590-0eda-11e1-8702-e06995ff16bd}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{9aefcb74-cce8-11e0-ba71-e06995ff16bd}\Shell - "" = AutoRun
O33 - MountPoints2\{9aefcb74-cce8-11e0-ba71-e06995ff16bd}\Shell\AutoRun\command - "" = G:\AutoPlay.exe -auto
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{10704284-6773-4685-AF3B-A250CC8DF260} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D910B844-E0BD-4C76-7EDE-618F68BA807E} - Microsoft Windows Media Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/03/19 18:55:56 | 000,000,000 | ---D | C] -- C:\Users\verena\AppData\Roaming\Malwarebytes
[2012/03/19 18:55:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/19 18:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/19 18:55:46 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/19 18:55:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/19 14:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbuch Qualitätmanagement
[2012/03/19 14:25:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MasingHBQM
[2012/03/18 18:17:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/03/18 15:09:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/03/17 21:46:20 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/03/17 21:46:20 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/03/17 21:46:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/03/17 21:46:18 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/03/17 21:46:17 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/03/17 21:46:16 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/03/17 21:46:16 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/03/17 21:46:15 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/03/17 21:45:41 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/03/17 21:45:40 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/03/17 21:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/03/17 21:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/03/17 21:24:28 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2012/03/17 18:32:30 | 000,000,000 | ---D | C] -- C:\Users\verena\AppData\Roaming\UAs
[2012/03/17 18:32:30 | 000,000,000 | ---D | C] -- C:\Users\verena\AppData\Roaming\10017
[2012/03/17 18:32:20 | 000,000,000 | ---D | C] -- C:\Users\verena\AppData\Roaming\xmldm
[2012/03/17 18:32:17 | 000,000,000 | ---D | C] -- C:\Users\verena\AppData\Roaming\kock
[2012/03/16 11:21:12 | 000,000,000 | ---D | C] -- C:\Users\verena\Documents\MasingHBQM
[2012/02/22 18:19:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012/02/21 10:19:53 | 000,000,000 | ---D | C] -- C:\Users\verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2012/02/21 10:19:40 | 000,000,000 | ---D | C] -- C:\Users\verena\AppData\Roaming\IrfanView
[2012/02/21 10:19:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2012/02/21 10:15:31 | 000,000,000 | ---D | C] -- C:\Users\verena\AppData\Local\{39935EDA-823D-405F-BEEC-7AB2154463F3}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\verena\Desktop\*.tmp files -> C:\Users\verena\Desktop\*.tmp -> ]
[1 C:\Users\verena\AppData\Roaming\*.tmp files -> C:\Users\verena\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/03/20 22:25:49 | 000,024,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/20 22:25:49 | 000,024,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/20 22:25:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/20 22:18:16 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/20 22:17:56 | 000,000,434 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012/03/20 22:17:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/20 22:17:13 | 467,648,511 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/19 18:55:49 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/18 15:24:20 | 004,998,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/18 13:48:08 | 000,002,956 | ---- | M] () -- C:\Users\verena\Desktop\Attach.zip
[2012/03/18 13:33:43 | 000,000,214 | ---- | M] () -- C:\Users\verena\defogger_reenable
[2012/03/17 21:46:20 | 000,001,848 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/03/17 21:46:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/03/17 21:24:28 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2012/03/17 19:31:15 | 000,000,016 | ---- | M] () -- C:\Users\verena\AppData\Roaming\blckdom.res
[2012/03/13 18:32:46 | 001,507,342 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/13 18:32:46 | 000,657,910 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/03/13 18:32:46 | 000,619,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/13 18:32:46 | 000,131,250 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/03/13 18:32:46 | 000,107,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/07 01:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/03/07 01:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/03/07 01:15:03 | 000,258,520 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/03/07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/03/07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/03/07 01:02:20 | 000,053,080 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/03/07 01:01:57 | 000,059,224 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/03/07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/03/07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/03/01 17:22:30 | 000,037,568 | ---- | M] () -- C:\Users\verena\Desktop\wohnungsuebergabeprotokoll.pdf
[2012/02/26 19:14:58 | 000,033,232 | ---- | M] () -- C:\Users\verena\Desktop\grundriss_b.jpg
[2012/02/21 10:19:53 | 000,001,897 | ---- | M] () -- C:\Users\verena\Desktop\IrfanView Thumbnails.lnk
[2012/02/21 10:19:53 | 000,001,005 | ---- | M] () -- C:\Users\verena\Desktop\IrfanView.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\verena\Desktop\*.tmp files -> C:\Users\verena\Desktop\*.tmp -> ]
[1 C:\Users\verena\AppData\Roaming\*.tmp files -> C:\Users\verena\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/03/19 18:55:49 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/18 13:48:08 | 000,002,956 | ---- | C] () -- C:\Users\verena\Desktop\Attach.zip
[2012/03/18 13:33:43 | 000,000,214 | ---- | C] () -- C:\Users\verena\defogger_reenable
[2012/03/17 21:46:20 | 000,001,848 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/03/17 21:46:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/03/17 18:32:27 | 000,000,016 | ---- | C] () -- C:\Users\verena\AppData\Roaming\blckdom.res
[2012/03/01 17:22:27 | 000,037,568 | ---- | C] () -- C:\Users\verena\Desktop\wohnungsuebergabeprotokoll.pdf
[2012/02/23 13:56:45 | 000,033,232 | ---- | C] () -- C:\Users\verena\Desktop\grundriss_b.jpg
[2012/02/21 10:19:53 | 000,001,897 | ---- | C] () -- C:\Users\verena\Desktop\IrfanView Thumbnails.lnk
[2012/02/21 10:19:53 | 000,001,005 | ---- | C] () -- C:\Users\verena\Desktop\IrfanView.lnk
[2011/11/14 18:05:46 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/29 18:53:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/07/10 23:46:57 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011/07/10 23:20:51 | 000,128,312 | ---- | C] () -- C:\Windows\SysWow64\GFNEX.dll
[2011/04/04 19:07:00 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/04/04 19:06:58 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/04/04 19:06:58 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/02/03 18:56:58 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
 
