Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   hab ein sehr grosses problemm (https://www.trojaner-board.de/92078-hab-sehr-grosses-problemm.html)

speedy gon 21.10.2010 17:53
hab ein sehr grosses problemm
 
hallo mein name ist david ich komm aus freiburg

ich habe ein grosses problem ich habe mir ne pallete viren eingefangen gerade diese java viren sind irgend wie komisch öffen wenn ich internet bin irgendwelche seiten die ich nicht mal kenne er fordert mich auf irgend etwas zu instalieren
hier sind die namen der 3 ersten

er heist java agent m1/java agent ht/java agent dldr w so das sind die ersten drei ich hoffe ihr könnt mir helfen die 2 anderen poste ich später ps mein betriebs system ist win 7 home premium 32 bit ich hab denn lap gerade mal ein halbes jahr :dankeschoen::dankeschoen:

cosinus 21.10.2010 18:54
Immer die genauen Schädlingsnamen und Pfadangaben notieren und posten!

Aus den Regeln:

5. Beschreibe Dein Problem in einigen Sätzen und arbeite diese Anleitung ab Punkt 2. durch
Auch Funde von deiner Sicherheitssoftware bitte im Thema nennen: (z.B. c:\windows\virus.exe)
Fehlen diese Angaben, kann und wird dir hier niemand helfen.

speedy gon 21.10.2010 22:20
sory mein fehler c user toshiba app data sun local low sun java deployment cache 6.05766389bb9-6085d682
so sind auch die restlichen viren also die nummern und der ort stimmen alle überrein hoffe ich konnte weiter helfen

cosinus 21.10.2010 22:27
Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

speedy gon 03.11.2010 16:20
ich hab das programm runtergeladen das ergebniss seht ihr hier

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5032

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

03.11.2010 16:18:26
mbam-log-2010-11-03 (16-18-26).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 250468
Laufzeit: 1 Stunde(n), 7 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 4
Infizierte Speichermodule: 4
Infizierte Registrierungsschlüssel: 9
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 2
Infizierte Dateien: 18

Infizierte Speicherprozesse:
C:\Windows\System32\montr_ci32.exe (Trojan.Tracur) -> Unloaded process successfully.
C:\ProgramData\apilogen32.exe (Trojan.Tracur) -> Unloaded process successfully.
C:\Users\Toshiba\AppData\Roaming\SysWin\lsass.exe (Trojan.Tracur) -> Unloaded process successfully.
C:\Windows\kbdlk41awow.exe (Trojan.Tracur) -> Unloaded process successfully.

Infizierte Speichermodule:
C:\Windows\System32\api-ms-win-core-handle-l1-1-032.dll (Trojan.Tracur) -> Delete on reboot.
C:\ProgramData\api-ms-win-core-handle-l1-1-032.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\config\systemprofile\AppData\Roaming\28B6.tmp (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\config\systemprofile\AppData\Roaming\B9BD.tmp (Trojan.Tracur) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{028b76fa-ac17-4eee-bd09-2f13300d1cb5} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{028b76fa-ac17-4eee-bd09-2f13300d1cb5} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{028b76fa-ac17-4eee-bd09-2f13300d1cb5} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{028b76fa-ac17-4eee-bd09-2f13300d1cb5} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sharedaccess32 (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5cb8fc55-6b16-9e92-26f7-f9874f102dac} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5cb8fc55-6b16-9e92-26f7-f9874f102dac} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5cb8fc55-6b16-9e92-26f7-f9874f102dac} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rthdbpl (Trojan.Tracur) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\programdata\api-ms-win-core-handle-l1-1-032.dll -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\ProgramData\1279794681 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Toshiba\AppData\Roaming\SysWin (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Windows\System32\api-ms-win-core-handle-l1-1-032.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\montr_ci32.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\api-ms-win-core-handle-l1-1-032.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\config\systemprofile\AppData\Roaming\28B6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\B9BD.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\apilogen32.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\Toshiba\AppData\Roaming\SysWin\lsass.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\kbdlk41awow.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\1A68F993DF982149BDBB63DBF5A48779\b\binc1 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\1A68F993DF982149BDBB63DBF5A48779\b\binc2 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\1A68F993DF982149BDBB63DBF5A48779\b\binc3 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\1A68F993DF982149BDBB63DBF5A48779\b\binc4 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\lsass.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\Temp\8335.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\Temp\9CCB.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\Temp\AD9C.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\Temp\AE49.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\GnuHashes.ini (Trojan.Tracur) -> Quarantined and deleted successfully.

speedy gon 03.11.2010 16:29
so nun noch der scan vom otl
OTL Logfile:
Code:
OTL logfile created on: 03.11.2010 16:23:43 - Run 1
OTL by OldTimer - Version 3.2.17.2    Folder = C:\Users\Toshiba\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 56,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,22 Gb Total Space | 34,27 Gb Free Space | 46,18% Space Free | Partition Type: NTFS
Drive D: | 74,44 Gb Total Space | 68,56 Gb Free Space | 92,10% Space Free | Partition Type: NTFS
 
Computer Name: DAVID-NOTEBOOK | User Name: Toshiba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Toshiba\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Comodo\COMODO livePCsupport\CLPSLS.exe (COMODO)
PRC - C:\Program Files\Comodo\COMODO livePCsupport\CLPS.exe (COMODO)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
PRC - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
PRC - C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\igfxext.exe (Intel Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Toshiba\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (SharedAccess32) --  File not found
SRV - (CLPSLS) -- C:\Program Files\Comodo\COMODO livePCsupport\CLPSLS.exe (COMODO)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TMachInfo) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBCCID) -- C:\Windows\System32\DRIVERS\RtsUCcid.sys File not found
DRV - (RtsUIR) -- C:\Windows\System32\DRIVERS\Rts516xIR.sys File not found
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                          )
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\system32\DRIVERS\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) Brother WDM-Treiber (seriell) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek                                            )
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (s1018mdm) -- C:\Windows\System32\drivers\s1018mdm.sys (MCCI Corporation)
DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1018unic.sys (MCCI Corporation)
DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1018mgmt.sys (MCCI Corporation)
DRV - (s1018obex) -- C:\Windows\System32\drivers\s1018obex.sys (MCCI Corporation)
DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\System32\drivers\s1018bus.sys (MCCI Corporation)
DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1018nd5.sys (MCCI Corporation)
DRV - (s1018mdfl) -- C:\Windows\System32\drivers\s1018mdfl.sys (MCCI Corporation)
DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = FA 76 8B 02 17 AC EE 4E BD 09 2F 13 30 0D 1C B5  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d122ad80-ff45-11dd-87af-0800200c9a66}:3.6.29.01.10
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.06.13 14:50:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.15 21:51:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.21 06:13:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.21 06:13:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.10.20 21:50:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.10.20 21:50:13 | 000,000,000 | ---D | M]
 
