Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Nach Windows-Recovery (?) Befall und Entfernen via Malware schwarzer Hintergrund und alle Daten weg (https://www.trojaner-board.de/97055-windows-recovery-befall-entfernen-via-malware-schwarzer-hintergrund-alle-daten-weg.html)

panther77 02.04.2011 01:54
Nach Windows-Recovery (?) Befall und Entfernen via Malware schwarzer Hintergrund und alle Daten weg
 
Hallo!

Ich bin neu im Forum und bin für jede Hilfe wirklich sehr dankbar! V.a. da meine Frau mich beschuldigt, dass ich alle unsere Bilder zerstört habe...:rolleyes:

Ich hatte heute diverse Fehlermeldungen (no hard disk found etc.) und die Aufforderungen, Fehler über ein 69 EUR-Programm zu lösen (ich habe es nicht gekauft, die laut google auf einen Befall mit Windows-Recovery hindeuteten.

Über die aktuelle Version von Malware sind sechs Schädlinge gefunden worden, ich habe alle gelöscht und habe in meiner dummen laienhaften Sicht gedacht, damit ist alles erledigt (habe auch kein Scan insoweit, oder kann ich das noch aufrufen?).

Ich habe dann auch nach Lektüre hier im Forum einen Olt-Scan durchgeführt.

Das Ergebnis ist nachfolgend gepostet: (Was kann ich tun??Bin leider echt Laie! Bitte gebt mir Bescheid, wenn Infos fehlen!!!!! Danke im Voraus Euer panther77)OTL Logfile:
Code:
OTL logfile created on: 02.04.2011 02:27:20 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\toshiba\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,41 Gb Total Space | 68,04 Gb Free Space | 45,54% Space Free | Partition Type: NTFS
Drive D: | 148,28 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: NTFS
 
Computer Name: TOSHIBA-TOSH | User Name: toshiba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.04.02 02:26:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\toshiba\Desktop\OTL.exe
PRC - [2011.02.23 17:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2011.02.23 17:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2010.12.23 08:57:02 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.02 22:06:13 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.02 22:06:13 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.27 02:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.09.03 16:06:32 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009.07.28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009.07.21 22:40:40 | 000,083,336 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2009.07.14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.02 02:26:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\toshiba\Desktop\OTL.exe
MOD - [2011.02.23 17:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\snxhk.dll
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.02.23 17:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009.08.27 14:38:22 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009.08.05 15:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009.08.04 12:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009.08.03 19:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009.07.28 16:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009.07.08 10:41:02 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV - [2010.12.23 08:57:02 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.11.02 22:06:13 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.08.26 01:30:38 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2009.08.17 11:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009.08.10 20:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009.07.30 06:20:36 | 000,192,368 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009.07.14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.02.23 16:55:05 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010.12.06 16:34:57 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2009.08.27 09:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.08.26 19:11:12 | 000,942,080 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009.08.10 12:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.07.30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009.07.27 16:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009.07.14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 23:12:36 | 000,019,824 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009.07.10 07:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2009.06.29 17:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009.06.29 11:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009.06.23 02:28:22 | 000,684,544 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009.06.22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009.06.19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009.06.15 14:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.29 19:54:14 | 000,269,360 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
 
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.03.20 17:02:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.06 15:38:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.06 15:38:12 | 000,000,000 | ---D | M]
 
[2010.05.14 15:34:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\toshiba\AppData\Roaming\mozilla\Extensions
[2011.03.28 19:57:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\toshiba\AppData\Roaming\mozilla\Firefox\Profiles\eaysdyql.default\extensions
[2010.12.16 20:00:19 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\toshiba\AppData\Roaming\mozilla\Firefox\Profiles\eaysdyql.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.07.13 21:39:30 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\toshiba\AppData\Roaming\mozilla\Firefox\Profiles\eaysdyql.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.12.16 20:00:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.12.14 19:53:00 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.03.20 17:02:49 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010.10.17 21:25:27 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.17 21:25:27 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.17 21:25:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.17 21:25:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.17 21:25:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll ()
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll ()
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [ConexantAudioPatch] C:\Programme\ConexantAudioPatch\AudioReset.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Windows\TosVolRegulator_x64.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\toshiba\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\toshiba\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.59.247.45 208.59.247.46
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d2d12052-1354-11e0-9d49-00269e805a69}\Shell - "" = AutoRun
O33 - MountPoints2\{d2d12052-1354-11e0-9d49-00269e805a69}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.02 02:26:09 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\toshiba\Desktop\OTL.exe
[2011.04.02 00:51:29 | 000,000,000 | -H-D | C] -- C:\Users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Repair
[2011.03.28 20:11:37 | 000,000,000 | -H-D | C] -- C:\Users\toshiba\Desktop\RW
[2011.03.28 19:54:50 | 000,000,000 | -H-D | C] -- C:\Users\toshiba\Desktop\EBWLEVWL
[2011.03.23 03:16:03 | 000,000,000 | -H-D | C] -- C:\Users\toshiba\Desktop\bilder jojo
[2011.03.20 17:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.03.20 17:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011.03.20 17:03:09 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011.03.20 17:03:07 | 000,280,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011.03.20 17:03:02 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011.03.20 17:03:00 | 000,505,176 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011.03.20 17:03:00 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011.03.20 17:02:59 | 000,238,968 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011.03.20 17:02:59 | 000,064,344 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011.03.20 17:02:42 | 000,040,648 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.03.20 17:02:41 | 000,190,016 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011.03.20 17:02:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\AVAST Software
[2011.03.20 17:02:37 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software
[2011.03.20 16:30:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\mNjIjGb24512
[2011.03.16 23:52:47 | 000,000,000 | -H-D | C] -- C:\Users\toshiba\Desktop\Verhalten in Organisationen
[2011.03.09 14:19:28 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.03.09 14:19:28 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011.03.09 14:19:27 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011.03.09 14:19:27 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011.03.09 14:19:26 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011.03.09 14:19:26 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011.03.09 14:19:26 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011.03.09 14:19:26 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011.03.09 14:19:25 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011.03.09 14:19:25 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011.03.09 14:19:25 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011.03.09 14:19:25 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011.03.09 14:19:23 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2011.03.09 14:19:23 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011.03.09 14:19:22 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2011.03.09 14:19:22 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.02 02:26:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\toshiba\Desktop\OTL.exe
[2011.04.02 02:26:09 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.02 02:26:09 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.02 02:18:46 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.02 02:18:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.02 02:18:26 | 3092,987,904 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.02 02:09:25 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.02 02:08:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.02 00:51:56 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~47898376r
[2011.04.02 00:51:56 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~47898376
[2011.04.02 00:51:29 | 000,000,634 | -H-- | M] () -- C:\Users\toshiba\Desktop\Windows Repair.lnk
[2011.04.02 00:51:25 | 000,000,344 | -H-- | M] () -- C:\ProgramData\47898376
[2011.04.01 16:59:16 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.04.01 16:59:16 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.04.01 16:59:16 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.04.01 16:59:16 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.04.01 16:59:15 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.03.27 21:09:06 | 000,002,311 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.03.20 17:03:10 | 000,001,848 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.03.20 17:02:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.02 02:09:25 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.02 00:51:56 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~47898376r
[2011.04.02 00:51:55 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~47898376
[2011.04.02 00:51:29 | 000,000,634 | -H-- | C] () -- C:\Users\toshiba\Desktop\Windows Repair.lnk
[2011.04.02 00:51:25 | 000,000,344 | -H-- | C] () -- C:\ProgramData\47898376
[2011.03.20 17:04:26 | 000,002,311 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.03.20 17:03:20 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.03.20 17:03:18 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.03.20 17:03:10 | 000,001,848 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.03.20 17:02:59 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010.12.14 19:57:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.06 21:43:39 | 000,019,557 | -H-- | C] () -- C:\Users\toshiba\AppData\Roaming\mdbu.bin
[2010.03.12 17:48:27 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009.08.27 09:05:12 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009.08.27 09:05:12 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.08.27 09:05:12 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.08.27 09:05:12 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
< End of report >
--- --- ---

