SuperAntiSpyware findet Viren

#0
15.10.2010, 17:52
Member

Beiträge: 11
#1 Hallo,

ich habe heute SuperAntiSpyware durchlaufen lassen.
Dieser hat die Viren Trojan.Agent/CDesc(Generic) und Trojan.Agent/Gen-Cryptor(Virut) jeweils 1x gefunden.

Was soll ich tun?

Danke im voraus!
Seitenanfang Seitenende
15.10.2010, 22:24
Member

Themenstarter

Beiträge: 11
#2 hier die Scans von OTL

OTL.txt

Zitat

OTL logfile created on: 15.10.2010 22:10:46 - Run 4
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\pc\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,77 Gb Total Space | 13,94 Gb Free Space | 15,03% Space Free | Partition Type: NTFS
Drive D: | 1,90 Gb Total Space | 0,02 Gb Free Space | 1,24% Space Free | Partition Type: FAT
Drive E: | 92,07 Gb Total Space | 39,91 Gb Free Space | 43,35% Space Free | Partition Type: NTFS

Computer Name: pc | User Name: pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\pc\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\pc\AppData\Local\temp\fsonlinescanner.exe (F-Secure Corporation)
PRC - C:\Users\pc\AppData\Local\Temp\OnlineScanner\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - C:\Users\pc\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10g_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Java\jre6\bin\jp2launcher.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Java\jre6\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe (Acunetix Ltd.)
PRC - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Mail\WinMail.exe (Microsoft Corporation)
PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\Utilities\KeNotify.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
PRC - C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation)


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Users\pc\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe File not found
SRV - (AcuWVSSchedulerv6) -- C:\Programme\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe (Acunetix Ltd.)
SRV - (RelayFax) -- C:\Programme\RelayFax\App\RFEngine.exe (Alt-N Technologies, Ltd.)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (CFSvcs) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (TpChoice) -- C:\Windows\System32\DRIVERS\TpChoice.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (igfx) -- C:\Windows\System32\DRIVERS\igdkmd32.sys File not found
DRV - (catchme) -- C:\Combo-Fix\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (F-Secure Standalone Minifilter) -- C:\Users\pc\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys ()
DRV - (SASKUTIL) -- C:\Users\pc\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (SASDIFSV) -- C:\Users\pc\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\Windows\System32\drivers\msdv.sys (Microsoft Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (CplIR) -- C:\Windows\system32\DRIVERS\CplIR.SYS (COMPAL ELECTRONIC INC.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (iComp) -- C:\Windows\System32\drivers\p2usbwdm.sys (Conexant Systems Inc.)
DRV - (CAPI20) -- C:\Windows\System32\drivers\Capi20.sys (DeTeWe Berlin)
DRV - (ulisa) DeTeWe ISDN-Adapter (USB) -- C:\Windows\System32\drivers\ULISA.SYS (DeTeWe Berlin)
DRV - (CW100) -- C:\Windows\System32\drivers\CW100.sys (CASIO COMPUTER CO.,LTD.)
DRV - (DETEWECP) -- C:\Windows\System32\drivers\detewecp.sys (DeTeWe Berlin)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2431245&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.22
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.22 23:37:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.22 23:37:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.18 14:44:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2007.01.17 13:18:04 | 000,095,200 | ---- | M] ()