[2010.06.13 17:31:26 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\mozilla\Extensions
[2010.06.13 14:50:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toshiba\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.06.13 17:31:26 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010.11.03 15:02:15 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\mozilla\Firefox\Profiles\1bw1cgqp.default\extensions
[2010.09.09 23:20:55 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Toshiba\AppData\Roaming\mozilla\Firefox\Profiles\1bw1cgqp.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.08.23 17:44:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Toshiba\AppData\Roaming\mozilla\Firefox\Profiles\1bw1cgqp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.13 19:43:03 | 000,000,000 | ---D | M] (Green Fox) -- C:\Users\Toshiba\AppData\Roaming\mozilla\Firefox\Profiles\1bw1cgqp.default\extensions\{d122ad80-ff45-11dd-87af-0800200c9a66}
[2010.06.13 17:46:55 | 000,002,253 | ---- | M] () -- C:\Users\Toshiba\AppData\Roaming\Mozilla\FireFox\Profiles\1bw1cgqp.default\searchplugins\askcom.xml
[2010.10.21 21:49:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.06.13 14:38:47 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.08.23 17:44:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.09.14 22:32:39 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.14 22:32:39 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.14 22:32:39 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.14 22:32:39 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.14 22:32:39 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [COMODO] C:\Program Files\Comodo\COMODO livePCsupport\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKCU..\Run: [fsm]  File not found
O4 - HKCU..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{41af46ee-a972-11df-bba5-0026224c0318}\Shell - "" = AutoRun
O33 - MountPoints2\{41af46ee-a972-11df-bba5-0026224c0318}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{ba29e9ef-9e41-11df-8f13-0026224c0318}\Shell - "" = AutoRun
O33 - MountPoints2\{ba29e9ef-9e41-11df-8f13-0026224c0318}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{cc2a529a-9a5a-11df-ae30-0026224c0318}\Shell - "" = AutoRun
O33 - MountPoints2\{cc2a529a-9a5a-11df-ae30-0026224c0318}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{cc2a529c-9a5a-11df-ae30-0026224c0318}\Shell - "" = AutoRun
O33 - MountPoints2\{cc2a529c-9a5a-11df-ae30-0026224c0318}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{cc2a52a6-9a5a-11df-ae30-0026224c0318}\Shell - "" = AutoRun
O33 - MountPoints2\{cc2a52a6-9a5a-11df-ae30-0026224c0318}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.03 15:04:31 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Malwarebytes
[2010.11.03 15:04:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.03 15:04:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.11.03 15:04:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.11.03 15:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.11.03 14:45:57 | 000,000,000 | -HSD | C] -- C:\ProgramData\1A68F993DF982149BDBB63DBF5A48779
[2010.10.31 21:01:41 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\cdviewer
[2010.10.20 23:26:05 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Desktop\Dream_Dance_Vol.57( www.BreakZ.us )
[2010.10.20 23:06:02 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Desktop\musik
[2010.10.20 21:30:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\SysWoW32
[2010.10.20 21:29:43 | 000,258,048 | ---- | C] (Inprise Corporation) -- C:\ProgramData\api-ms-win-core-handle-l1-1-032.dll
[2010.10.20 21:28:07 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\Apple Computer
[2010.10.20 21:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010.10.20 21:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010.10.18 10:12:13 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Documents\Eigene Scans
[2010.10.17 13:21:34 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\PhotoScape
[2010.10.17 13:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
[2010.10.16 22:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010.10.15 16:21:53 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2010.10.15 16:21:20 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\HP
[2010.10.15 16:21:17 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\HP
[2010.10.15 16:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2010.10.15 16:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010.10.15 16:13:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010.10.15 16:13:29 | 000,000,000 | ---D | C] -- C:\Windows\hpoj4500g510a-f
[2010.10.15 16:12:13 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2010.10.15 16:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010.10.15 16:10:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2010.10.10 20:17:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010.10.10 20:17:33 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010.08.03 22:36:44 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe8F99.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Toshiba\Desktop\*.tmp files -> C:\Users\Toshiba\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.03 16:18:40 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\gxip.sys
[2010.11.03 16:16:39 | 000,001,185 | ---- | M] () -- C:\ProgramData\234881506
[2010.11.03 16:15:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.03 15:04:17 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.03 14:52:49 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.11.03 14:52:49 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.11.03 14:52:49 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.11.03 14:52:49 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.11.03 14:52:49 | 000,016,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.03 14:52:49 | 000,016,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.03 14:45:57 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.11.03 14:45:21 | 000,000,323 | ---- | M] () -- C:\ProgramData\sl1338751068
[2010.11.03 14:45:11 | 000,000,208 | -HS- | M] () -- C:\ProgramData\774515406
[2010.11.03 14:43:33 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.03 14:43:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.03 14:43:00 | 1504,354,304 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.28 18:06:08 | 000,010,265 | ---- | M] () -- C:\Users\Toshiba\Documents\hallo mein name ist david löczi aus demm oberste stock ich bin an ihrem rad interesiert falls sie es verkaufen wollen melden sie sich einfach im obersten  stock bzw rufen  sie mich an  meine nummer ist 01721716254 vielen d.docx
[2010.10.27 23:16:42 | 000,013,506 | ---- | M] () -- C:\Users\Toshiba\Documents\Hallo Jessy und Veronika.docx
[2010.10.27 18:25:45 | 000,010,220 | ---- | M] () -- C:\Users\Toshiba\Documents\An alle mit Mieter diese 2 räder dürfen Bitte nicht.docx
[2010.10.20 21:30:02 | 000,203,776 | -HS- | M] () -- C:\ProgramData\unrar.exe
[2010.10.20 21:29:44 | 000,000,109 | ---- | M] () -- C:\Windows\System32\81030633
[2010.10.17 13:34:18 | 000,008,192 | -H-- | M] () -- C:\Users\Toshiba\Desktop\photothumb.db
[2010.10.15 21:55:25 | 000,023,701 | ---- | M] () -- C:\Windows\hpqins15.dat
[2010.10.15 21:53:18 | 000,418,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.15 16:21:02 | 000,197,079 | ---- | M] () -- C:\Windows\hpwins27.dat
[2010.10.15 16:15:14 | 000,002,036 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010.10.07 16:20:45 | 000,000,162 | -H-- | M] () -- C:\Users\Toshiba\Desktop\~$ericht.docx
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Toshiba\Desktop\*.tmp files -> C:\Users\Toshiba\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.03 16:18:40 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\gxip.sys
[2010.11.03 15:04:17 | 000,000,946 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.28 18:06:07 | 000,010,265 | ---- | C] () -- C:\Users\Toshiba\Documents\hallo mein name ist david löczi aus demm oberste stock ich bin an ihrem rad interesiert falls sie es verkaufen wollen melden sie sich einfach im obersten  stock bzw rufen  sie mich an  meine nummer ist 01721716254 vielen d.docx
[2010.10.27 23:16:41 | 000,013,506 | ---- | C] () -- C:\Users\Toshiba\Documents\Hallo Jessy und Veronika.docx
[2010.10.27 18:25:45 | 000,010,220 | ---- | C] () -- C:\Users\Toshiba\Documents\An alle mit Mieter diese 2 räder dürfen Bitte nicht.docx
[2010.10.21 17:16:19 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.10.20 21:30:25 | 000,001,185 | ---- | C] () -- C:\ProgramData\234881506
[2010.10.20 21:30:25 | 000,000,208 | -HS- | C] () -- C:\ProgramData\774515406
[2010.10.20 21:30:12 | 000,000,323 | ---- | C] () -- C:\ProgramData\sl1338751068
[2010.10.20 21:30:02 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2010.10.20 21:29:33 | 000,000,109 | ---- | C] () -- C:\Windows\System32\81030633
[2010.10.17 13:28:12 | 000,008,192 | -H-- | C] () -- C:\Users\Toshiba\Desktop\photothumb.db
[2010.10.15 21:50:38 | 000,023,701 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010.10.15 16:15:14 | 000,002,036 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010.10.15 16:10:49 | 000,197,079 | ---- | C] () -- C:\Windows\hpwins27.dat
[2010.10.15 16:10:49 | 000,001,521 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010.10.07 16:20:45 | 000,000,162 | -H-- | C] () -- C:\Users\Toshiba\Desktop\~$ericht.docx
[2010.08.19 00:10:28 | 000,217,984 | ---- | C] () -- C:\Windows\System32\strmdll.dll
[2010.08.19 00:10:24 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2010.07.31 21:29:42 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.06.13 14:44:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.07 09:02:51 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.09.07 09:02:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.10 05:44:40 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009.04.28 03:37:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
 