cosinus 03.04.2011 15:03
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

panther77 03.04.2011 17:40
Hallo!

In dem Reiter Logdateien habe ich die vier anliegenden txt-Logs...

Bitte Bescheid geben, wenn noch irgendetwas fehlt!

Herzlichen Dank im Voraus und VG

panther77:dankeschoen:

cosinus 03.04.2011 17:50
Zitat:
Art des Suchlaufs: Quick-Scan
Datenbank Version: 6242
Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

panther77 07.04.2011 00:54
Hallo,

habe Malware aktualisiert und einen Vollscan durchgeführt. Ohne Ergebnis. Vgl.

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6291

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

07.04.2011 01:01:34
mbam-log-2011-04-07 (01-01-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 299123
Laufzeit: 37 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)




Außer dem und den vorigen vier (vgl. oben) habe ich sonst nichts bei Malwarebytes. Dafür hat AntiVir (das ich für den vollscan dann deaktiviert habe) heute zwei Dinger gefunden:

- In der Datei 'C:\Users\toshiba\AppData\Local\Temp\InternetExplorerUpdate.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.17283.3' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

- In der Datei 'C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{E4F60494-1557-EEF4-B3F2-31330AD481C9}-mNjIjGb24512.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Dldr.FraudLoad.yzzq' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

Soll ich die Trojaner über Antivir löschen?

Antivir ist weiter deaktiviert.

Danke im Voraus für einen Tipp, was ich tun soll. Wenn noch etwas fehlt, bitte melden.

P.S.1
Ich bekomme seit längerem auch immer wieder die Fehlermeldung "es steht wenig Speicherplatz zur Verfügung", ohne dass ich mir dies erklären kann.

cosinus 07.04.2011 09:56
Zitat:
PRC - [2011.02.23 17:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2011.02.23 17:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2010.12.23 08:57:02 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.02 22:06:13 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.02 22:06:13 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.27 02:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
NIEMALS Mehrere Virenscanner wie McAfee, Avast oder AntiVir parallel installieren! Nutze nur einen!!
Deinstalliere also alle bis auf einen. Ich würde dir vorschlagen, du deinstallierst McAfee und Avast, dann gehts weiter mit OTL (erst einen Windows-Neustart machen)


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
[2011.04.02 00:51:56 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~47898376r
[2011.04.02 00:51:55 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~47898376
[2011.04.02 00:51:29 | 000,000,634 | -H-- | C] () -- C:\Users\toshiba\Desktop\Windows Repair.lnk
[2011.04.02 00:51:25 | 000,000,344 | -H-- | C] () -- C:\ProgramData\47898376
[2011.04.02 00:51:56 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~47898376r
[2011.04.02 00:51:56 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~47898376
[2011.04.02 00:51:29 | 000,000,634 | -H-- | M] () -- C:\Users\toshiba\Desktop\Windows Repair.lnk
[2011.04.02 00:51:25 | 000,000,344 | -H-- | M] () -- C:\ProgramData\47898376
[2011.03.20 16:30:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\mNjIjGb24512
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d2d12052-1354-11e0-9d49-00269e805a69}\Shell - "" = AutoRun
O33 - MountPoints2\{d2d12052-1354-11e0-9d49-00269e805a69}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

panther77 07.04.2011 23:58
Habe alles so durchgeführt...

ll processes killed
========== OTL ==========
C:\ProgramData\~47898376r moved successfully.
C:\ProgramData\~47898376 moved successfully.
C:\Users\toshiba\Desktop\Windows Repair.lnk moved successfully.
C:\ProgramData\47898376 moved successfully.
File C:\ProgramData\~47898376r not found.
File C:\ProgramData\~47898376 not found.
File C:\Users\toshiba\Desktop\Windows Repair.lnk not found.
File C:\ProgramData\47898376 not found.
Folder C:\ProgramData\mNjIjGb24512\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2d12052-1354-11e0-9d49-00269e805a69}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2d12052-1354-11e0-9d49-00269e805a69}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2d12052-1354-11e0-9d49-00269e805a69}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2d12052-1354-11e0-9d49-00269e805a69}\ not found.
File E:\LaunchU3.exe -a not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41044 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: toshiba
->Temp folder emptied: 204917905 bytes
->Temporary Internet Files folder emptied: 443608361 bytes
->Java cache emptied: 894491 bytes
->FireFox cache emptied: 54670076 bytes
->Google Chrome cache emptied: 11504287 bytes
->Flash cache emptied: 124493 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1011595438 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.647,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04082011_004424