========== LOP Check ==========
 
[2012/03/17 19:39:18 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\10017
[2012/01/03 19:45:56 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/29 20:15:02 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\gtk-2.0
[2011/10/09 18:14:47 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Gutscheinmieze
[2012/03/04 22:44:52 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\ICQ
[2012/02/21 10:19:40 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\IrfanView
[2012/03/17 18:32:17 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\kock
[2011/07/30 13:28:14 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\OpenOffice.org
[2011/10/22 15:46:19 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\redsn0w
[2011/11/14 18:13:22 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Sony
[2011/12/28 19:02:34 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/07/30 11:25:52 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Toshiba
[2011/07/31 13:23:47 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\TOSHIBA Online Product Information
[2012/03/17 18:32:34 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\UAs
[2012/02/05 16:32:58 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\WinBatch
[2012/03/17 18:33:28 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\xmldm
[2012/02/29 10:39:08 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012/03/17 19:39:18 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\10017
[2012/03/18 13:10:45 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Adobe
[2011/12/28 19:02:34 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Adobe Mini Bridge CS5
[2011/10/17 11:37:59 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Apple Computer
[2011/07/30 11:28:19 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Avira
[2012/01/03 19:45:56 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/29 20:15:02 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\gtk-2.0
[2011/10/09 18:14:47 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Gutscheinmieze
[2012/03/04 22:44:52 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\ICQ
[2011/07/29 13:34:03 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Identities
[2012/02/21 10:19:40 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\IrfanView
[2012/03/17 18:32:17 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\kock
[2011/04/27 12:10:17 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Macromedia
[2012/03/19 18:55:56 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Malwarebytes
[2010/11/21 08:16:41 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Media Center Programs
[2012/01/11 17:49:03 | 000,000,000 | --SD | M] -- C:\Users\verena\AppData\Roaming\Microsoft
[2011/07/29 18:27:20 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Mozilla
[2011/07/30 19:37:58 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Nero
[2011/07/30 13:28:14 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\OpenOffice.org
[2011/10/22 15:46:19 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\redsn0w
[2012/03/17 19:39:25 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Skype
[2012/03/17 17:19:39 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\skypePM
[2011/11/14 18:13:22 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Sony
[2011/12/28 19:02:34 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/07/30 11:25:52 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Toshiba
[2011/07/31 13:23:47 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\TOSHIBA Online Product Information
[2012/03/17 18:32:34 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\UAs
[2012/03/17 19:39:25 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Winamp
[2012/02/05 16:32:58 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\WinBatch
[2012/03/17 18:33:28 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\xmldm
 
< %APPDATA%\*.exe /s >
[2010/06/10 12:19:22 | 000,825,856 | ---- | M] (Synatix GmbH) -- C:\Users\verena\AppData\Roaming\Gutscheinmieze\uninstall.exe
[2010/09/20 15:39:48 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\verena\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011/12/15 16:18:06 | 010,498,992 | ---- | M] (Acresso Software Inc.                                        ) -- C:\Users\verena\AppData\Roaming\Toshiba\DynamicIcon\update\Software\TC30424600A\Setup.exe
[2011/12/15 16:21:06 | 001,315,576 | ---- | M] (TOSHIBA) -- C:\Users\verena\AppData\Roaming\Toshiba\DynamicIcon\update\Software\TC30424600A\tinstallwb.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2011/01/12 16:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\drivers\iaStor.sys
[2011/01/12 16:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
gruß verena

cosinus 21.03.2012 15:12
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{C489885B-999B-4ACB-9500-CD783A12283F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&q={searchTerms}
IE - HKLM\..\SearchScopes\{C489885B-999B-4ACB-9500-CD783A12283F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKU\S-1-5-21-390321080-3498180129-1257558722-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
IE - HKU\S-1-5-21-390321080-3498180129-1257558722-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://toshiba.eu/places?touch=4&cat=1 [binary data]
IE - HKU\S-1-5-21-390321080-3498180129-1257558722-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-390321080-3498180129-1257558722-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://toshiba.eu/places?touch=4&cat=1 [binary data]
IE - HKU\S-1-5-21-390321080-3498180129-1257558722-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.jzip.com/
IE - HKU\S-1-5-21-390321080-3498180129-1257558722-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-390321080-3498180129-1257558722-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKU\S-1-5-21-390321080-3498180129-1257558722-1000\..\SearchScopes\{4D76D63E-31D6-4912-BBA7-02F02DE30E10}: "URL" = http://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-390321080-3498180129-1257558722-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-390321080-3498180129-1257558722-1000\..\SearchScopes\{67F5FD72-6093-432E-855C-412BB7CE8599}: "URL" = http://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-390321080-3498180129-1257558722-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&q={searchTerms}
IE - HKU\S-1-5-21-390321080-3498180129-1257558722-1000\..\SearchScopes\{F195DC57-9BB5-4445-A23B-86AF1559B5BE}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q="
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
[2012/01/04 21:49:13 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\rosdq6me.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011/12/19 11:45:46 | 000,000,853 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\11-suche.xml
[2011/12/19 11:45:46 | 000,002,226 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\englische-ergebnisse.xml
[2011/12/19 11:45:46 | 000,010,506 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\gmx-suche.xml
[2012/03/14 10:27:10 | 000,000,950 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\icqplugin-1.xml
[2011/08/22 19:02:23 | 000,000,950 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\icqplugin-2.xml
[2011/09/07 17:28:13 | 000,000,950 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\icqplugin-3.xml
[2011/10/02 19:15:02 | 000,000,950 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\icqplugin-4.xml
[2011/10/02 21:18:03 | 000,000,950 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\icqplugin-5.xml
[2011/10/07 13:09:00 | 000,000,950 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\icqplugin-6.xml
[2011/11/27 20:50:27 | 000,000,950 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\icqplugin-7.xml
[2011/08/14 15:10:21 | 000,001,056 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\icqplugin.xml
[2011/12/19 11:45:46 | 000,002,457 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\lastminute.xml
[2011/10/07 12:55:32 | 000,002,497 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\SearchResults.xml
[2011/12/19 11:45:46 | 000,005,500 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\webde-suche.xml
[2011/08/22 19:06:38 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
[2011/12/31 12:50:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/07 12:55:32 | 000,002,497 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-390321080-3498180129-1257558722-1000\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5d12d590-0eda-11e1-8702-e06995ff16bd}\Shell - "" = AutoRun
O33 - MountPoints2\{5d12d590-0eda-11e1-8702-e06995ff16bd}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{9aefcb74-cce8-11e0-ba71-e06995ff16bd}\Shell - "" = AutoRun
O33 - MountPoints2\{9aefcb74-cce8-11e0-ba71-e06995ff16bd}\Shell\AutoRun\command - "" = G:\AutoPlay.exe -auto
[2012/03/17 18:32:30 | 000,000,000 | ---D | C] -- C:\Users\verena\AppData\Roaming\UAs
[2012/03/17 18:32:30 | 000,000,000 | ---D | C] -- C:\Users\verena\AppData\Roaming\10017
[2012/03/17 18:32:20 | 000,000,000 | ---D | C] -- C:\Users\verena\AppData\Roaming\xmldm
[2012/03/17 18:32:17 | 000,000,000 | ---D | C] -- C:\Users\verena\AppData\Roaming\kock
[2011/10/09 18:14:47 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Gutscheinmieze
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