========== LOP Check ==========
 
[2010.06.13 20:48:39 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\AnvSoft
[2010.07.28 16:23:39 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Bytemobile
[2010.08.22 17:55:18 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Canneverbe Limited
[2010.08.19 00:01:14 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\DAEMON Tools Net
[2010.06.13 19:50:58 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.25 22:02:34 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Facebook
[2010.10.21 21:49:29 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\LimeWire
[2010.09.08 23:37:02 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\NCH Swift Sound
[2010.10.17 13:33:30 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\PhotoScape
[2010.08.01 11:40:21 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Recordpad
[2010.11.03 14:49:45 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Software Informer
[2010.08.03 23:09:59 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Sony
[2010.06.13 14:50:42 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Thunderbird
[2010.11.01 21:41:06 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Toshiba
[2010.07.28 16:23:50 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Vodafone
[2010.08.16 21:16:53 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Vodafone Mobile Connect
[2010.11.03 14:45:57 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010.09.10 10:43:35 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

cosinus 03.11.2010 17:31
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
SRV - (SharedAccess32) --  File not found
O4 - HKCU..\Run: [fsm]  File not found
O33 - MountPoints2\{41af46ee-a972-11df-bba5-0026224c0318}\Shell - "" = AutoRun
O33 - MountPoints2\{41af46ee-a972-11df-bba5-0026224c0318}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{ba29e9ef-9e41-11df-8f13-0026224c0318}\Shell - "" = AutoRun
O33 - MountPoints2\{ba29e9ef-9e41-11df-8f13-0026224c0318}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{cc2a529a-9a5a-11df-ae30-0026224c0318}\Shell - "" = AutoRun
O33 - MountPoints2\{cc2a529a-9a5a-11df-ae30-0026224c0318}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{cc2a529c-9a5a-11df-ae30-0026224c0318}\Shell - "" = AutoRun
O33 - MountPoints2\{cc2a529c-9a5a-11df-ae30-0026224c0318}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{cc2a52a6-9a5a-11df-ae30-0026224c0318}\Shell - "" = AutoRun
O33 - MountPoints2\{cc2a52a6-9a5a-11df-ae30-0026224c0318}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
[2010.11.03 14:45:57 | 000,000,000 | -HSD | C] -- C:\ProgramData\1A68F993DF982149BDBB63DBF5A48779
[2010.10.20 21:30:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\SysWoW32
[2010.10.20 21:29:43 | 000,258,048 | ---- | C] (Inprise Corporation) -- C:\ProgramData\api-ms-win-core-handle-l1-1-032.dll
[2010.11.03 16:18:40 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\gxip.sys
[2010.11.03 16:16:39 | 000,001,185 | ---- | M] () -- C:\ProgramData\234881506
[2010.11.03 14:45:21 | 000,000,323 | ---- | M] () -- C:\ProgramData\sl1338751068
[2010.11.03 14:45:11 | 000,000,208 | -HS- | M] () -- C:\ProgramData\774515406
[2010.10.20 21:30:02 | 000,203,776 | -HS- | M] () -- C:\ProgramData\unrar.exe
[2010.10.20 21:29:44 | 000,000,109 | ---- | M] () -- C:\Windows\System32\81030633
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