Files\Folders moved on Reboot...
C:\Users\toshiba\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\toshiba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VF2XMYPH\search[1].htm moved successfully.
C:\Users\toshiba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UXS9N7VN\ads[2].htm moved successfully.
C:\Users\toshiba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AIQG6H52\ads[3].htm moved successfully.
C:\Users\toshiba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ADNQ27Y0\ads[1].htm moved successfully.
C:\Users\toshiba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\87Y4RWF0\97055-nach-windows-recovery-befall-und-entfernen-via-malware-schwarzer-hintergrund-und-alle-daten-weg[1].html moved successfully.
C:\Users\toshiba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\toshiba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...


Das war der Bericht. Leider ist der Bildschirm immer noch schwarz und ich finde immer noch keine Daten...Was tun???? Danke!!!

cosinus 08.04.2011 05:26
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.

Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern)

Wir sind danach aber noch nicht durch, sag erstmal Bescheid wenn unihide deine Daten wieder sichtbar gemacht hat.

panther77 08.04.2011 23:44
Juhu, es ist alles wieder sichtbar!!!!! Vielen Dank!!! Super!!!!

Was soll ich jetzt noch tun?

VG

cosinus 09.04.2011 14:30
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

panther77 10.04.2011 20:08
Hallo. Habe ich gemacht - ich glaube es ist alles i.O.!?!

Gefunden wurde nichts ("no threats"). Hier der Bericht:

2011/04/10 21:05:18.0464 3344 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/10 21:05:18.0542 3344 ================================================================================
2011/04/10 21:05:18.0542 3344 SystemInfo:
2011/04/10 21:05:18.0542 3344
2011/04/10 21:05:18.0542 3344 OS Version: 6.1.7600 ServicePack: 0.0
2011/04/10 21:05:18.0542 3344 Product type: Workstation
2011/04/10 21:05:18.0542 3344 ComputerName: TOSHIBA-TOSH
2011/04/10 21:05:18.0542 3344 UserName: toshiba
2011/04/10 21:05:18.0542 3344 Windows directory: C:\Windows
2011/04/10 21:05:18.0542 3344 System windows directory: C:\Windows
2011/04/10 21:05:18.0542 3344 Running under WOW64
2011/04/10 21:05:18.0542 3344 Processor architecture: Intel x64
2011/04/10 21:05:18.0542 3344 Number of processors: 2
2011/04/10 21:05:18.0542 3344 Page size: 0x1000
2011/04/10 21:05:18.0542 3344 Boot type: Normal boot
2011/04/10 21:05:18.0542 3344 ================================================================================
2011/04/10 21:05:18.0932 3344 Initialize success
2011/04/10 21:05:24.0220 2332 ================================================================================
2011/04/10 21:05:24.0220 2332 Scan started
2011/04/10 21:05:24.0220 2332 Mode: Manual;
2011/04/10 21:05:24.0220 2332 ================================================================================
2011/04/10 21:05:25.0968 2332 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/10 21:05:26.0014 2332 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/10 21:05:26.0124 2332 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/10 21:05:26.0295 2332 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/10 21:05:26.0420 2332 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/10 21:05:26.0467 2332 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/10 21:05:26.0592 2332 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/04/10 21:05:26.0716 2332 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/10 21:05:26.0872 2332 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/10 21:05:26.0919 2332 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/10 21:05:27.0028 2332 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/10 21:05:27.0060 2332 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/10 21:05:27.0169 2332 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/10 21:05:27.0294 2332 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/10 21:05:27.0325 2332 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/10 21:05:27.0481 2332 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/04/10 21:05:27.0621 2332 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/04/10 21:05:27.0746 2332 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/10 21:05:27.0777 2332 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/10 21:05:27.0886 2332 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/10 21:05:27.0996 2332 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/10 21:05:28.0027 2332 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/10 21:05:28.0183 2332 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/04/10 21:05:28.0323 2332 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/04/10 21:05:28.0448 2332 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/04/10 21:05:28.0573 2332 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/10 21:05:28.0729 2332 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/10 21:05:28.0807 2332 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/10 21:05:28.0885 2332 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/10 21:05:28.0932 2332 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/04/10 21:05:29.0041 2332 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/10 21:05:29.0072 2332 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/10 21:05:29.0166 2332 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/10 21:05:29.0197 2332 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/10 21:05:29.0337 2332 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/10 21:05:29.0462 2332 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/10 21:05:29.0602 2332 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/10 21:05:29.0649 2332 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/04/10 21:05:29.0821 2332 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/10 21:05:29.0852 2332 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/10 21:05:29.0961 2332 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/04/10 21:05:30.0102 2332 CnxtHdAudService (3cb10294f7a59fd22501f4bad915f250) C:\Windows\system32\drivers\CHDRT64.sys
2011/04/10 21:05:30.0226 2332 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/10 21:05:30.0351 2332 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/10 21:05:30.0414 2332 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/10 21:05:30.0570 2332 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/04/10 21:05:30.0679 2332 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/04/10 21:05:30.0757 2332 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/04/10 21:05:30.0897 2332 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/04/10 21:05:31.0038 2332 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/10 21:05:31.0225 2332 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/04/10 21:05:31.0474 2332 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/10 21:05:31.0599 2332 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/10 21:05:31.0740 2332 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/04/10 21:05:31.0771 2332 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/04/10 21:05:31.0911 2332 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/10 21:05:32.0036 2332 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/04/10 21:05:32.0067 2332 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/04/10 21:05:32.0176 2332 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/10 21:05:32.0208 2332 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/04/10 21:05:32.0348 2332 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/04/10 21:05:32.0410 2332 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/10 21:05:32.0520 2332 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/10 21:05:32.0598 2332 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/10 21:05:32.0707 2332 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/10 21:05:32.0785 2332 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/04/10 21:05:32.0878 2332 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/10 21:05:32.0941 2332 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/10 21:05:33.0003 2332 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/10 21:05:33.0034 2332 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/10 21:05:33.0175 2332 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/10 21:05:33.0237 2332 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/10 21:05:33.0284 2332 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/04/10 21:05:33.0409 2332 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/10 21:05:33.0440 2332 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/10 21:05:33.0549 2332 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
2011/04/10 21:05:33.0612 2332 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/10 21:05:33.0924 2332 igfx (3c3f27002abc69c5afe29cbe6cf7addf) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/04/10 21:05:34.0204 2332 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/10 21:05:34.0345 2332 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
2011/04/10 21:05:34.0407 2332 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/10 21:05:34.0516 2332 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/10 21:05:34.0641 2332 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/10 21:05:34.0672 2332 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/10 21:05:34.0704 2332 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/04/10 21:05:34.0828 2332 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/04/10 21:05:34.0875 2332 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/10 21:05:34.0984 2332 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/10 21:05:35.0031 2332 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/10 21:05:35.0125 2332 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/10 21:05:35.0156 2332 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/10 21:05:35.0203 2332 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/10 21:05:35.0250 2332 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/04/10 21:05:35.0374 2332 L1C (2377ec4cc3e356655b996f39b43486b6) C:\Windows\system32\DRIVERS\L1C62x64.sys
2011/04/10 21:05:35.0468 2332 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/10 21:05:35.0577 2332 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/10 21:05:35.0624 2332 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/10 21:05:35.0655 2332 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/10 21:05:35.0686 2332 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/10 21:05:35.0764 2332 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/04/10 21:05:35.0827 2332 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/10 21:05:35.0858 2332 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/10 21:05:35.0936 2332 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/04/10 21:05:36.0014 2332 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/10 21:05:36.0045 2332 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/10 21:05:36.0123 2332 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/10 21:05:36.0170 2332 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/04/10 21:05:36.0201 2332 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/10 21:05:36.0264 2332 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/10 21:05:36.0310 2332 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/10 21:05:36.0373 2332 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/10 21:05:36.0435 2332 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/10 21:05:36.0513 2332 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/10 21:05:36.0576 2332 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/10 21:05:36.0622 2332 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/10 21:05:36.0747 2332 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/04/10 21:05:36.0810 2332 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/10 21:05:36.0856 2332 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/10 21:05:36.0966 2332 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/10 21:05:36.0997 2332 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/10 21:05:37.0012 2332 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/04/10 21:05:37.0044 2332 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/04/10 21:05:37.0090 2332 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/10 21:05:37.0184 2332 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/04/10 21:05:37.0231 2332 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/10 21:05:37.0262 2332 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/04/10 21:05:37.0371 2332 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/10 21:05:37.0465 2332 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/04/10 21:05:37.0558 2332 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/10 21:05:37.0605 2332 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/10 21:05:37.0699 2332 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/10 21:05:37.0714 2332 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/10 21:05:37.0761 2332 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/04/10 21:05:37.0808 2332 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/10 21:05:37.0839 2332 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/10 21:05:37.0964 2332 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/10 21:05:38.0011 2332 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/04/10 21:05:38.0042 2332 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/10 21:05:38.0151 2332 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/04/10 21:05:38.0307 2332 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/04/10 21:05:38.0338 2332 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/10 21:05:38.0370 2332 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/10 21:05:38.0432 2332 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/10 21:05:38.0510 2332 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/10 21:05:38.0588 2332 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/04/10 21:05:38.0619 2332 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/04/10 21:05:38.0682 2332 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/04/10 21:05:38.0744 2332 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/10 21:05:38.0806 2332 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/10 21:05:38.0853 2332 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/04/10 21:05:38.0931 2332 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/04/10 21:05:39.0103 2332 PGEffect (663962900e7fea522126ba287715bb4a) C:\Windows\system32\DRIVERS\pgeffect.sys
2011/04/10 21:05:39.0259 2332 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/10 21:05:39.0306 2332 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/04/10 21:05:39.0430 2332 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/10 21:05:39.0508 2332 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\Windows\system32\DRIVERS\QIOMem.sys
2011/04/10 21:05:39.0602 2332 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/10 21:05:39.0727 2332 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/10 21:05:39.0789 2332 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/10 21:05:39.0805 2332 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/10 21:05:39.0914 2332 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/10 21:05:39.0976 2332 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/10 21:05:40.0086 2332 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/10 21:05:40.0101 2332 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/10 21:05:40.0132 2332 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/10 21:05:40.0179 2332 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/10 21:05:40.0210 2332 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/10 21:05:40.0304 2332 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/10 21:05:40.0351 2332 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/10 21:05:40.0382 2332 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/04/10 21:05:40.0476 2332 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/04/10 21:05:40.0569 2332 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/10 21:05:40.0663 2332 RSUSBSTOR (fb39af63d6617f028ba0ebc21b83360d) C:\Windows\system32\Drivers\RtsUStor.sys
2011/04/10 21:05:40.0772 2332 rtl8192se (a9ede191b5478d18f0a1bff3b822f7a5) C:\Windows\system32\DRIVERS\rtl8192se.sys
2011/04/10 21:05:40.0897 2332 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/10 21:05:40.0959 2332 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/10 21:05:41.0068 2332 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/04/10 21:05:41.0131 2332 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/10 21:05:41.0178 2332 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/04/10 21:05:41.0209 2332 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/10 21:05:41.0271 2332 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/10 21:05:41.0287 2332 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/10 21:05:41.0318 2332 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/10 21:05:41.0349 2332 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/10 21:05:41.0380 2332 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/10 21:05:41.0412 2332 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/10 21:05:41.0505 2332 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/04/10 21:05:41.0583 2332 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/04/10 21:05:41.0692 2332 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/04/10 21:05:41.0802 2332 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/10 21:05:41.0848 2332 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/10 21:05:41.0973 2332 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/10 21:05:42.0020 2332 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/10 21:05:42.0145 2332 SynTP (d58927ae176da3cc400e2c1d2f441ec3) C:\Windows\system32\DRIVERS\SynTP.sys
2011/04/10 21:05:42.0332 2332 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/04/10 21:05:42.0504 2332 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/10 21:05:42.0628 2332 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/10 21:05:42.0769 2332 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/04/10 21:05:42.0816 2332 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/04/10 21:05:42.0909 2332 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/04/10 21:05:42.0972 2332 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/10 21:05:43.0081 2332 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/10 21:05:43.0221 2332 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\Windows\system32\DRIVERS\thpdrv.sys
2011/04/10 21:05:43.0252 2332 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\Windows\system32\DRIVERS\Thpevm.SYS
2011/04/10 21:05:43.0440 2332 tosrfec (11699d47b3491d86249c168496d55c92) C:\Windows\system32\DRIVERS\tosrfec.sys
2011/04/10 21:05:43.0518 2332 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/10 21:05:43.0642 2332 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/10 21:05:43.0720 2332 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/04/10 21:05:43.0798 2332 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\Windows\system32\DRIVERS\TVALZFL.sys
2011/04/10 21:05:43.0830 2332 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/10 21:05:43.0939 2332 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/10 21:05:44.0032 2332 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/10 21:05:44.0110 2332 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/10 21:05:44.0142 2332 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/10 21:05:44.0173 2332 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/10 21:05:44.0235 2332 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/10 21:05:44.0266 2332 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/10 21:05:44.0360 2332 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/10 21:05:44.0407 2332 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/10 21:05:44.0438 2332 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/10 21:05:44.0547 2332 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/10 21:05:44.0594 2332 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/10 21:05:44.0734 2332 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/04/10 21:05:44.0875 2332 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/10 21:05:44.0937 2332 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/10 21:05:44.0984 2332 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/04/10 21:05:45.0078 2332 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/10 21:05:45.0109 2332 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/10 21:05:45.0156 2332 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/10 21:05:45.0187 2332 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/04/10 21:05:45.0296 2332 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/10 21:05:45.0343 2332 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/10 21:05:45.0452 2332 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/04/10 21:05:45.0499 2332 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/04/10 21:05:45.0546 2332 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/10 21:05:45.0655 2332 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/10 21:05:45.0670 2332 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/10 21:05:45.0764 2332 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/04/10 21:05:45.0858 2332 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/10 21:05:46.0045 2332 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/10 21:05:46.0076 2332 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/04/10 21:05:46.0232 2332 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/10 21:05:46.0326 2332 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/10 21:05:46.0435 2332 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/04/10 21:05:46.0497 2332 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/10 21:05:46.0591 2332 ================================================================================
2011/04/10 21:05:46.0591 2332 Scan finished
2011/04/10 21:05:46.0591 2332 ================================================================================