vmeu 21.03.2012 18:32
Hallo Arne,
das Log vom OTL fix
Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C489885B-999B-4ACB-9500-CD783A12283F}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C489885B-999B-4ACB-9500-CD783A12283F}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C489885B-999B-4ACB-9500-CD783A12283F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C489885B-999B-4ACB-9500-CD783A12283F}\ not found.
HKU\S-1-5-21-390321080-3498180129-1257558722-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-390321080-3498180129-1257558722-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKU\S-1-5-21-390321080-3498180129-1257558722-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKU\S-1-5-21-390321080-3498180129-1257558722-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKU\S-1-5-21-390321080-3498180129-1257558722-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-390321080-3498180129-1257558722-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_USERS\S-1-5-21-390321080-3498180129-1257558722-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-390321080-3498180129-1257558722-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4D76D63E-31D6-4912-BBA7-02F02DE30E10}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D76D63E-31D6-4912-BBA7-02F02DE30E10}\ not found.
Registry key HKEY_USERS\S-1-5-21-390321080-3498180129-1257558722-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-390321080-3498180129-1257558722-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67F5FD72-6093-432E-855C-412BB7CE8599}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67F5FD72-6093-432E-855C-412BB7CE8599}\ not found.
Registry key HKEY_USERS\S-1-5-21-390321080-3498180129-1257558722-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_USERS\S-1-5-21-390321080-3498180129-1257558722-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F195DC57-9BB5-4445-A23B-86AF1559B5BE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F195DC57-9BB5-4445-A23B-86AF1559B5BE}\ not found.
Prefs.js: "foxsearch" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=" removed from browser.search.defaulturl
Prefs.js: "foxsearch" removed from browser.search.order.1
Prefs.js: "foxsearch" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage
Prefs.js: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL
C:\Users\verena\AppData\Roaming\Mozilla\FireFox\Profiles\rosdq6me.default\user.js moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\Adobe Reader\ deleted successfully.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll moved successfully.
C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\rosdq6me.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\rosdq6me.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\rosdq6me.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\rosdq6me.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\rosdq6me.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\rosdq6me.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\rosdq6me.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\rosdq6me.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\rosdq6me.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\rosdq6me.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\rosdq6me.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\rosdq6me.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\rosdq6me.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\rosdq6me.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\rosdq6me.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\rosdq6me.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\rosdq6me.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\rosdq6me.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\rosdq6me.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\rosdq6me.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\rosdq6me.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\rosdq6me.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\11-suche.xml moved successfully.
C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\englische-ergebnisse.xml moved successfully.
C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\gmx-suche.xml moved successfully.
C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\icqplugin.xml moved successfully.
C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\lastminute.xml moved successfully.
C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\SearchResults.xml moved successfully.
C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\searchplugins\webde-suche.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\foxsearch.src moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-390321080-3498180129-1257558722-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorShield deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorUpdater deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\AllowLegacyWebView deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\AllowUnhashedWebView deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d12d590-0eda-11e1-8702-e06995ff16bd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d12d590-0eda-11e1-8702-e06995ff16bd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d12d590-0eda-11e1-8702-e06995ff16bd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d12d590-0eda-11e1-8702-e06995ff16bd}\ not found.
File F:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9aefcb74-cce8-11e0-ba71-e06995ff16bd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9aefcb74-cce8-11e0-ba71-e06995ff16bd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9aefcb74-cce8-11e0-ba71-e06995ff16bd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9aefcb74-cce8-11e0-ba71-e06995ff16bd}\ not found.
File G:\AutoPlay.exe -auto not found.
C:\Users\verena\AppData\Roaming\UAs folder moved successfully.
C:\Users\verena\AppData\Roaming\10017\components folder moved successfully.
C:\Users\verena\AppData\Roaming\10017 folder moved successfully.
C:\Users\verena\AppData\Roaming\xmldm folder moved successfully.
C:\Users\verena\AppData\Roaming\kock folder moved successfully.
C:\Users\verena\AppData\Roaming\Gutscheinmieze folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: verena
->Temp folder emptied: 291824569 bytes
->Temporary Internet Files folder emptied: 154083853 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49941553 bytes
->Flash cache emptied: 57018 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 101596165 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 45189010 bytes
 
Total Files Cleaned = 613.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.1 log created on 03212012_182326

Files\Folders moved on Reboot...
C:\Users\verena\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus 21.03.2012 18:36
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