speedy gon 04.11.2010 00:26
so nun habe ich es getan aber was hat das gebracht ich habe mit denn texten nix anfangen können
ich hoffe der bericht meiner freundin ist noch da sonst bringt die mich um

All processes killed
========== OTL ==========
Error: No service named SharedAccess32 was found to stop!
Service\Driver key SharedAccess32 not found.
File File not found not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\fsm not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41af46ee-a972-11df-bba5-0026224c0318}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41af46ee-a972-11df-bba5-0026224c0318}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41af46ee-a972-11df-bba5-0026224c0318}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41af46ee-a972-11df-bba5-0026224c0318}\ not found.
File F:\setup_vmc_lite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba29e9ef-9e41-11df-8f13-0026224c0318}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba29e9ef-9e41-11df-8f13-0026224c0318}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba29e9ef-9e41-11df-8f13-0026224c0318}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba29e9ef-9e41-11df-8f13-0026224c0318}\ not found.
File F:\setup_vmc_lite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc2a529a-9a5a-11df-ae30-0026224c0318}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc2a529a-9a5a-11df-ae30-0026224c0318}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc2a529a-9a5a-11df-ae30-0026224c0318}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc2a529a-9a5a-11df-ae30-0026224c0318}\ not found.
File F:\setup_vmc_lite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc2a529c-9a5a-11df-ae30-0026224c0318}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc2a529c-9a5a-11df-ae30-0026224c0318}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc2a529c-9a5a-11df-ae30-0026224c0318}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc2a529c-9a5a-11df-ae30-0026224c0318}\ not found.
File F:\setup_vmc_lite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc2a52a6-9a5a-11df-ae30-0026224c0318}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc2a52a6-9a5a-11df-ae30-0026224c0318}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc2a52a6-9a5a-11df-ae30-0026224c0318}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc2a52a6-9a5a-11df-ae30-0026224c0318}\ not found.
File F:\setup_vmc_lite.exe not found.
Folder C:\ProgramData\1A68F993DF982149BDBB63DBF5A48779\ not found.
Folder C:\ProgramData\SysWoW32\ not found.
File C:\ProgramData\api-ms-win-core-handle-l1-1-032.dll not found.
File C:\Windows\System32\drivers\gxip.sys not found.
File C:\ProgramData\234881506 not found.
File C:\ProgramData\sl1338751068 not found.
File C:\ProgramData\774515406 not found.
File C:\ProgramData\unrar.exe not found.
File C:\Windows\System32\81030633 not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Toshiba
->Temp folder emptied: 262934 bytes
->Temporary Internet Files folder emptied: 365066 bytes
->Java cache emptied: 3729507 bytes
->FireFox cache emptied: 46900135 bytes
->Flash cache emptied: 156608 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5693642 bytes
RecycleBin emptied: 59462285 bytes

Total Files Cleaned = 111,00 mb


OTL by OldTimer - Version 3.2.17.2 log created on 11042010_001830

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 04.11.2010 18:54
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

speedy gon 04.11.2010 21:16
so ich habs gemacht das andere mache ich noch
kurze frage was mach ich eigentlich die ganze zeit

Combofix Logfile:
Code:
ComboFix 10-11-03.04 - Toshiba 04.11.2010  21:05:04.1.1 - x86
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.1913.853 [GMT 1:00]
ausgeführt von:: c:\users\Toshiba\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\hpe8F99.dll
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys

.
(((((((((((((((((((((((  Dateien erstellt von 2010-10-04 bis 2010-11-04  ))))))))))))))))))))))))))))))
.