cosinus 10.04.2011 20:11
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

panther77 11.04.2011 02:05
Hallo und Danke!. Leider hab ich das mit dem Umbennen nicht hingekriegt - CoFi ist direkt durchgelaufen...hoffe, das macht nichts. Hier jedenfalls der Bericht:

Combofix Logfile:
Code:
ComboFix 11-04-10.01 - toshiba 11.04.2011  2:27.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3933.2623 [GMT 2:00]
ausgeführt von:: c:\users\toshiba\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Repair
c:\users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Repair\Uninstall Windows Repair.lnk
c:\users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Repair\Windows Repair.lnk
D:\install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-03-11 bis 2011-04-11  ))))))))))))))))))))))))))))))
.
.
2011-04-11 00:37 . 2011-04-11 00:37        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-04-08 10:56 . 2011-03-15 05:17        8424784        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{68222DFE-41C9-4187-A29B-422C2F1A4D84}\mpengine.dll
2011-04-07 22:44 . 2011-04-07 22:44        --------        d-----w-        C:\_OTL
2011-03-20 15:02 . 2011-02-23 15:04        40648        ----a-w-        c:\windows\avastSS.scr
2011-03-20 15:02 . 2011-02-23 15:04        190016        ----a-w-        c:\windows\SysWow64\aswBoot.exe
2011-03-20 15:02 . 2011-04-07 22:39        --------        d-----w-        c:\program files\AVAST Software
2011-03-20 15:02 . 2011-03-20 15:02        --------        d-----w-        c:\programdata\AVAST Software
2011-03-20 14:30 . 2011-03-20 16:02        --------        d-----w-        c:\programdata\mNjIjGb24512
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-19 06:37 . 2011-03-09 12:19        1135104        ----a-w-        c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 12:19        1540608        ----a-w-        c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 12:19        902656        ----a-w-        c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-09 12:19        1074176        ----a-w-        c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 12:19        739840        ----a-w-        c:\windows\SysWow64\d2d1.dll
2011-02-02 17:11 . 2010-07-13 18:19        270720        ------w-        c:\windows\system32\MpSigStub.exe
2011-01-26 06:53 . 2011-02-09 21:43        982912        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:53 . 2011-02-09 21:43        265088        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:31 . 2011-02-09 21:43        144384        ----a-w-        c:\windows\system32\cdd.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 09:08        2393184        ----a-w-        c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-28 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe autorun" [X]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2009-09-21 305440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
c:\users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-21 135664]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-08-25 116104]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-21 17:03]
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-21 17:03]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2009-08-25 1050000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-20 503864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-05-29 1794856]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 709976]
"TosVolRegulator"="c:\windows\TosVolRegulator_x64.exe" [2009-09-04 47928]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-08-25 134032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\toshiba\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\eaysdyql.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SmartFaceVWatcher - %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-Teco - %ProgramFiles%\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-ConexantAudioPatch - %ProgramFiles%\ConexantAudioPatch\Audioreset.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-04-11  03:00:20
ComboFix-quarantined-files.txt  2011-04-11 01:00
.
Vor Suchlauf: 12 Verzeichnis(se), 89.329.668.096 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 88.739.172.352 Bytes frei
.
- - End Of File - - D1FDD0D8A560CF14728CEE3BCA6B0716
--- --- ---

cosinus 11.04.2011 12:19
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Folder::
c:\programdata\mNjIjGb24512
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

panther77 13.04.2011 12:35
Hallo! Hier noch die Logdatei...

Danke und Gruß!!