[2009.09.13 11:32:59 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\mozilla\Extensions
[2010.10.15 00:10:04 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\mozilla\Firefox\Profiles\z5gf9b9g.default\extensions
[2009.11.27 09:54:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\pc\AppData\Roaming\mozilla\Firefox\Profiles\z5gf9b9g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.21 22:04:53 | 000,000,000 | ---D | M] (Fast Video Download) -- C:\Users\pc\AppData\Roaming\mozilla\Firefox\Profiles\z5gf9b9g.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010.05.01 14:08:53 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\pc\AppData\Roaming\mozilla\Firefox\Profiles\z5gf9b9g.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.05.20 12:56:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pc\AppData\Roaming\mozilla\Firefox\Profiles\z5gf9b9g.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009.11.26 10:04:55 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\mozilla\Firefox\Profiles\z5gf9b9g.default\extensions\firefox@tvunetworks.com
[2010.03.16 11:42:56 | 000,000,927 | ---- | M] () -- C:\Users\pc\AppData\Roaming\Mozilla\FireFox\Profiles\z5gf9b9g.default\searchplugins\conduit.xml
[2010.08.11 21:50:09 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.05.20 13:03:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.11 21:50:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2007.03.02 15:17:24 | 000,095,200 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPAPIX.dll
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2007.01.17 13:18:04 | 000,095,200 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
[2007.09.07 16:25:50 | 000,103,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPMPDRM.dll
[2007.09.07 15:46:48 | 000,098,968 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPWMDRMWrapper.dll
[2010.08.07 22:37:31 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.07 22:37:31 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.07 22:37:31 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.07 22:37:31 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.07 22:37:31 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.08.09 22:20:36 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [KeNotify] C:\Programme\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe File not found
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Programme\Common Files\microsoft shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WorksFUD] C:\Programme\Microsoft Works\wkfud.exe (Microsoft® Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab (F-Secure Online Scanner Launcher)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O24 - Desktop WallPaper: C:\Toshiba\Wallpapers\Wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\Toshiba\Wallpapers\Wallpaper1.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.13 13:56:09 | 000,000,078 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010.10.15 17:15:12 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\SUPERAntiSpyware.com
[2010.10.15 17:15:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.10.13 21:49:49 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.10.13 21:49:29 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010.10.13 21:49:01 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.10.13 21:48:58 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.10.13 21:48:58 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.10.13 21:48:58 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.10.13 21:48:58 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.10.13 21:48:58 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.10.13 21:48:57 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.10.13 21:48:57 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.10.13 21:48:57 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.10.13 21:48:57 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.10.13 21:48:57 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.10.13 21:48:57 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.10.13 21:48:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.10.13 21:48:57 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.10.13 21:48:57 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.10.13 21:48:57 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.10.13 21:48:57 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.10.13 21:48:57 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.10.13 21:48:32 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.10.13 21:48:32 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010.10.13 21:48:03 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.10.13 21:48:00 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010.10.13 21:47:57 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010.10.01 17:56:36 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll
[2010.10.01 17:56:36 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll
[2010.10.01 17:56:12 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOgg.ax
[2010.10.01 17:56:12 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\System32\RLVorbisDec.ax
[2010.10.01 17:56:12 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSSplitter.ax
[2010.10.01 17:56:12 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSDecoder.ax
[2010.10.01 17:56:12 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\System32\RLTheoraDec.ax
[2010.10.01 17:56:11 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\System32\nbDX.dll
[2010.10.01 17:56:11 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\System32\DiracSplitter.ax
[2010.10.01 17:56:11 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\System32\MatroskaDX.ax
[2010.10.01 17:56:11 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\System32\flvDX.dll
[2010.10.01 17:56:11 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\System32\RealMediaDX.ax
[2010.10.01 17:56:11 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\System32\msfDX.dll
[2010.10.01 17:56:10 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\System32\AVCDX.ax
[2010.10.01 17:55:46 | 000,000,000 | ---D | C] -- C:\Programme\eRightSoft
[2010.10.01 17:25:31 | 000,000,000 | ---D | C] -- C:\Users\pc\Documents\TMPGEnc
[2010.10.01 17:24:53 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Pegasys Inc
[2010.10.01 17:22:11 | 000,000,000 | ---D | C] -- C:\Programme\Pegasys Inc
[2010.10.01 15:39:52 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\GermaniXSoft
[2010.10.01 15:39:44 | 000,000,000 | ---D | C] -- C:\Programme\GermaniXTranscoder41
[2010.10.01 15:39:14 | 005,976,305 | ---- | C] (GermaniXSoft ) -- C:\Users\pc\Desktop\GermaniX-Transcoder-41_1.exe
[2010.10.01 10:05:22 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\mobile-nailart-test
[2010.09.29 09:31:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.09.20 17:37:07 | 000,567,632 | ---- | C] (Google Inc.) -- C:\Users\pc\Desktop\ChromeSetup.exe
[6 C:\Users\pc\Documents\*.tmp files -> C:\Users\pc\Documents\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010.10.15 22:09:51 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe
[2010.10.15 21:42:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4224013243-733336848-3315584339-1000UA.job
[2010.10.15 21:36:13 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.15 21:36:13 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.15 21:36:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.15 17:42:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4224013243-733336848-3315584339-1000Core.job
[2010.10.15 17:14:54 | 011,802,408 | ---- | M] () -- C:\Users\pc\Desktop\SAS_0039.COM
[2010.10.15 09:09:23 | 000,000,680 | ---- | M] () -- C:\Users\pc\AppData\Local\d3d9caps.dat
[2010.10.15 03:22:41 | 003,668,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.15 01:16:59 | 291,846,698 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.10.11 21:30:47 | 000,172,032 | ---- | M] () -- C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.11 18:44:06 | 000,057,097 | ---- | M] () -- C:\Users\pc\.recently-used.xbel
[2010.10.05 16:45:57 | 000,618,368 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.05 16:45:57 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.05 16:45:57 | 000,122,830 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.05 16:45:57 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.01 17:56:12 | 000,001,834 | ---- | M] () -- C:\Users\Public\Desktop\SUPER © Uninstall.lnk
[2010.10.01 17:56:12 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPER ©.lnk
[2010.10.01 17:22:19 | 000,002,038 | ---- | M] () -- C:\Users\Public\Desktop\TMPGEnc 4.0 XPress Testversion.lnk
[2010.10.01 15:39:46 | 000,000,889 | ---- | M] () -- C:\Users\pc\Desktop\GermaniX Transcoder 4.1.lnk
[2010.10.01 15:39:24 | 005,976,305 | ---- | M] (GermaniXSoft ) -- C:\Users\pc\Desktop\GermaniX-Transcoder-41_1.exe
[6 C:\Users\pc\Documents\*.tmp files -> C:\Users\pc\Documents\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.10.15 17:14:52 | 011,802,408 | ---- | C] () -- C:\Users\pc\Desktop\SAS_0039.COM