2010-11-04 20:10 . 2010-11-04 20:10        --------        d-----w-        c:\users\Gast\AppData\Local\temp
2010-11-04 20:10 . 2010-11-04 20:10        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-11-04 14:53 . 2010-10-07 23:21        6146896        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A34B1C9-EA9A-4A18-8FB4-400D01510832}\mpengine.dll
2010-11-03 23:06 . 2010-11-03 23:06        --------        d-----w-        C:\_OTL
2010-11-03 18:20 . 2010-08-04 06:18        641536        ----a-w-        c:\windows\system32\CPFilters.dll
2010-11-03 18:20 . 2010-08-04 06:17        417792        ----a-w-        c:\windows\system32\msdri.dll
2010-11-03 18:20 . 2010-08-04 06:15        204288        ----a-w-        c:\windows\system32\MSNP.ax
2010-11-03 18:20 . 2010-08-04 06:15        199680        ----a-w-        c:\windows\system32\mpg2splt.ax
2010-11-03 18:20 . 2010-07-13 05:22        26504        ----a-w-        c:\windows\system32\drivers\Diskdump.sys
2010-11-03 17:28 . 2010-11-03 17:28        --------        d-----w-        c:\program files\Java
2010-11-03 14:04 . 2010-11-03 14:04        --------        d-----w-        c:\users\Toshiba\AppData\Roaming\Malwarebytes
2010-11-03 14:04 . 2010-04-29 14:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-03 14:04 . 2010-11-03 14:04        --------        d-----w-        c:\programdata\Malwarebytes
2010-11-03 14:04 . 2010-04-29 14:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-11-03 14:04 . 2010-11-03 14:04        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-10-31 20:01 . 2010-10-31 20:01        --------        d-----w-        c:\users\Toshiba\cdviewer
2010-10-20 20:28 . 2010-10-20 20:28        --------        d-----w-        c:\users\Toshiba\AppData\Local\Apple Computer
2010-10-20 20:24 . 2010-10-20 20:24        --------        d-----w-        c:\program files\Common Files\Apple
2010-10-20 20:24 . 2010-10-20 20:24        --------        d-----w-        c:\program files\Apple Software Update
2010-10-17 12:21 . 2010-10-17 12:33        --------        d-----w-        c:\users\Toshiba\AppData\Roaming\PhotoScape
2010-10-17 12:21 . 2010-10-17 12:21        --------        d-----w-        c:\program files\PhotoScape
2010-10-16 21:30 . 2010-10-16 21:30        --------        d-----w-        c:\program files\MSXML 4.0
2010-10-15 15:21 . 2010-10-15 15:21        --------        d-----w-        c:\programdata\WEBREG
2010-10-15 15:21 . 2010-10-15 15:25        --------        d-----w-        c:\users\Toshiba\AppData\Roaming\HP
2010-10-15 15:21 . 2010-10-15 15:21        --------        d-----w-        c:\users\Toshiba\AppData\Local\HP
2010-10-15 15:19 . 2009-04-20 10:23        315904        ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70w.dll
2010-10-15 15:16 . 2010-10-15 15:16        --------        d-----w-        c:\programdata\HP Product Assistant
2010-10-15 15:14 . 2010-10-15 15:14        --------        d-----w-        c:\program files\Common Files\HP
2010-10-15 15:13 . 2010-10-15 15:13        --------        d-----w-        c:\program files\Common Files\Hewlett-Packard
2010-10-15 15:13 . 2010-10-15 15:13        --------        d-----w-        c:\windows\hpoj4500g510a-f
2010-10-15 15:13 . 2009-05-18 21:33        372736        ----a-w-        c:\windows\system32\hppldcoi.dll
2010-10-15 15:13 . 2009-06-01 23:36        966656        ----a-w-        c:\windows\system32\hpwtiop6.dll
2010-10-15 15:13 . 2009-06-01 23:36        716288        ----a-w-        c:\windows\system32\hpwwiax7.dll
2010-10-15 15:13 . 2009-06-01 23:36        315392        ----a-w-        c:\windows\system32\hpwvst01.dll
2010-10-15 15:12 . 2009-06-01 23:35        452408        ----a-w-        c:\windows\system32\hpzids01.dll
2010-10-15 15:12 . 2009-04-20 10:23        123904        ----a-w-        c:\windows\system32\hpf3l70w.dll
2010-10-15 15:11 . 2010-10-15 15:17        --------        d-----w-        c:\program files\HP
2010-10-15 15:10 . 2010-10-15 15:21        --------        d-----w-        c:\programdata\HP
2010-10-14 06:07 . 2010-08-27 05:46        168448        ----a-w-        c:\windows\system32\srvsvc.dll
2010-10-14 06:07 . 2010-08-27 03:31        310784        ----a-w-        c:\windows\system32\drivers\srv.sys
2010-10-14 06:07 . 2010-08-27 03:30        308736        ----a-w-        c:\windows\system32\drivers\srv2.sys
2010-10-14 06:07 . 2010-08-27 03:30        113664        ----a-w-        c:\windows\system32\drivers\srvnet.sys
2010-10-14 06:07 . 2010-08-21 05:36        738816        ----a-w-        c:\windows\system32\wmpmde.dll
2010-10-14 06:07 . 2010-05-05 06:46        363520        ----a-w-        c:\windows\system32\StructuredQuery.dll
2010-10-10 19:17 . 2010-10-10 19:17        --------        d-----w-        c:\program files\Common Files\Adobe

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-03 17:28 . 2010-08-23 16:44        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2010-10-19 10:41 . 2010-06-11 15:54        222080        ------w-        c:\windows\system32\MpSigStub.exe
2010-09-08 23:38 . 2010-09-08 23:38        95024        ----a-w-        c:\windows\system32\drivers\SBREDrv.sys
2010-08-21 05:32 . 2010-09-15 05:44        316928        ----a-w-        c:\windows\system32\spoolsv.exe
2010-08-18 23:10 . 2010-08-18 23:10        4608        ----a-w-        c:\windows\system32\w95inf32.dll
2010-08-18 23:10 . 2010-08-18 23:10        2272        ----a-w-        c:\windows\system32\w95inf16.dll
2010-08-12 12:15 . 2010-09-08 23:38        64288        ----a-w-        c:\windows\system32\drivers\Lbd.sys
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2010-04-22 2285637]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 611672]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2010-05-11 1050072]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2009-08-06 466792]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2009-08-06 29528]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-08-13 521528]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-28 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-07-29 163840]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-07-30 134032]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-13 202256]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"COMODO"="c:\program files\COMODO\COMODO livePCsupport\CLPSLA.exe" [2010-10-14 210656]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]

c:\users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-16 136176]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-10-08 1357464]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 102912]
R3 netr73;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 171520]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-10-14 151440]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 379904]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 111960]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners

2010-11-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 19:26]

2010-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-16 19:59]

2010-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-16 19:59]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
FF - ProfilePath - c:\users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\1bw1cgqp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\Toshiba\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-MCODS
AddRemove-Switch - c:\program files\NCH Swift Sound\Switch\uninst.exe


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-11-04  21:12:45
ComboFix-quarantined-files.txt  2010-11-04 20:12

Vor Suchlauf: 10 Verzeichnis(se), 36.212.555.776 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 35.989.696.512 Bytes frei

- - End Of File - - D862955CAC3A1E64D7F9095000AB2D52
--- --- ---

cosinus 04.11.2010 21:31
Zitat:
kurze frage was mach ich eigentlich die ganze zeit
Wir analysieren und bereinigen ;)