Combofix Logfile:
Code:
ComboFix 11-04-12.01 - toshiba 13.04.2011  4:54.3.2 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3933.2762 [GMT 2:00]
ausgeführt von:: c:\users\toshiba\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\toshiba\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\programdata\Adobe Systems
c:\programdata\Adobe Systems\Product licenses\B2B86000.dat
c:\programdata\mNjIjGb24512
c:\programdata\mNjIjGb24512\mNjIjGb24512
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-03-13 bis 2011-04-13  ))))))))))))))))))))))))))))))
.
.
2011-04-13 03:04 . 2011-04-13 03:04        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-04-12 10:51 . 2011-03-15 05:17        8424784        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{DAC0FAA2-F433-4E93-9326-AE2D60BBDB34}\mpengine.dll
2011-04-11 16:28 . 2011-04-11 16:28        --------        d-----w-        c:\users\toshiba\AppData\Roaming\Free PDF to Word Converter
2011-04-11 16:28 . 2011-04-11 16:44        --------        d-----w-        c:\program files\Free PDF to Word Converter
2011-04-07 22:44 . 2011-04-07 22:44        --------        d-----w-        C:\_OTL
2011-03-20 15:02 . 2011-02-23 15:04        40648        ----a-w-        c:\windows\avastSS.scr
2011-03-20 15:02 . 2011-02-23 15:04        190016        ----a-w-        c:\windows\SysWow64\aswBoot.exe
2011-03-20 15:02 . 2011-04-07 22:39        --------        d-----w-        c:\program files\AVAST Software
2011-03-20 15:02 . 2011-03-20 15:02        --------        d-----w-        c:\programdata\AVAST Software
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-19 06:37 . 2011-03-09 12:19        1135104        ----a-w-        c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 12:19        1540608        ----a-w-        c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 12:19        902656        ----a-w-        c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-09 12:19        1074176        ----a-w-        c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 12:19        739840        ----a-w-        c:\windows\SysWow64\d2d1.dll
2011-02-02 17:11 . 2010-07-13 18:19        270720        ------w-        c:\windows\system32\MpSigStub.exe
2011-01-26 06:53 . 2011-02-09 21:43        982912        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:53 . 2011-02-09 21:43        265088        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:31 . 2011-02-09 21:43        144384        ----a-w-        c:\windows\system32\cdd.dll
.
.
(((((((((((((((((((((((((((((  SnapShot@2011-04-11_00.38.31  )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-04-12 10:36        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-04-09 23:46        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-04-09 23:46        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-12 10:36        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-12 10:36        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-09 23:46        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 05:10 . 2011-04-10 19:38        44306              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-04-13 02:14        44306              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-03-16 13:47 . 2011-04-10 19:38        12456              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3790254305-2357724045-4250460847-1000_UserData.bin
+ 2010-03-16 13:47 . 2011-04-13 02:14        12456              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3790254305-2357724045-4250460847-1000_UserData.bin
+ 2010-07-03 10:38 . 2011-04-13 02:14        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-03 10:38 . 2011-04-10 19:39        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-03 10:38 . 2011-04-13 02:14        32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-07-03 10:38 . 2011-04-10 19:39        32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-07-03 10:38 . 2011-04-10 19:39        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-03 10:38 . 2011-04-13 02:14        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-21 13:33 . 2011-04-13 02:14        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-21 13:33 . 2011-04-11 00:02        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-21 13:33 . 2011-04-11 00:02        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-21 13:33 . 2011-04-13 02:14        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-04-10 19:36 . 2011-04-10 19:36        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-04-13 02:12 . 2011-04-13 02:12        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-04-10 19:36 . 2011-04-10 19:36        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-04-13 02:12 . 2011-04-13 02:12        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-27 11:07 . 2011-04-12 23:11        186130              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-03-15 06:01 . 2011-04-13 02:25        280910              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:01 . 2011-04-10 19:28        349816              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-04-13 01:54        349816              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2011-04-10 12:20        10223616              c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-04-12 11:01        10223616              c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 09:08        2393184        ----a-w-        c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-28 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe autorun" [X]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2009-09-21 305440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
c:\users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-21 135664]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-08-25 116104]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-21 17:03]
.
2011-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-21 17:03]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2009-08-25 1050000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"SmoothView"="%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe" [BU]
"TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"00TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-20 503864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-05-29 1794856]
"SmartFaceVWatcher"="%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"Teco"="%ProgramFiles%\TOSHIBA\TECO\Teco.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 709976]
"TosWaitSrv"="%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TosNC"="%ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="%ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"ConexantAudioPatch"="%ProgramFiles%\ConexantAudioPatch\Audioreset.exe" [BU]
"TosVolRegulator"="c:\windows\TosVolRegulator_x64.exe" [2009-09-04 47928]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-08-25 134032]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\toshiba\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\eaysdyql.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-04-13  05:26:15
ComboFix-quarantined-files.txt  2011-04-13 03:26
ComboFix2.txt  2011-04-11 01:00
.
Vor Suchlauf: 12 Verzeichnis(se), 89.476.214.784 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 89.190.404.096 Bytes frei
.
- - End Of File - - F210B92CBFBEF6298CC5B33F6FCD7FD2
--- --- ---

cosinus 13.04.2011 12:58
Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

panther77 14.04.2011 01:09
Hallo!
Und danke für die ganzen Tipps!

Anbei MBR-Check-Tool.

Das Log des GMER-Scan weist ausschließlich auf eine ganz Menge von privaten Bildern hin (ich füge ein anonymisiertes Beispiel bei - ist wohl teilweise ein "Schleckerfotoalbum..."):

GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-14 01:56:20
Windows 6.1.7600
Running: qtuy3xcb.exe


---- Files - GMER 1.0.15 ----

File C:\Users\toshiba\Pictures\bilder pc\(Ordner)\(Unterordner)\(Unterordner)\Schlecker-Datei (Name)_mcf-Dateien\(anderer Ordner...Name)\1 (9).JPG 3186576 bytes
...