vmeu 21.03.2012 19:40
und das TDSS-Killer log
Code:
19:34:09.0273 5068        TDSS rootkit removing tool 2.7.21.0 Mar 21 2012 09:06:51
19:34:09.0492 5068        ============================================================
19:34:09.0492 5068        Current date / time: 2012/03/21 19:34:09.0492
19:34:09.0492 5068        SystemInfo:
19:34:09.0492 5068       
19:34:09.0492 5068        OS Version: 6.1.7601 ServicePack: 1.0
19:34:09.0492 5068        Product type: Workstation
19:34:09.0492 5068        ComputerName: SÜTTI
19:34:09.0492 5068        UserName: verena
19:34:09.0492 5068        Windows directory: C:\Windows
19:34:09.0492 5068        System windows directory: C:\Windows
19:34:09.0492 5068        Running under WOW64
19:34:09.0492 5068        Processor architecture: Intel x64
19:34:09.0492 5068        Number of processors: 4
19:34:09.0492 5068        Page size: 0x1000
19:34:09.0492 5068        Boot type: Normal boot
19:34:09.0492 5068        ============================================================
19:34:09.0975 5068        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:34:09.0975 5068        \Device\Harddisk0\DR0:
19:34:09.0975 5068        MBR used
19:34:09.0975 5068        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x1D13A000
19:34:09.0975 5068        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D202800, BlocksNum 0x1D183830
19:34:10.0085 5068        Initialize success
19:34:10.0085 5068        ============================================================
19:34:42.0611 5852        ============================================================
19:34:42.0611 5852        Scan started
19:34:42.0611 5852        Mode: Manual; SigCheck; TDLFS;
19:34:42.0611 5852        ============================================================
19:34:43.0250 5852        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:34:43.0437 5852        1394ohci - ok
19:34:43.0562 5852        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:34:43.0609 5852        ACPI - ok
19:34:43.0718 5852        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:34:43.0812 5852        AcpiPmi - ok
19:34:43.0983 5852        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
19:34:44.0030 5852        adp94xx - ok
19:34:44.0186 5852        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
19:34:44.0217 5852        adpahci - ok
19:34:44.0358 5852        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
19:34:44.0389 5852        adpu320 - ok
19:34:44.0545 5852        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:34:44.0623 5852        AFD - ok
19:34:44.0779 5852        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:34:44.0810 5852        agp440 - ok
19:34:44.0951 5852        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:34:44.0982 5852        aliide - ok
19:34:45.0107 5852        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:34:45.0138 5852        amdide - ok
19:34:45.0263 5852        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
19:34:45.0325 5852        AmdK8 - ok
19:34:45.0465 5852        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
19:34:45.0528 5852        AmdPPM - ok
19:34:45.0653 5852        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:34:45.0684 5852        amdsata - ok
19:34:45.0809 5852        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
19:34:45.0840 5852        amdsbs - ok
19:34:45.0949 5852        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:34:45.0980 5852        amdxata - ok
19:34:46.0121 5852        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:34:46.0417 5852        AppID - ok
19:34:46.0542 5852        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
19:34:46.0573 5852        arc - ok
19:34:46.0713 5852        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
19:34:46.0745 5852        arcsas - ok
19:34:46.0869 5852        aswFsBlk        (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
19:34:46.0916 5852        aswFsBlk - ok
19:34:47.0072 5852        aswMonFlt      (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
19:34:47.0103 5852        aswMonFlt - ok
19:34:47.0244 5852        aswRdr          (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
19:34:47.0259 5852        aswRdr - ok
19:34:47.0415 5852        aswSnx          (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
19:34:47.0462 5852        aswSnx - ok
19:34:47.0603 5852        aswSP          (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
19:34:47.0649 5852        aswSP - ok
19:34:47.0759 5852        aswTdi          (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
19:34:47.0790 5852        aswTdi - ok
19:34:47.0915 5852        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:34:48.0102 5852        AsyncMac - ok
19:34:48.0242 5852        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:34:48.0258 5852        atapi - ok
19:34:48.0445 5852        athr            (b2931c83cfb12a3223a47b180473ae1a) C:\Windows\system32\DRIVERS\athrx.sys
19:34:48.0539 5852        athr - ok
19:34:48.0663 5852        avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
19:34:48.0695 5852        avgntflt - ok
19:34:48.0804 5852        avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
19:34:48.0835 5852        avipbb - ok
19:34:48.0975 5852        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
19:34:49.0038 5852        b06bdrv - ok
19:34:49.0178 5852        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:34:49.0241 5852        b57nd60a - ok
19:34:49.0365 5852        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:34:49.0475 5852        Beep - ok
19:34:49.0599 5852        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
19:34:49.0677 5852        blbdrive - ok
19:34:49.0802 5852        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:34:49.0865 5852        bowser - ok
19:34:50.0005 5852        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
19:34:50.0067 5852        BrFiltLo - ok
19:34:50.0177 5852        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
19:34:50.0223 5852        BrFiltUp - ok
19:34:50.0364 5852        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:34:50.0426 5852        Brserid - ok
19:34:50.0567 5852        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:34:50.0645 5852        BrSerWdm - ok
19:34:50.0785 5852        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:34:50.0832 5852        BrUsbMdm - ok
19:34:50.0972 5852        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:34:51.0019 5852        BrUsbSer - ok
19:34:51.0159 5852        BtFilter        (2347abbd13bada65826fdab4caafe357) C:\Windows\system32\DRIVERS\btfilter.sys
19:34:51.0175 5852        BtFilter - ok
19:34:51.0300 5852        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
19:34:51.0362 5852        BTHMODEM - ok
19:34:51.0518 5852        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:34:51.0612 5852        cdfs - ok
19:34:51.0737 5852        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:34:51.0815 5852        cdrom - ok
19:34:51.0971 5852        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
19:34:52.0033 5852        circlass - ok
19:34:52.0127 5852        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:34:52.0173 5852        CLFS - ok
19:34:52.0329 5852        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
19:34:52.0376 5852        CmBatt - ok
19:34:52.0485 5852        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:34:52.0517 5852        cmdide - ok
19:34:52.0641 5852        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:34:52.0704 5852        CNG - ok
19:34:52.0829 5852        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
19:34:52.0844 5852        Compbatt - ok
19:34:52.0969 5852        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:34:53.0047 5852        CompositeBus - ok
19:34:53.0172 5852        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
19:34:53.0203 5852        crcdisk - ok
19:34:53.0359 5852        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:34:53.0468 5852        DfsC - ok
19:34:53.0593 5852        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:34:53.0702 5852        discache - ok
19:34:53.0843 5852        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
19:34:53.0874 5852        Disk - ok
19:34:54.0014 5852        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:34:54.0077 5852        drmkaud - ok
19:34:54.0217 5852        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:34:54.0279 5852        DXGKrnl - ok
19:34:54.0482 5852        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
19:34:54.0623 5852        ebdrv - ok
19:34:54.0779 5852        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
19:34:54.0825 5852        elxstor - ok
19:34:54.0935 5852        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:34:54.0997 5852        ErrDev - ok
19:34:55.0122 5852        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:34:55.0231 5852        exfat - ok
19:34:55.0356 5852        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:34:55.0449 5852        fastfat - ok
19:34:55.0590 5852        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
19:34:55.0652 5852        fdc - ok
19:34:55.0808 5852        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:34:55.0839 5852        FileInfo - ok
19:34:55.0949 5852        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:34:56.0058 5852        Filetrace - ok
19:34:56.0183 5852        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
19:34:56.0214 5852        flpydisk - ok
19:34:56.0339 5852        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:34:56.0385 5852        FltMgr - ok
19:34:56.0510 5852        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:34:56.0541 5852        FsDepends - ok
19:34:56.0682 5852        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:34:56.0697 5852        Fs_Rec - ok
19:34:56.0838 5852        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:34:56.0885 5852        fvevol - ok
19:34:57.0009 5852        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
19:34:57.0041 5852        gagp30kx - ok
19:34:57.0181 5852        ggflt          (a4198f2bd8aa592cb90476277a81b5e1) C:\Windows\system32\DRIVERS\ggflt.sys
19:34:57.0197 5852        ggflt - ok
19:34:57.0337 5852        ggsemc          (d266350bdaab9eb6c1aec370eeaaff3a) C:\Windows\system32\DRIVERS\ggsemc.sys
19:34:57.0353 5852        ggsemc - ok
19:34:57.0509 5852        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:34:57.0555 5852        hcw85cir - ok
19:34:57.0696 5852        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:34:57.0774 5852        HdAudAddService - ok
19:34:57.0899 5852        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:34:57.0961 5852        HDAudBus - ok
19:34:58.0086 5852        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
19:34:58.0148 5852        HidBatt - ok
19:34:58.0273 5852        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
19:34:58.0335 5852        HidBth - ok
19:34:58.0460 5852        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
19:34:58.0523 5852        HidIr - ok
19:34:58.0679 5852        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
19:34:58.0725 5852        HidUsb - ok