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

speedy gon 04.11.2010 23:22
hier ist gmr
GMER Logfile:
Code:
GMER 1.0.15.15507 - hxxp://www.gmer.net
Rootkit scan 2010-11-04 23:13:13
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ FG01
Running: fixviujx.exe; Driver: C:\Users\Toshiba\AppData\Local\Temp\uwlyiaoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                    82E5A599 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                            82E7EF52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          C:\Windows\system32\DRIVERS\tos_sps32.sys                                                          section is writeable [0x88D7A000, 0x3C849, 0xE8000020]
.dsrt          C:\Windows\system32\DRIVERS\tos_sps32.sys                                                          unknown last section [0x88DBF000, 0x3DC, 0x48000040]

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                    [73BE2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]              [73BC5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]              [73BC56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                    [73BE250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]          [73BD8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]            [73BD4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]            [73BD50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]          [73BD51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]  [73BD66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]            [73BD82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]      [73BD8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]    [73BD907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]          [73BDE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]              [73BD4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                            Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004c                                                                  halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
--- --- ---


hier ist osam

GMER Logfile:
Code:
GMER 1.0.15.15507 - hxxp://www.gmer.net
Rootkit scan 2010-11-04 23:13:13
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ FG01
Running: fixviujx.exe; Driver: C:\Users\Toshiba\AppData\Local\Temp\uwlyiaoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                    82E5A599 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                            82E7EF52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          C:\Windows\system32\DRIVERS\tos_sps32.sys                                                          section is writeable [0x88D7A000, 0x3C849, 0xE8000020]
.dsrt          C:\Windows\system32\DRIVERS\tos_sps32.sys                                                          unknown last section [0x88DBF000, 0x3DC, 0x48000040]

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                    [73BE2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]              [73BC5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]              [73BC56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                    [73BE250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]          [73BD8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]            [73BD4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]            [73BD50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]          [73BD51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]  [73BD66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]            [73BD82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]      [73BD8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]    [73BD907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]          [73BDE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]              [73BD4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                            Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004c                                                                  halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
--- --- ---
und zum schluss noch mbr check

GMER Logfile:
Code:
GMER 1.0.15.15507 - hxxp://www.gmer.net
Rootkit scan 2010-11-04 23:13:13
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ FG01
Running: fixviujx.exe; Driver: C:\Users\Toshiba\AppData\Local\Temp\uwlyiaoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                    82E5A599 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                            82E7EF52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          C:\Windows\system32\DRIVERS\tos_sps32.sys                                                          section is writeable [0x88D7A000, 0x3C849, 0xE8000020]
.dsrt          C:\Windows\system32\DRIVERS\tos_sps32.sys                                                          unknown last section [0x88DBF000, 0x3DC, 0x48000040]

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                    [73BE2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]              [73BC5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]              [73BC56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                    [73BE250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]          [73BD8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]            [73BD4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]            [73BD50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]          [73BD51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]  [73BD66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]            [73BD82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]      [73BD8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]    [73BD907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]          [73BDE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]              [73BD4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                            Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004c                                                                  halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
--- --- ---
ich hoffe es ist alles so richtig

cosinus 05.11.2010 14:54
Du hast dreimal das GMER-Log gepostet :confused:

speedy gon 07.11.2010 01:48
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:18:17 on 04.11.2010

OS: Windows 7 Home Premium Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.12

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Toshiba\AppData\Local\Temp\catchme.sys  (File not found)
"Realtek IR Driver" (RtsUIR) - ? - C:\Windows\System32\DRIVERS\Rts516xIR.sys  (File not found)
"Realtek Smartcard Reader Driver" (USBCCID) - ? - C:\Windows\System32\DRIVERS\RtsUCcid.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File not found)
"uwlyiaoc" (uwlyiaoc) - ? - C:\Users\Toshiba\AppData\Local\Temp\uwlyiaoc.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} "PowerISO" - ? -  (File not found | COM-object registry key not found)
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -  (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"Software Informer" - "Informer Technologies, Inc." - "C:\Program Files\Software Informer\softinfo.exe" -autorun
"Sony Ericsson PC Suite" - "Sony Ericsson Mobile Communications AB" - "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
"SpybotSD TeaTimer" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"00TCrdMain" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"COMODO" - "COMODO" - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLA.exe
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"HWSetup" - "TOSHIBA Electronics, Inc." - "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
"KeNotify" - "TOSHIBA CORPORATION" - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
"Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"SmartFaceVWatcher" - "TOSHIBA Corporation" - %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
"SmoothView" - "TOSHIBA Corporation" - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"SVPWUTIL" - "TOSHIBA CORPORATION" - C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Toshiba Registration" - "Toshiba Europe GmbH" - C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
"Toshiba TEMPRO" - "Toshiba Europe GmbH" - C:\Program Files\Toshiba TEMPRO\TemproTray.exe
"ToshibaServiceStation" - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
"TosNC" - "TOSHIBA Corporation" - %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
"TosReelTimeMonitor" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
"TosSENotify" - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
"TPwrMain" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
"TWebCamera" - "TOSHIBA CORPORATION." - "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"COMODO livePCsupport Service" (CLPSLS) - "COMODO" - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
"ConfigFree Service" (ConfigFree Service) - "TOSHIBA CORPORATION" - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
"ConfigFree WiMAX Service" (cfWiMAXService) - "TOSHIBA CORPORATION" - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Notebook Performance Tuning Service (TEMPRO)" (TemproMonitoringService) - "Toshiba Europe GmbH" - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe  (File found, but it contains no detailed information)
"TMachInfo" (TMachInfo) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
"TOSHIBA HDD SSD Alert Service" (TOSHIBA HDD SSD Alert Service) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
"TOSHIBA Optical Disc Drive Service" (TODDSrv) - "TOSHIBA Corporation" - C:\Windows\system32\TODDSrv.exe
"TOSHIBA Power Saver" (TosCoSrv) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