(alle anderen Treffer sind analog)

cosinus 14.04.2011 09:34
Wo ist das Log von MBRcheck?

panther77 14.04.2011 13:27
sorry, füge es hier bei...
VG


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: TOSHIBA
System Manufacturer: TOSHIBA
System Product Name: SATELLITE T130
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 188):
0x02C4B000 \SystemRoot\system32\ntoskrnl.exe
0x02C02000 \SystemRoot\system32\hal.dll
0x00BD0000 \SystemRoot\system32\kdcom.dll
0x00CAE000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CF2000 \SystemRoot\system32\PSHED.dll
0x00D06000 \SystemRoot\system32\CLFS.SYS
0x00EF6000 \SystemRoot\system32\CI.dll
0x00E00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EA4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00D64000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00EB3000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00EBC000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00FB6000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FE9000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00EC6000 \SystemRoot\System32\drivers\partmgr.sys
0x00EDB000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00EE4000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00DBB000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00C5C000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FF6000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00C76000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x0103C000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01158000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01161000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x0118B000 \SystemRoot\system32\DRIVERS\msahci.sys
0x01196000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x011A1000 \SystemRoot\system32\drivers\fltmgr.sys
0x01000000 \SystemRoot\system32\drivers\fileinfo.sys
0x0125D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0140D000 \SystemRoot\System32\Drivers\msrpc.sys
0x0146B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01485000 \SystemRoot\System32\Drivers\cng.sys
0x014F8000 \SystemRoot\System32\drivers\pcw.sys
0x01509000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016EA000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x0168B000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x016D7000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x016DC000 \SystemRoot\system32\DRIVERS\Thpevm.SYS
0x016DE000 \SystemRoot\system32\DRIVERS\thpdrv.sys
0x017DC000 \SystemRoot\System32\Drivers\spldr.sys
0x01513000 \SystemRoot\System32\drivers\rdyboost.sys
0x017E4000 \SystemRoot\System32\Drivers\mup.sys
0x017F6000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0154D000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01587000 \SystemRoot\system32\DRIVERS\disk.sys
0x0159D000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02A3D000 \SystemRoot\System32\Drivers\Null.SYS
0x02A46000 \SystemRoot\System32\Drivers\Beep.SYS
0x02A4D000 \SystemRoot\System32\drivers\vga.sys
0x02A5B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02A80000 \SystemRoot\System32\drivers\watchdog.sys
0x02A90000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02A99000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02AA2000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02AAB000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02AB6000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03802000 \SystemRoot\System32\drivers\tcpip.sys
0x01200000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x02A13000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02AC7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03A17000 \SystemRoot\system32\drivers\afd.sys
0x03AA1000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03AE6000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03AEF000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03B15000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03B2B000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03B3A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03B55000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03B69000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03BBA000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03BC6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03BD1000 \SystemRoot\System32\drivers\discache.sys
0x03BE0000 \SystemRoot\System32\Drivers\dfsc.sys
0x03A00000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x015DB000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x01014000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02AD4000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03C71000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x04673000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04767000 \SystemRoot\System32\drivers\dxgmms1.sys
0x047AD000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04600000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04656000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x047BA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x047DE000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
0x07EEE000 \SystemRoot\system32\DRIVERS\rtl8192se.sys
0x07E00000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x07E0D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x07E2B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x07E3A000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x07E82000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x07E84000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x07E93000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x07EA9000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x07EAE000 \SystemRoot\system32\DRIVERS\TVALZFL.sys
0x07EB5000 \SystemRoot\system32\DRIVERS\QIOMem.sys
0x07EBF000 \SystemRoot\system32\DRIVERS\tosrfec.sys
0x07EC8000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x07ED8000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04379000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x047F1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0439D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x043CC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03C00000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03C21000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x07FF5000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04883000 \SystemRoot\system32\DRIVERS\ks.sys
0x048C6000 \SystemRoot\system32\DRIVERS\umbus.sys
0x048D8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04932000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04947000 \SystemRoot\system32\drivers\CHDRT64.sys
0x04800000 \SystemRoot\system32\drivers\portcls.sys
0x0483D000 \SystemRoot\system32\drivers\drmk.sys
0x0485F000 \SystemRoot\system32\drivers\ksthunk.sys
0x03C3B000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x000E0000 \SystemRoot\System32\win32k.sys
0x04865000 \SystemRoot\System32\drivers\Dxapi.sys
0x04871000 \SystemRoot\system32\DRIVERS\monitor.sys
0x03C62000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02ADD000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x02874000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x02990000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x029A3000 \SystemRoot\System32\Drivers\usbvideo.sys
0x029D1000 \SystemRoot\system32\DRIVERS\pgeffect.sys
0x00440000 \SystemRoot\System32\TSDDD.dll
0x00600000 \SystemRoot\System32\cdd.dll
0x029D8000 \SystemRoot\system32\drivers\luafv.sys
0x02800000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x0281D000 \SystemRoot\system32\drivers\WudfPf.sys
0x0283E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02AFA000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02853000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x043E7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x05636000 \SystemRoot\system32\drivers\HTTP.sys
0x056FE000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0571C000 \SystemRoot\System32\drivers\mpsdrv.sys
0x05734000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05761000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x057AF000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x02B4D000 \SystemRoot\system32\drivers\peauth.sys
0x057D2000 \SystemRoot\System32\Drivers\secdrv.SYS
0x05600000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x057DD000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0740D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07474000 \SystemRoot\System32\DRIVERS\srv.sys
0x76D40000 \Windows\System32\ntdll.dll
0x479F0000 \Windows\System32\smss.exe
0xFF060000 \Windows\System32\apisetschema.dll
0xFF950000 \Windows\System32\autochk.exe
0xFEFD0000 \Windows\System32\difxapi.dll
0xFEF00000 \Windows\System32\usp10.dll
0xFEEE0000 \Windows\System32\sechost.dll
0xFEDD0000 \Windows\System32\msctf.dll
0xFED80000 \Windows\System32\Wldap32.dll
0xFEB20000 \Windows\System32\iertutil.dll
0xFEAB0000 \Windows\System32\gdi32.dll
0xFE9D0000 \Windows\System32\oleaut32.dll
0xFE980000 \Windows\System32\ws2_32.dll
0xFE800000 \Windows\System32\urlmon.dll
0xFE6D0000 \Windows\System32\wininet.dll
0xFE4F0000 \Windows\System32\setupapi.dll
0xFE4E0000 \Windows\System32\nsi.dll
0x76C20000 \Windows\System32\kernel32.dll
0xFE4D0000 \Windows\System32\lpk.dll
0xFD740000 \Windows\System32\shell32.dll
0xFD6A0000 \Windows\System32\comdlg32.dll
0x76B20000 \Windows\System32\user32.dll
0xFD5C0000 \Windows\System32\advapi32.dll
0xFD5A0000 \Windows\System32\imagehlp.dll
0xFD520000 \Windows\System32\shlwapi.dll
0x76F10000 \Windows\System32\normaliz.dll
0xFD3F0000 \Windows\System32\rpcrt4.dll
0xFD350000 \Windows\System32\clbcatq.dll
0xFD140000 \Windows\System32\ole32.dll
0xFD110000 \Windows\System32\imm32.dll
0x76F00000 \Windows\System32\psapi.dll
0xFD070000 \Windows\System32\msvcrt.dll
0xFD030000 \Windows\System32\wintrust.dll
0xFD010000 \Windows\System32\devobj.dll
0xFCEA0000 \Windows\System32\crypt32.dll
0xFCE30000 \Windows\System32\KernelBase.dll
0xFCD90000 \Windows\System32\comctl32.dll
0xFCD50000 \Windows\System32\cfgmgr32.dll
0xFCD40000 \Windows\System32\msasn1.dll
0x76950000 \Windows\SysWOW64\normaliz.dll