19:34:58.0866 5852        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:34:58.0897 5852        HpSAMD - ok
19:34:59.0022 5852        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:34:59.0115 5852        HTTP - ok
19:34:59.0240 5852        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:34:59.0271 5852        hwpolicy - ok
19:34:59.0412 5852        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:34:59.0443 5852        i8042prt - ok
19:34:59.0568 5852        iaStor          (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys
19:34:59.0615 5852        iaStor - ok
19:34:59.0755 5852        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:34:59.0802 5852        iaStorV - ok
19:35:00.0223 5852        igfx            (370c2a8629b30f910f740387795ddc6f) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:35:00.0597 5852        igfx - ok
19:35:00.0769 5852        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
19:35:00.0800 5852        iirsp - ok
19:35:01.0003 5852        IntcAzAudAddService (16c324e22208e6e8336c3f2da14cfe2d) C:\Windows\system32\drivers\RTKVHD64.sys
19:35:01.0065 5852        IntcAzAudAddService - ok
19:35:01.0175 5852        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:35:01.0190 5852        intelide - ok
19:35:01.0331 5852        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:35:01.0377 5852        intelppm - ok
19:35:01.0533 5852        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:35:01.0627 5852        IpFilterDriver - ok
19:35:01.0767 5852        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:35:01.0830 5852        IPMIDRV - ok
19:35:01.0970 5852        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:35:02.0079 5852        IPNAT - ok
19:35:02.0204 5852        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:35:02.0267 5852        IRENUM - ok
19:35:02.0391 5852        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:35:02.0407 5852        isapnp - ok
19:35:02.0532 5852        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:35:02.0563 5852        iScsiPrt - ok
19:35:02.0703 5852        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:35:02.0719 5852        kbdclass - ok
19:35:02.0844 5852        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
19:35:02.0891 5852        kbdhid - ok
19:35:03.0000 5852        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:35:03.0031 5852        KSecDD - ok
19:35:03.0140 5852        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:35:03.0171 5852        KSecPkg - ok
19:35:03.0296 5852        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:35:03.0374 5852        ksthunk - ok
19:35:03.0530 5852        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:35:03.0639 5852        lltdio - ok
19:35:03.0811 5852        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
19:35:03.0842 5852        LSI_FC - ok
19:35:03.0983 5852        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
19:35:04.0014 5852        LSI_SAS - ok
19:35:04.0154 5852        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
19:35:04.0185 5852        LSI_SAS2 - ok
19:35:04.0310 5852        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
19:35:04.0341 5852        LSI_SCSI - ok
19:35:04.0482 5852        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:35:04.0591 5852        luafv - ok
19:35:04.0716 5852        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
19:35:04.0747 5852        megasas - ok
19:35:04.0887 5852        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
19:35:04.0903 5852        MegaSR - ok
19:35:05.0028 5852        MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
19:35:05.0059 5852        MEIx64 - ok
19:35:05.0168 5852        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:35:05.0262 5852        Modem - ok
19:35:05.0387 5852        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:35:05.0449 5852        monitor - ok
19:35:05.0589 5852        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:35:05.0621 5852        mouclass - ok
19:35:05.0745 5852        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
19:35:05.0808 5852        mouhid - ok
19:35:05.0917 5852        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:35:05.0948 5852        mountmgr - ok
19:35:06.0073 5852        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:35:06.0104 5852        mpio - ok
19:35:06.0229 5852        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:35:06.0323 5852        mpsdrv - ok
19:35:06.0448 5852        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:35:06.0541 5852        MRxDAV - ok
19:35:06.0650 5852        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:35:06.0697 5852        mrxsmb - ok
19:35:06.0838 5852        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:35:06.0869 5852        mrxsmb10 - ok
19:35:06.0978 5852        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:35:07.0025 5852        mrxsmb20 - ok
19:35:07.0134 5852        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\DRIVERS\msahci.sys
19:35:07.0165 5852        msahci - ok
19:35:07.0274 5852        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:35:07.0306 5852        msdsm - ok
19:35:07.0430 5852        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:35:07.0540 5852        Msfs - ok
19:35:07.0664 5852        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:35:07.0758 5852        mshidkmdf - ok
19:35:07.0883 5852        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:35:07.0898 5852        msisadrv - ok
19:35:08.0039 5852        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:35:08.0132 5852        MSKSSRV - ok
19:35:08.0257 5852        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:35:08.0366 5852        MSPCLOCK - ok
19:35:08.0491 5852        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:35:08.0585 5852        MSPQM - ok
19:35:08.0710 5852        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:35:08.0756 5852        MsRPC - ok
19:35:08.0881 5852        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:35:08.0912 5852        mssmbios - ok
19:35:09.0022 5852        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:35:09.0100 5852        MSTEE - ok
19:35:09.0224 5852        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
19:35:09.0287 5852        MTConfig - ok
19:35:09.0396 5852        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:35:09.0427 5852        Mup - ok
19:35:09.0568 5852        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:35:09.0646 5852        NativeWifiP - ok
19:35:09.0802 5852        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:35:09.0864 5852        NDIS - ok
19:35:09.0989 5852        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:35:10.0082 5852        NdisCap - ok
19:35:10.0223 5852        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:35:10.0301 5852        NdisTapi - ok
19:35:10.0426 5852        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:35:10.0519 5852        Ndisuio - ok
19:35:10.0644 5852        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:35:10.0753 5852        NdisWan - ok
19:35:10.0878 5852        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:35:10.0987 5852        NDProxy - ok
19:35:11.0096 5852        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:35:11.0190 5852        NetBIOS - ok
19:35:11.0315 5852        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:35:11.0424 5852        NetBT - ok
19:35:11.0564 5852        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
19:35:11.0596 5852        nfrd960 - ok
19:35:11.0720 5852        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:35:11.0814 5852        Npfs - ok
19:35:11.0970 5852        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:35:12.0064 5852        nsiproxy - ok
19:35:12.0220 5852        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:35:12.0313 5852        Ntfs - ok
19:35:12.0422 5852        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:35:12.0516 5852        Null - ok
19:35:12.0641 5852        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:35:12.0672 5852        nvraid - ok
19:35:12.0797 5852        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:35:12.0828 5852        nvstor - ok
19:35:12.0953 5852        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:35:12.0984 5852        nv_agp - ok
19:35:13.0109 5852        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:35:13.0156 5852        ohci1394 - ok
19:35:13.0296 5852        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
19:35:13.0343 5852        Parport - ok
19:35:13.0468 5852        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
19:35:13.0499 5852        partmgr - ok
19:35:13.0639 5852        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:35:13.0670 5852        pci - ok
19:35:13.0780 5852        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
19:35:13.0811 5852        pciide - ok
19:35:13.0920 5852        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
19:35:13.0951 5852        pcmcia - ok
19:35:14.0076 5852        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:35:14.0092 5852        pcw - ok
19:35:14.0232 5852        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:35:14.0326 5852        PEAUTH - ok
19:35:14.0435 5852        PGEffect        (91111cebbde8015e822c46120ed9537c) C:\Windows\system32\DRIVERS\pgeffect.sys
19:35:14.0466 5852        PGEffect - ok
19:35:14.0606 5852        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:35:14.0700 5852        PptpMiniport - ok
19:35:14.0825 5852        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
19:35:14.0887 5852        Processor - ok
19:35:15.0028 5852        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:35:15.0121 5852        Psched - ok
19:35:15.0293 5852        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
19:35:15.0355 5852        ql2300 - ok
19:35:15.0480 5852        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
19:35:15.0511 5852        ql40xx - ok
19:35:15.0636 5852        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:35:15.0698 5852        QWAVEdrv - ok
19:35:15.0823 5852        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:35:15.0932 5852        RasAcd - ok
19:35:16.0057 5852        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:35:16.0151 5852        RasAgileVpn - ok
19:35:16.0291 5852        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:35:16.0385 5852        Rasl2tp - ok
19:35:16.0494 5852        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:35:16.0603 5852        RasPppoe - ok
19:35:16.0759 5852        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:35:16.0853 5852        RasSstp - ok
19:35:16.0978 5852        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:35:17.0087 5852        rdbss - ok
19:35:17.0196 5852        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
19:35:17.0258 5852        rdpbus - ok
19:35:17.0368 5852        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:35:17.0461 5852        RDPCDD - ok
19:35:17.0570 5852        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:35:17.0664 5852        RDPENCDD - ok