so das is osam


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: TOSHIBA
System Manufacturer: TOSHIBA
System Product Name: Satellite L450
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 196):
0x82E17000 \SystemRoot\system32\ntkrnlpa.exe
0x83227000 \SystemRoot\system32\halmacpi.dll
0x80BB3000 \SystemRoot\system32\kdcom.dll
0x8841C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x88494000 \SystemRoot\system32\PSHED.dll
0x884A5000 \SystemRoot\system32\BOOTVID.dll
0x884AD000 \SystemRoot\system32\CLFS.SYS
0x884EF000 \SystemRoot\system32\CI.dll
0x88608000 \SystemRoot\system32\drivers\Wdf01000.sys
0x88679000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x88687000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x886CF000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x886D8000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x886E0000 \SystemRoot\system32\DRIVERS\pci.sys
0x8870A000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x88715000 \SystemRoot\System32\drivers\partmgr.sys
0x88726000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8872E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x88739000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x88749000 \SystemRoot\System32\drivers\volmgrx.sys
0x88794000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8879B000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x887A9000 \SystemRoot\System32\drivers\mountmgr.sys
0x88809000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x888E3000 \SystemRoot\system32\DRIVERS\atapi.sys
0x888EC000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8890F000 \SystemRoot\system32\DRIVERS\msahci.sys
0x88919000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x88922000 \SystemRoot\system32\drivers\fltmgr.sys
0x88956000 \SystemRoot\system32\drivers\fileinfo.sys
0x88A3A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88B69000 \SystemRoot\System32\Drivers\msrpc.sys
0x88B94000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88967000 \SystemRoot\System32\Drivers\cng.sys
0x88BA7000 \SystemRoot\System32\drivers\pcw.sys
0x88BB5000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x88C1B000 \SystemRoot\system32\drivers\ndis.sys
0x88CD2000 \SystemRoot\system32\drivers\NETIO.SYS
0x88D10000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x88D35000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x88D74000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x88D79000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
0x88DC0000 \SystemRoot\System32\Drivers\spldr.sys
0x88DC8000 \SystemRoot\System32\drivers\rdyboost.sys
0x88C00000 \SystemRoot\System32\Drivers\mup.sys
0x88C10000 \SystemRoot\System32\drivers\hwpolicy.sys
0x88BBE000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x88A00000 \SystemRoot\system32\DRIVERS\disk.sys
0x88A11000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8D8FD000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8D91C000 \SystemRoot\System32\Drivers\Null.SYS
0x8D923000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D92A000 \SystemRoot\System32\drivers\vga.sys
0x8D936000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D957000 \SystemRoot\System32\drivers\watchdog.sys
0x8D964000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D96C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D974000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8D97C000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D987000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D23D000 \SystemRoot\System32\drivers\tcpip.sys
0x8D386000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8D3B7000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D3CE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8D995000 \SystemRoot\system32\drivers\afd.sys
0x8D200000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D232000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8D3D9000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D9EF000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8D800000 \SystemRoot\system32\DRIVERS\netbios.sys
0x889C4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x889D7000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8D3F8000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x887BF000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x88DF5000 \SystemRoot\system32\drivers\nsiproxy.sys
0x889E7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x889F1000 \SystemRoot\System32\drivers\discache.sys
0x8859A000 \SystemRoot\System32\Drivers\dfsc.sys
0x885B2000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x885C0000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8E030000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8E231000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8E858000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E90F000 \SystemRoot\System32\drivers\dxgmms1.sys
0x8E948000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8E953000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E99E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E9AD000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E9CC000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x8E200000 \SystemRoot\system32\DRIVERS\LPCFilter.sys
0x8E20D000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x8E217000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8E051000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x8E05E000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8E070000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8E088000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8E093000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8E0B5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8E0CD000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8E0E4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8E0FB000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E108000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E229000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8E115000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E149000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E157000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E19B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9480D000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x94AA9000 \SystemRoot\system32\drivers\portcls.sys
0x94AD8000 \SystemRoot\system32\drivers\drmk.sys
0x94AF1000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x94B14000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x94B18000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x94B30000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x94B63000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x96160000 \SystemRoot\System32\win32k.sys
0x94B65000 \SystemRoot\System32\drivers\Dxapi.sys
0x94B6F000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8D80E000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x94B7C000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x94B8D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x94BA4000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x94BB8000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x94BC3000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x94BD0000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x94BF4000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
0x94800000 \SystemRoot\system32\DRIVERS\monitor.sys
0x82218000 \SystemRoot\system32\DRIVERS\RTL8187B.sys
0x8227E000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x963C0000 \SystemRoot\System32\TSDDD.dll
0x96000000 \SystemRoot\System32\cdd.dll
0x82288000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x82293000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x822A6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x822AD000 \SystemRoot\System32\Drivers\usbvideo.sys
0x822D1000 \SystemRoot\system32\DRIVERS\pgeffect.sys
0x822D7000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x822E2000 \SystemRoot\system32\drivers\luafv.sys
0x822FD000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x82312000 \SystemRoot\system32\drivers\WudfPf.sys
0x8232C000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8233C000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x82382000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x82392000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAA439000 \SystemRoot\system32\drivers\HTTP.sys
0xAA4BE000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAA4D7000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAA4E9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAA50C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAA547000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAA562000 \SystemRoot\system32\drivers\peauth.sys
0xAA400000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAA40A000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAA42B000 \SystemRoot\System32\drivers\tcpipreg.sys
0x823A5000 \SystemRoot\System32\DRIVERS\srv2.sys
0x8E1AC000 \SystemRoot\System32\DRIVERS\srv.sys
0x82200000 \??\C:\Users\Toshiba\AppData\Local\Temp\uwlyiaoc.sys
0x76DE0000 \Windows\System32\ntdll.dll
0x47CD0000 \Windows\System32\smss.exe
0x77020000 \Windows\System32\apisetschema.dll
0x00860000 \Windows\System32\autochk.exe
0x76FF0000 \Windows\System32\imm32.dll
0x76F60000 \Windows\System32\oleaut32.dll
0x76D10000 \Windows\System32\msctf.dll
0x76CB0000 \Windows\System32\shlwapi.dll
0x76F50000 \Windows\System32\normaliz.dll
0x76C60000 \Windows\System32\gdi32.dll
0x76B00000 \Windows\System32\ole32.dll
0x76AC0000 \Windows\System32\ws2_32.dll
0x768C0000 \Windows\System32\iertutil.dll
0x76F40000 \Windows\System32\nsi.dll
0x76810000 \Windows\System32\rpcrt4.dll
0x767E0000 \Windows\System32\imagehlp.dll
0x76740000 \Windows\System32\usp10.dll
0x76670000 \Windows\System32\user32.dll
0x764D0000 \Windows\System32\setupapi.dll
0x76F30000 \Windows\System32\lpk.dll
0x76450000 \Windows\System32\comdlg32.dll
0x76430000 \Windows\System32\sechost.dll
0x76F20000 \Windows\System32\psapi.dll
0x763D0000 \Windows\System32\difxapi.dll
0x76340000 \Windows\System32\clbcatq.dll
0x762A0000 \Windows\System32\advapi32.dll
0x76160000 \Windows\System32\urlmon.dll
0x75510000 \Windows\System32\shell32.dll
0x75430000 \Windows\System32\kernel32.dll
0x75380000 \Windows\System32\msvcrt.dll
0x75330000 \Windows\System32\Wldap32.dll
0x75230000 \Windows\System32\wininet.dll
0x75110000 \Windows\System32\crypt32.dll
0x75080000 \Windows\System32\comctl32.dll
0x75030000 \Windows\System32\KernelBase.dll
0x75010000 \Windows\System32\devobj.dll
0x74FE0000 \Windows\System32\cfgmgr32.dll
0x74FB0000 \Windows\System32\wintrust.dll
0x74FA0000 \Windows\System32\msasn1.dll