Processes (total 81):
0 System Idle Process
4 System
304 C:\Windows\System32\smss.exe
404 csrss.exe
468 C:\Windows\System32\wininit.exe
480 csrss.exe
516 C:\Windows\System32\services.exe
532 C:\Windows\System32\lsass.exe
540 C:\Windows\System32\lsm.exe
648 C:\Windows\System32\svchost.exe
732 C:\Windows\System32\svchost.exe
784 C:\Windows\System32\svchost.exe
836 C:\Windows\System32\svchost.exe
876 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\winlogon.exe
416 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\svchost.exe
1184 C:\Windows\System32\spoolsv.exe
1228 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1272 C:\Windows\System32\taskhost.exe
1324 C:\Windows\System32\svchost.exe
1380 C:\Windows\System32\dwm.exe
1440 C:\Windows\explorer.exe
1620 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1696 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1796 C:\Windows\System32\svchost.exe
1848 C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
1896 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
1904 C:\Windows\System32\conhost.exe
2004 C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
2012 C:\Windows\System32\igfxtray.exe
2020 C:\Windows\System32\hkcmd.exe
2036 C:\Windows\System32\igfxpers.exe
1088 C:\Windows\System32\igfxsrvc.exe
856 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
860 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
1480 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
1580 C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
1752 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1740 C:\Windows\System32\ThpSrv.exe
2068 C:\Program Files\TOSHIBA\TECO\TEco.exe
2176 C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
2300 C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
2368 C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
2416 C:\Windows\System32\ThpSrv.exe
2460 C:\Windows\System32\TODDSrv.exe
2492 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
2568 C:\Program Files\TOSHIBA\TECO\TecoService.exe
2596 C:\Windows\System32\svchost.exe
2652 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2836 C:\Windows\System32\igfxext.exe
3084 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
3112 WmiPrvSE.exe
3184 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3444 C:\Program Files (x86)\iPod\bin\iPodService.exe
3472 C:\Windows\System32\SearchIndexer.exe
3644 C:\Windows\System32\svchost.exe
3836 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2940 C:\Windows\System32\taskeng.exe
3280 C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
3788 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
1608 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
1344 C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
2200 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
4196 C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
3264 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
4572 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
3452 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
3060 C:\Program Files\Windows Media Player\wmpnetwk.exe
3908 C:\Windows\System32\wuauclt.exe
4744 C:\Windows\System32\svchost.exe
4852 C:\Users\toshiba\Desktop\qtuy3xcb.exe
4980 C:\Windows\System32\SearchProtocolHost.exe
4404 C:\Windows\System32\audiodg.exe
872 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
2308 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
1084 C:\Windows\System32\SearchFilterHost.exe
620 dllhost.exe
2164 dllhost.exe
1100 C:\Users\toshiba\Downloads\MBRCheck.exe
1200 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`19100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000025`73900000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS545032B9A300, Rev: PB3OC64G

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

cosinus 14.04.2011 13:47
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

panther77 16.04.2011 18:46
puh...Danke!

Anbei die Scans (habe auch upgedatet) SuperSpyware hat was gefunden, was ich von dort entfernen habe lasse...

VG


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6373

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16.04.2011 15:31:04
mbam-log-2011-04-16 (15-31-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 297073
Laufzeit: 27 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)


SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/16/2011 at 06:55 PM

Application Version : 4.50.1002

Core Rules Database Version : 6854
Trace Rules Database Version: 4666

Scan type : Quick Scan
Total Scan Time : 01:49:51

Memory items scanned : 692
Memory threats detected : 0
Registry items scanned : 2730
Registry threats detected : 0
File items scanned : 13374
File threats detected : 64

Adware.Tracking Cookie
ad.yieldmanager.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adinterax.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
user.lucidmedia.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adfarm1.adition.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad2.adfarm1.adition.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adfarm1.adition.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ww251.smartadserver.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adinterax.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tradedoubler.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tradedoubler.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tradedoubler.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tradedoubler.com [ C:\Users\toshiba\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
C:\Users\toshiba\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BNSVQLGE ]
ia.media-imdb.com [ C:\Users\toshiba\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BNSVQLGE ]
secure-us.imrworldwide.com [ C:\Users\toshiba\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BNSVQLGE ]
static.discoverymedia.com [ C:\Users\toshiba\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BNSVQLGE ]
www.naiadsystems.com [ C:\Users\toshiba\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BNSVQLGE ]
[ C:\Users\toshiba\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BNSVQLGE ]

cosinus 17.04.2011 19:38
Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

panther77 18.04.2011 01:38
Hallo - bisher keine weiteren Funde oder Probleme! Melde mich, sollte es wieder etwas geben...

Nochmals danke und Gruß!

cosinus 18.04.2011 13:48
Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:37 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27