19:35:17.0773 5852        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:35:17.0851 5852        RDPREFMP - ok
19:35:17.0976 5852        RDPWD          (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
19:35:18.0038 5852        RDPWD - ok
19:35:18.0163 5852        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:35:18.0194 5852        rdyboost - ok
19:35:18.0335 5852        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:35:18.0428 5852        rspndr - ok
19:35:18.0569 5852        RSUSBSTOR      (be29b0a3ac1e8bd02ffab8cee86badfa) C:\Windows\system32\Drivers\RtsUStor.sys
19:35:18.0600 5852        RSUSBSTOR - ok
19:35:18.0740 5852        RTL8167        (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:35:18.0772 5852        RTL8167 - ok
19:35:18.0896 5852        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:35:18.0928 5852        sbp2port - ok
19:35:19.0021 5852        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:35:19.0115 5852        scfilter - ok
19:35:19.0240 5852        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:35:19.0318 5852        secdrv - ok
19:35:19.0427 5852        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
19:35:19.0489 5852        Serenum - ok
19:35:19.0614 5852        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
19:35:19.0676 5852        Serial - ok
19:35:19.0801 5852        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
19:35:19.0848 5852        sermouse - ok
19:35:19.0988 5852        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:35:20.0035 5852        sffdisk - ok
19:35:20.0144 5852        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:35:20.0207 5852        sffp_mmc - ok
19:35:20.0316 5852        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:35:20.0378 5852        sffp_sd - ok
19:35:20.0488 5852        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
19:35:20.0534 5852        sfloppy - ok
19:35:20.0675 5852        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
19:35:20.0706 5852        SiSRaid2 - ok
19:35:20.0815 5852        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
19:35:20.0846 5852        SiSRaid4 - ok
19:35:20.0956 5852        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:35:21.0065 5852        Smb - ok
19:35:21.0221 5852        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:35:21.0236 5852        spldr - ok
19:35:21.0392 5852        sptd            (34f974f8b3c86de03a30dcbe79091c97) C:\Windows\System32\Drivers\sptd.sys
19:35:21.0439 5852        sptd - ok
19:35:21.0548 5852        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:35:21.0611 5852        srv - ok
19:35:21.0736 5852        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:35:21.0798 5852        srv2 - ok
19:35:21.0938 5852        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:35:22.0001 5852        srvnet - ok
19:35:22.0157 5852        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
19:35:22.0188 5852        stexstor - ok
19:35:22.0328 5852        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:35:22.0344 5852        swenum - ok
19:35:22.0516 5852        SynTP          (f5b46df59feaa48a442aed7eeb754d4b) C:\Windows\system32\DRIVERS\SynTP.sys
19:35:22.0578 5852        SynTP - ok
19:35:22.0750 5852        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
19:35:22.0812 5852        Tcpip - ok
19:35:22.0968 5852        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
19:35:23.0030 5852        TCPIP6 - ok
19:35:23.0124 5852        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:35:23.0233 5852        tcpipreg - ok
19:35:23.0342 5852        tdcmdpst        (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys
19:35:23.0374 5852        tdcmdpst - ok
19:35:23.0483 5852        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:35:23.0530 5852        TDPIPE - ok
19:35:23.0654 5852        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:35:23.0701 5852        TDTCP - ok
19:35:23.0810 5852        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:35:23.0904 5852        tdx - ok
19:35:24.0044 5852        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:35:24.0060 5852        TermDD - ok
19:35:24.0200 5852        TIEHDUSB        (199c2e87d9a5ec58d0bcd94e893bf629) C:\Windows\system32\DRIVERS\tiehdusb.sys
19:35:24.0263 5852        TIEHDUSB - ok
19:35:24.0419 5852        tosrfbd        (09cf82c0068c7cff7e2b3797be7f5cc2) C:\Windows\system32\DRIVERS\tosrfbd.sys
19:35:24.0450 5852        tosrfbd - ok
19:35:24.0544 5852        Tosrfcom - ok
19:35:24.0653 5852        tosrfec        (f5e3ac4cbcd154ee80849b21887fd0b0) C:\Windows\system32\DRIVERS\tosrfec.sys
19:35:24.0684 5852        tosrfec - ok
19:35:24.0793 5852        Tosrfusb        (7a0048693f98460ff537be31c741b927) C:\Windows\system32\DRIVERS\tosrfusb.sys
19:35:24.0824 5852        Tosrfusb - ok
19:35:24.0949 5852        tos_sps64      (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\Windows\system32\DRIVERS\tos_sps64.sys
19:35:24.0996 5852        tos_sps64 - ok
19:35:25.0121 5852        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:35:25.0199 5852        tssecsrv - ok
19:35:25.0339 5852        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:35:25.0386 5852        TsUsbFlt - ok
19:35:25.0495 5852        TsUsbGD        (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
19:35:25.0542 5852        TsUsbGD - ok
19:35:25.0667 5852        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:35:25.0776 5852        tunnel - ok
19:35:25.0901 5852        TVALZ          (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
19:35:25.0932 5852        TVALZ - ok
19:35:26.0041 5852        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
19:35:26.0072 5852        uagp35 - ok
19:35:26.0182 5852        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:35:26.0291 5852        udfs - ok
19:35:26.0416 5852        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:35:26.0447 5852        uliagpkx - ok
19:35:26.0572 5852        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:35:26.0618 5852        umbus - ok
19:35:26.0743 5852        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
19:35:26.0790 5852        UmPass - ok
19:35:26.0946 5852        USBAAPL64      (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
19:35:26.0977 5852        USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
19:35:26.0977 5852        USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
19:35:27.0102 5852        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:35:27.0149 5852        usbccgp - ok
19:35:27.0274 5852        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:35:27.0352 5852        usbcir - ok
19:35:27.0476 5852        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
19:35:27.0554 5852        usbehci - ok
19:35:27.0679 5852        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:35:27.0742 5852        usbhub - ok
19:35:27.0851 5852        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:35:27.0898 5852        usbohci - ok
19:35:28.0038 5852        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:35:28.0100 5852        usbprint - ok
19:35:28.0225 5852        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:35:28.0272 5852        usbscan - ok
19:35:28.0381 5852        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:35:28.0428 5852        USBSTOR - ok
19:35:28.0537 5852        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:35:28.0584 5852        usbuhci - ok
19:35:28.0709 5852        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
19:35:28.0771 5852        usbvideo - ok
19:35:28.0912 5852        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:35:28.0943 5852        vdrvroot - ok
19:35:29.0052 5852        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:35:29.0099 5852        vga - ok
19:35:29.0208 5852        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:35:29.0302 5852        VgaSave - ok
19:35:29.0426 5852        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:35:29.0458 5852        vhdmp - ok
19:35:29.0551 5852        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:35:29.0582 5852        viaide - ok
19:35:29.0707 5852        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:35:29.0723 5852        volmgr - ok
19:35:29.0848 5852        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:35:29.0879 5852        volmgrx - ok
19:35:29.0972 5852        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:35:30.0019 5852        volsnap - ok
19:35:30.0128 5852        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
19:35:30.0160 5852        vsmraid - ok
19:35:30.0284 5852        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:35:30.0362 5852        vwifibus - ok
19:35:30.0472 5852        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:35:30.0550 5852        vwififlt - ok
19:35:30.0674 5852        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
19:35:30.0706 5852        vwifimp - ok
19:35:30.0815 5852        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
19:35:30.0877 5852        WacomPen - ok
19:35:30.0986 5852        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:35:31.0096 5852        WANARP - ok
19:35:31.0127 5852        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:35:31.0220 5852        Wanarpv6 - ok
19:35:31.0330 5852        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
19:35:31.0361 5852        Wd - ok
19:35:31.0486 5852        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:35:31.0532 5852        Wdf01000 - ok
19:35:31.0657 5852        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:35:31.0735 5852        WfpLwf - ok
19:35:31.0844 5852        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:35:31.0876 5852        WIMMount - ok
19:35:32.0032 5852        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:35:32.0094 5852        WinUsb - ok
19:35:32.0250 5852        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:35:32.0297 5852        WmiAcpi - ok
19:35:32.0484 5852        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:35:32.0593 5852        ws2ifsl - ok
19:35:32.0718 5852        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:35:32.0796 5852        WudfPf - ok
19:35:32.0905 5852        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:35:32.0999 5852        WUDFRd - ok
19:35:33.0061 5852        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:35:33.0233 5852        \Device\Harddisk0\DR0 - ok
19:35:33.0264 5852        Boot (0x1200)  (6bb62090a3744140081c216e581d012a) \Device\Harddisk0\DR0\Partition0
19:35:33.0264 5852        \Device\Harddisk0\DR0\Partition0 - ok
19:35:33.0295 5852        Boot (0x1200)  (e79cdd2a72f6af28c80445a703c5c52d) \Device\Harddisk0\DR0\Partition1
19:35:33.0295 5852        \Device\Harddisk0\DR0\Partition1 - ok
19:35:33.0295 5852        ============================================================
19:35:33.0295 5852        Scan finished
19:35:33.0295 5852        ============================================================
19:35:33.0326 3800        Detected object count: 1
19:35:33.0326 3800        Actual detected object count: 1
19:36:30.0750 3800        USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:30.0750 3800        USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
gruß verena