[2010.10.01 17:56:12 | 000,051,712 | RHS- | C] () -- C:\Windows\System32\RLSpeexDec.ax
[2010.10.01 17:56:12 | 000,001,834 | ---- | C] () -- C:\Users\Public\Desktop\SUPER © Uninstall.lnk
[2010.10.01 17:56:12 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPER ©.lnk
[2010.10.01 17:56:11 | 000,175,104 | RHS- | C] () -- C:\Windows\System32\CoreAAC.ax
[2010.10.01 17:56:11 | 000,120,832 | RHS- | C] () -- C:\Windows\System32\MPCDx.ax
[2010.10.01 17:56:11 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\RLMPCDec.ax
[2010.10.01 17:56:11 | 000,097,280 | RHS- | C] () -- C:\Windows\System32\FLACDX.ax
[2010.10.01 17:56:11 | 000,070,656 | RHS- | C] () -- C:\Windows\System32\RLAPEDec.ax
[2010.10.01 17:56:10 | 000,227,328 | RHS- | C] () -- C:\Windows\System32\ac3DX.ax
[2010.10.01 17:56:10 | 000,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax
[2010.10.01 17:22:19 | 000,002,038 | ---- | C] () -- C:\Users\Public\Desktop\TMPGEnc 4.0 XPress Testversion.lnk
[2010.10.01 15:39:46 | 000,000,889 | ---- | C] () -- C:\Users\pc\Desktop\GermaniX Transcoder 4.1.lnk
[2010.09.20 17:38:40 | 000,002,052 | ---- | C] () -- C:\Users\pc\Desktop\Google Chrome.lnk
[2010.09.20 17:37:37 | 000,001,122 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4224013243-733336848-3315584339-1000UA.job
[2010.09.20 17:37:35 | 000,001,070 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4224013243-733336848-3315584339-1000Core.job
[2010.05.28 09:38:26 | 000,000,680 | ---- | C] () -- C:\Users\pc\AppData\Local\d3d9caps.dat
[2010.05.19 04:46:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.05.09 23:51:21 | 000,001,814 | ---- | C] () -- C:\Windows\FAXCPP1.INI
[2010.05.09 23:51:21 | 000,000,422 | ---- | C] () -- C:\Windows\FAXCPP.INI
[2010.05.09 23:51:12 | 000,000,034 | ---- | C] () -- C:\Windows\RFOIni.ini
[2010.05.09 23:51:04 | 000,000,034 | ---- | C] () -- C:\Windows\RFRIni.ini
[2010.05.09 23:45:57 | 000,000,034 | ---- | C] () -- C:\Windows\RFPIni.ini
[2010.05.09 16:54:49 | 000,000,059 | ---- | C] () -- C:\Windows\WINPHONE.INI
[2010.05.03 19:53:26 | 000,000,016 | ---- | C] () -- C:\Users\pc\AppData\Roaming\qvjsge.dat
[2010.05.01 15:50:17 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.02.12 12:51:20 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2
[2009.11.26 20:57:15 | 000,000,085 | ---- | C] () -- C:\Windows\System32\dojzjytg.dll
[2009.11.22 10:07:50 | 000,000,016 | -H-- | C] () -- C:\Users\pc\AppData\Roaming\mxfilerelatedcache.mxc2
[2009.11.22 10:07:50 | 000,000,016 | -H-- | C] () -- C:\Users\pc\AppData\Local\mxfilerelatedcache.mxc2
[2009.10.20 19:11:08 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.10.20 18:59:24 | 000,000,571 | ---- | C] () -- C:\Users\pc\AppData\Roaming\AutoGK.ini
[2009.10.13 13:56:11 | 000,000,182 | ---- | C] () -- C:\Windows\ulead32.ini
[2009.10.13 13:53:06 | 000,000,000 | ---- | C] () -- C:\Windows\videodeLuxe.INI
[2009.10.13 13:49:47 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009.10.13 13:49:38 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2009.10.13 13:47:12 | 000,000,133 | ---- | C] () -- C:\Windows\magix.ini
[2009.09.28 17:37:38 | 000,000,196 | ---- | C] () -- C:\Users\pc\AppData\Roaming\default.rss
[2009.09.27 19:08:45 | 000,598,016 | ---- | C] () -- C:\Windows\System32\viscomqtde.dll
[2009.09.27 19:08:45 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009.09.27 16:05:58 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.08.20 21:43:49 | 000,172,032 | ---- | C] () -- C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.20 11:40:41 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.01.05 14:44:10 | 000,000,483 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008.04.15 16:29:24 | 000,018,432 | ---- | C] () -- C:\Windows\vmmreg3.dll
[2008.01.08 10:35:57 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.10.15 20:52:56 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.10.15 20:51:56 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007.10.15 20:51:56 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007.10.15 20:51:56 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007.10.15 20:51:56 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007.07.12 10:26:24 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2007.04.16 08:35:21 | 000,000,887 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.04.16 08:02:55 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007.04.16 06:38:28 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.11.23 14:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[1999.01.22 19:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:661DFA1C