Processes (total 85):
0 System Idle Process
4 System
288 C:\Windows\System32\smss.exe
428 csrss.exe
468 C:\Windows\System32\wininit.exe
476 csrss.exe
532 C:\Windows\System32\winlogon.exe
552 C:\Windows\System32\services.exe
560 C:\Windows\System32\lsass.exe
568 C:\Windows\System32\lsm.exe
700 C:\Windows\System32\svchost.exe
776 C:\Program Files\Comodo\COMODO livePCsupport\CLPSLS.exe
800 C:\Windows\System32\svchost.exe
848 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\svchost.exe
1240 C:\Windows\System32\svchost.exe
1344 C:\Windows\System32\dwm.exe
1356 C:\Windows\explorer.exe
1532 C:\Windows\System32\spoolsv.exe
1600 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1616 C:\Windows\System32\taskhost.exe
1652 C:\Windows\System32\svchost.exe
1892 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1940 C:\Windows\System32\svchost.exe
2000 C:\Windows\System32\svchost.exe
264 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
312 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
344 C:\Windows\System32\conhost.exe
632 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\svchost.exe
1576 C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
436 C:\Windows\System32\TODDSrv.exe
1324 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
2100 C:\Windows\System32\svchost.exe
2164 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2764 C:\Windows\System32\SearchIndexer.exe
2836 C:\Windows\System32\svchost.exe
3308 C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
3344 C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
3420 C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
3524 C:\Windows\System32\hkcmd.exe
3532 C:\Windows\System32\igfxpers.exe
3548 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
3556 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
3584 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
3652 C:\Windows\System32\igfxsrvc.exe
3684 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
3728 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3744 C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
3820 C:\Program Files\Windows Media Player\wmpnetwk.exe
3900 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
4020 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
4056 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
4072 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2668 C:\Windows\WindowsMobile\wmdcBase.exe
3264 C:\Windows\System32\svchost.exe
3284 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
3624 C:\Windows\System32\igfxext.exe
3440 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4008 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2656 WmiPrvSE.exe
4208 C:\Windows\System32\svchost.exe
5868 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
5936 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
6124 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
4068 C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
5740 C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
5836 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
2820 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
6000 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
3404 C:\Users\Toshiba\Downloads\fixviujx.exe
5856 C:\Windows\System32\audiodg.exe
4168 C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
6048 C:\Program Files\Mozilla Firefox\firefox.exe
4100 C:\Windows\System32\taskeng.exe
3040 C:\Windows\System32\notepad.exe
1440 C:\Windows\System32\notepad.exe
4436 C:\Windows\System32\SearchProtocolHost.exe
4108 C:\Windows\System32\SearchFilterHost.exe
5248 dllhost.exe
5352 dllhost.exe
5408 C:\Users\Toshiba\Downloads\MBRCheck.exe
2412 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`19100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000012`a7100000 (NTFS)

PhysicalDrive0 Model Number: <error opening>

Size Device Name MBR Status
--------------------------------------------
ERROR Opening: \\.\PhysicalDrive0 (32)


Done!


das ist der mbr check
das andere such ich noch

speedy gon 07.11.2010 01:55
so da sind sie alle

GMER Logfile:
Code:
GMER 1.0.15.15507 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-11-04 23:13:13
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ FG01
Running: fixviujx.exe; Driver: C:\Users\Toshiba\AppData\Local\Temp\uwlyiaoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                    82E5A599 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                            82E7EF52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          C:\Windows\system32\DRIVERS\tos_sps32.sys                                                          section is writeable [0x88D7A000, 0x3C849, 0xE8000020]
.dsrt          C:\Windows\system32\DRIVERS\tos_sps32.sys                                                          unknown last section [0x88DBF000, 0x3DC, 0x48000040]

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                    [73BE2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]              [73BC5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]              [73BC56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                    [73BE250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]          [73BD8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]            [73BD4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]            [73BD50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]          [73BD51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]  [73BD66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]            [73BD82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]      [73BD8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]    [73BD907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]          [73BDE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]              [73BD4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                            Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004c                                                                  halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
--- --- ---


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:55 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19