cosinus 22.03.2012 11:34
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

vmeu 22.03.2012 17:54
Schönen sonnigen Tag Arne,
ich habe ComboFix laufen lassen und hier ist das Log dazu.
Combofix Logfile:
Code:
ComboFix 12-03-22.01 - verena 22.03.2012  17:24:13.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.6056.4101 [GMT 1:00]
ausgeführt von:: c:\users\verena\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\verena\4.0
c:\users\verena\AppData\Roaming\AcroIEHelpe.txt
c:\users\verena\AppData\Roaming\srvblck2.tmp
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-22 bis 2012-03-22  ))))))))))))))))))))))))))))))
.
.
2012-03-22 16:29 . 2012-03-22 16:29        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-03-21 17:23 . 2012-03-21 17:23        --------        d-----w-        C:\_OTL
2012-03-20 08:34 . 2012-02-08 07:13        8643640        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A82FF995-C964-489A-864C-2B7263144825}\mpengine.dll
2012-03-19 17:55 . 2012-03-19 17:55        --------        d-----w-        c:\users\verena\AppData\Roaming\Malwarebytes
2012-03-19 17:55 . 2012-03-19 17:55        --------        d-----w-        c:\programdata\Malwarebytes
2012-03-19 17:55 . 2012-03-19 17:55        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-19 17:55 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-19 13:25 . 2012-03-19 13:29        --------        d-----w-        c:\program files (x86)\MasingHBQM
2012-03-18 17:17 . 2012-03-18 17:17        --------        d-----w-        c:\program files (x86)\ESET
2012-03-18 15:43 . 2012-03-18 15:43        592824        ----a-w-        c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 15:43 . 2012-03-18 15:43        44472        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-17 21:41 . 2011-11-19 15:20        5559152        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-03-17 21:41 . 2011-11-19 14:50        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-03-17 21:41 . 2011-11-19 14:50        3913584        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-03-17 20:46 . 2012-03-07 00:04        337240        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2012-03-17 20:46 . 2012-03-07 00:01        24408        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2012-03-17 20:46 . 2012-03-07 00:02        53080        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2012-03-17 20:46 . 2012-03-07 00:01        59224        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2012-03-17 20:46 . 2012-03-07 00:04        819032        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2012-03-17 20:46 . 2012-03-07 00:01        69976        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2012-03-17 20:46 . 2012-03-07 00:15        258520        ----a-w-        c:\windows\system32\aswBoot.exe
2012-03-17 20:45 . 2012-03-07 00:15        41184        ----a-w-        c:\windows\avastSS.scr
2012-03-17 20:45 . 2012-03-07 00:15        201352        ----a-w-        c:\windows\SysWow64\aswBoot.exe
2012-03-17 20:45 . 2012-03-17 20:45        --------        d-----w-        c:\programdata\AVAST Software
2012-03-17 20:45 . 2012-03-17 20:45        --------        d-----w-        c:\program files\AVAST Software
2012-03-17 20:24 . 2012-03-17 20:24        51496        ----a-w-        c:\windows\system32\drivers\stflt.sys
2012-03-17 20:22 . 2012-02-03 04:34        3145728        ----a-w-        c:\windows\system32\win32k.sys
2012-03-17 20:22 . 2012-02-10 06:36        1544192        ----a-w-        c:\windows\system32\DWrite.dll
2012-03-17 20:22 . 2012-02-10 05:38        1077248        ----a-w-        c:\windows\SysWow64\DWrite.dll
2012-03-17 20:21 . 2012-01-25 06:38        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-03-17 20:21 . 2012-01-25 06:38        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-03-17 20:21 . 2012-01-25 06:33        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-03-17 20:21 . 2012-02-17 06:38        1031680        ----a-w-        c:\windows\system32\rdpcore.dll
2012-03-17 20:21 . 2012-02-17 05:34        826880        ----a-w-        c:\windows\SysWow64\rdpcore.dll
2012-03-17 20:21 . 2012-02-17 04:58        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-03-17 20:21 . 2012-02-17 04:57        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
2012-02-22 17:19 . 2012-02-22 17:19        --------        d--h--w-        c:\programdata\CanonBJ
2012-02-22 17:19 . 2009-07-14 01:40        84992        ----a-w-        c:\windows\system32\Spool\prtprocs\x64\CNBPP4.DLL
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-25 11:08 . 2011-07-29 17:30        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2010-11-21 03:27        279656        ------w-        c:\windows\system32\MpSigStub.exe
2012-01-04 10:44 . 2012-02-15 11:41        509952        ----a-w-        c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 11:41        442880        ----a-w-        c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-15 11:41        515584        ----a-w-        c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-15 11:41        478720        ----a-w-        c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-15 11:41        498688        ----a-w-        c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-02-18 845176]
"Sony Ericsson PC Companion"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-10-21 433872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-01-03 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-01-07 1406248]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"WinampAgent"="c:\users\verena\Winamp\winampa.exe" [2011-07-11 74752]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-02-18 845176]
.
c:\users\verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-4-27 1492352]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 136176]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 136176]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R4 Fdscacleu;Fdscacleu; [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-01-14 572712]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 20:13]
.
2012-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 20:13]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15        135408        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-07 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-07 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-07 418136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-12 11775592]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-10 2186856]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-04-27 150992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page =
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Zu TOSHIBA Bulletin Board hinzufügen - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
IE: {{97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} -
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\rosdq6me.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-22  17:44:53 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-22 16:44
.
Vor Suchlauf: 10 Verzeichnis(se), 168.057.888.768 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 167.519.285.248 Bytes frei
.
- - End Of File - - B035816FFFD5C78AE6B4D6873B135317
--- --- ---