< End of report >
Extras.txt

Zitat

OTL Extras logfile created on: 15.10.2010 22:10:46 - Run 4
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\pc\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,77 Gb Total Space | 13,94 Gb Free Space | 15,03% Space Free | Partition Type: NTFS
Drive D: | 1,90 Gb Total Space | 0,02 Gb Free Space | 1,24% Space Free | Partition Type: FAT
Drive E: | 92,07 Gb Total Space | 39,91 Gb Free Space | 43,35% Space Free | Partition Type: NTFS

Computer Name: pc | User Name: pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4224013243-733336848-3315584339-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011406D2-9278-4C16-B4A0-4041BF653568}" = lport=10243 | protocol=6 | dir=in | app=system |
"{213B6063-EEA0-4DAB-8C07-6E3840784CEE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{26ADA470-D9A2-44FC-8C05-907CB50D918B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{321DBB7B-0F42-4C26-B757-210D121AD287}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{35533139-CD19-4048-B392-3A36925E7D0D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{58257C49-AA02-4317-8DC5-E2155446DC30}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5845BC1C-131A-4065-9B4F-6E94F5225732}" = rport=2869 | protocol=6 | dir=out | app=system |
"{6C36B477-F876-4A13-8895-A4F3F6754577}" = lport=2869 | protocol=6 | dir=in | app=system |
"{880FD7BE-7ACF-43CB-830E-1588B021BD25}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8C593CB2-C1D9-4D1C-9E25-D5CFC0427755}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8EC6317B-D948-405E-9F0D-E710EF524B68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{92740757-86B0-4B7C-BF8A-595376ACE2E6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A5D8DF52-1933-404C-9134-23C0E52F2868}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BC4644C6-1406-4667-9B91-5F95E812659E}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C1E293CD-3B87-4201-8E4E-8DD1288BAE2B}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D60A1611-6CFD-4A56-A9AD-9602C2BE1D4B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F6F50314-8ED6-4732-ABF1-D14AB06A6CF4}" = rport=10243 | protocol=6 | dir=out | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07C81EF8-6FE6-425A-83E3-B541AB99D0AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{213A5FFA-8EC6-4B62-9A2C-A2A542828E2E}" = protocol=6 | dir=out | app=system |
"{34DDA254-3ECB-4343-9231-23E47AB6DCA3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{38F94ECA-E91F-44AE-888A-5FFB3019BD4A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5170F17E-E016-4B4B-8BC3-5BE6A81934C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{59A45146-CE2E-436F-B90D-7D24961A2734}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5B6E4E6B-B7AF-4FDA-9C37-705AA190CC87}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5F29C8ED-9D78-40CD-A599-3277EAEB7A76}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8C75CEA2-E357-4D02-A768-DDA51AF8AE49}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9178333E-6F29-44EC-9EE3-49F00CD84EC2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BF8B29BB-EACC-48E1-A181-729007375529}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C95004D1-C8BA-4AAC-93A1-D65D2CC5D4CA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DF2D3B14-52EA-4B56-B0FB-09FC6769934F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E89F59FD-786D-44D0-9458-35EAECEBD29E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FCE8C68C-E26D-459F-8BF6-5EBC49BDA270}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"TCP Query User{06FEF7F7-68C0-41FB-8D54-82687C77AD8D}C:\users\pc\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd" = protocol=6 | dir=in | app=c:\users\pc\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd |
"TCP Query User{0A7D8949-670B-4F77-924D-41C7042C48F3}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{236E4B37-5D26-4064-BFE6-0EB697F05991}C:\users\pc\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe" = protocol=6 | dir=in | app=c:\users\pc\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe |
"TCP Query User{38D23013-620F-488C-84B8-2099AA880EA9}C:\users\pc\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\pc\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\age2_x1.exe |