gruß verena

cosinus 23.03.2012 20:47
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

vmeu 24.03.2012 14:38
Hallo Arne,
die aswMBR.txt für dich.
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-24 14:18:53
-----------------------------
14:18:53.876    OS Version: Windows x64 6.1.7601 Service Pack 1
14:18:53.876    Number of processors: 4 586 0x2A07
14:18:53.876    ComputerName: SÜTTI  UserName:
14:18:54.734    Initialize success
14:18:54.859    AVAST engine defs: 12032400
14:19:06.886    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:19:06.886    Disk 0 Vendor: Hitachi_ JE3O Size: 476940MB BusType: 3
14:19:06.933    Disk 0 MBR read successfully
14:19:06.933    Disk 0 MBR scan
14:19:06.933    Disk 0 Windows 7 default MBR code
14:19:06.949    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS          400 MB offset 2048
14:19:06.964    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      238196 MB offset 821248
14:19:06.980    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      238343 MB offset 488646656
14:19:07.027    Disk 0 scanning C:\Windows\system32\drivers
14:19:14.967    Service scanning
14:19:40.614    Modules scanning
14:19:40.629    Disk 0 trace - called modules:
14:19:40.661    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
14:19:41.175    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80078a4060]
14:19:41.175    3 CLASSPNP.SYS[fffff880018a643f] -> nt!IofCallDriver -> [0xfffffa80059765f0]
14:19:41.191    5 ACPI.sys[fffff88000e1a7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80059f5050]
14:19:41.877    AVAST engine scan C:\Windows
14:19:45.029    AVAST engine scan C:\Windows\system32
14:21:59.251    AVAST engine scan C:\Windows\system32\drivers
14:22:09.547    AVAST engine scan C:\Users\verena
14:27:01.003    AVAST engine scan C:\ProgramData
14:28:01.733    Scan finished successfully
14:33:11.316    Disk 0 MBR has been saved successfully to "C:\Users\verena\Desktop\MBR.dat"
14:33:11.332    The log file has been saved successfully to "C:\Users\verena\Desktop\aswMBR.txt"
gruß Verena

cosinus 24.03.2012 18:51
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

vmeu 24.03.2012 22:33
so jetzt sind die beiden scan's auch endlich fertig.
Malwarebytes
Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.24.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
verena :: SÜTTI [Administrator]

24.03.2012 21:24:39
mbam-log-2012-03-24 (21-24-39).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 346229
Laufzeit: 1 Stunde(n), 2 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Super AntiSpyware
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/24/2012 at 09:21 PM

Application Version : 5.0.1146

Core Rules Database Version : 8377
Trace Rules Database Version: 6189

Scan type      : Complete Scan
Total Scan Time : 01:52:31

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 788
Memory threats detected  : 0
Registry items scanned    : 65522
Registry threats detected : 0
File items scanned        : 189968
File threats detected    : 25

Adware.Tracking Cookie
        C:\Users\verena\AppData\Roaming\Microsoft\Windows\Cookies\EG7DJNYJ.txt [ /ad.zanox.com ]
        C:\Users\verena\AppData\Roaming\Microsoft\Windows\Cookies\CZ0MUW1U.txt [ /apmebf.com ]
        C:\Users\verena\AppData\Roaming\Microsoft\Windows\Cookies\3ZDAKKSD.txt [ /mediaplex.com ]
        C:\Users\verena\AppData\Roaming\Microsoft\Windows\Cookies\QWG3C120.txt [ /ad.yieldmanager.com ]
        C:\Users\verena\AppData\Roaming\Microsoft\Windows\Cookies\GTXLDPET.txt [ /zanox.com ]
        C:\Users\verena\AppData\Roaming\Microsoft\Windows\Cookies\SWC911YX.txt [ /atdmt.com ]
        C:\Users\verena\AppData\Roaming\Microsoft\Windows\Cookies\NFXFKOSN.txt [ /serving-sys.com ]
        C:\Users\verena\AppData\Roaming\Microsoft\Windows\Cookies\4P69ZCW9.txt [ /ad3.adfarm1.adition.com ]
        C:\Users\verena\AppData\Roaming\Microsoft\Windows\Cookies\AZFJ7IGR.txt [ /tradedoubler.com ]
        C:\Users\verena\AppData\Roaming\Microsoft\Windows\Cookies\J18SLPRS.txt [ /doubleclick.net ]
        C:\Users\verena\AppData\Roaming\Microsoft\Windows\Cookies\3R19XIIO.txt [ /adfarm1.adition.com ]
        C:\Users\verena\AppData\Roaming\Microsoft\Windows\Cookies\JCPD0YCT.txt [ /www.etracker.de ]
        C:\Users\verena\AppData\Roaming\Microsoft\Windows\Cookies\KIF3OKNS.txt [ /smartadserver.com ]
        C:\USERS\VERENA\AppData\Roaming\Microsoft\Windows\Cookies\Low\VMRWUSG7.txt [ Cookie:verena@ad.zanox.com/ ]
        C:\USERS\VERENA\AppData\Roaming\Microsoft\Windows\Cookies\Low\WFEB4Z9P.txt [ Cookie:verena@clkads.com/adServe/banners ]
        C:\USERS\VERENA\AppData\Roaming\Microsoft\Windows\Cookies\Low\86RVF2UE.txt [ Cookie:verena@clkads.com/adServe/ ]
        C:\USERS\VERENA\AppData\Roaming\Microsoft\Windows\Cookies\Low\3YZ9PODO.txt [ Cookie:verena@yadro.ru/ ]
        C:\USERS\VERENA\Cookies\EG7DJNYJ.txt [ Cookie:verena@ad.zanox.com/ ]
        C:\USERS\VERENA\Cookies\CZ0MUW1U.txt [ Cookie:verena@apmebf.com/ ]
        C:\USERS\VERENA\Cookies\QWG3C120.txt [ Cookie:verena@ad.yieldmanager.com/ ]
        C:\USERS\VERENA\Cookies\SWC911YX.txt [ Cookie:verena@atdmt.com/ ]
        C:\USERS\VERENA\Cookies\AZFJ7IGR.txt [ Cookie:verena@tradedoubler.com/ ]
        C:\USERS\VERENA\Cookies\J18SLPRS.txt [ Cookie:verena@doubleclick.net/ ]
        C:\USERS\VERENA\Cookies\JCPD0YCT.txt [ Cookie:verena@www.etracker.de/ ]
        C:\USERS\VERENA\Cookies\KIF3OKNS.txt [ Cookie:verena@smartadserver.com/ ]
gruß Verena


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:33 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55