"TCP Query User{4F79B3F1-2E02-4680-B901-81BF758F989F}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{62DEB3E5-C603-4760-BD4D-E466BB6F3202}C:\users\pc\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe" = protocol=6 | dir=in | app=c:\users\pc\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe |
"TCP Query User{9184F94E-94E6-472D-9BAD-C2181F0FBAA9}E:\program files\ea sports\fifa 10\fifa10.exe" = protocol=6 | dir=in | app=e:\program files\ea sports\fifa 10\fifa10.exe |
"TCP Query User{B76F7F90-4C5D-4478-A5D5-9C4486D4F300}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{C90B67C5-B5D2-4726-9CEA-8163FD138EBF}C:\users\pc\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\empires2.exe" = protocol=6 | dir=in | app=c:\users\pc\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\empires2.exe |
"TCP Query User{CBA3E1FE-E9D2-42A7-BDA5-27CDDBBFE435}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D305DED3-7531-4A8F-9894-91866BF6B75C}C:\users\pc\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd" = protocol=6 | dir=in | app=c:\users\pc\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd |
"TCP Query User{D4D3A80C-7390-48BA-9798-88FECC33A0CB}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{3360E5B3-EE72-4B20-92C8-A14C4E2C5579}E:\program files\ea sports\fifa 10\fifa10.exe" = protocol=17 | dir=in | app=e:\program files\ea sports\fifa 10\fifa10.exe |
"UDP Query User{4D2C1353-3239-4894-8E69-FC297582F7ED}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{54A35FCB-F92B-4173-93FE-E2C5902A0A04}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{8B5A7DC0-56CB-4D06-B88C-F49FB2CD3057}C:\users\pc\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe" = protocol=17 | dir=in | app=c:\users\pc\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe |
"UDP Query User{9C1D0029-BD85-45DE-AC82-F45238EE5F91}C:\users\pc\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\empires2.exe" = protocol=17 | dir=in | app=c:\users\pc\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\empires2.exe |
"UDP Query User{A3E16757-D387-4723-8AE1-BCBFBB63399B}C:\users\pc\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd" = protocol=17 | dir=in | app=c:\users\pc\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd |
"UDP Query User{B196D91B-02FE-4B89-BD5D-3268A1AF68FD}C:\users\pc\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\pc\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\age2_x1.exe |
"UDP Query User{B75F893E-9DA3-4046-BEDE-CF738FFA659C}C:\users\pc\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe" = protocol=17 | dir=in | app=c:\users\pc\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe |
"UDP Query User{BA0DEA0A-BB90-444F-9FEC-31E1AC96C5E2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C9AFD9F0-2DA8-478A-AAB3-A4A59F102D6A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{ED2B6065-3918-4327-8E6D-B0F2B3AA86AB}C:\users\pc\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd" = protocol=17 | dir=in | app=c:\users\pc\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd |
"UDP Query User{F764786B-58FF-4B45-820E-1FC3992C7FB8}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04CB6099-90D2-896A-8E01-8F1228499D93}" = Catalyst Control Center Localization Dutch
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{068138BE-11F5-8F56-8D88-13837314558E}" = CCC Help German
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A2F0BB6-D45B-AF3C-C19A-6950342AF6B1}" = Catalyst Control Center Localization Turkish
"{0B2FF6D9-359D-4481-8A0D-43A674B665C9}" = TA 33 USB
"{0BAA36F4-8138-AD8A-3791-44A7F0DD63E7}" = CCC Help Japanese
"{0C2B0B35-CF80-1384-D2F0-14F119F1784E}" = Catalyst Control Center Localization Chinese Standard
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1A998953-E64F-CE34-4517-C58EF5092157}" = CCC Help Turkish
"{1AED74D3-4C54-3CAA-65DE-4EAB7B589AE1}" = Catalyst Control Center Localization Greek
"{228A2F09-4557-92B9-44A9-E13D41FFAD02}" = Catalyst Control Center Localization Hungarian
"{228D6BCB-7B30-39F5-5442-A99CD76A9762}" = Catalyst Control Center Localization Danish
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2672817F-EB60-5FA1-9691-FE03D3E674F9}" = CCC Help French
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{2CC25320-CD83-B987-4B0A-B53B8413CC87}" = CCC Help Italian
"{33A0D18A-019E-8F30-6EDA-776CDC319771}" = CCC Help Norwegian
"{34537704-7E4C-F552-AFC7-E3FDB0A4FDC1}" = Catalyst Control Center Localization Italian
"{357D2DAA-1743-AC07-D88B-0077FC725DF6}" = Catalyst Control Center Graphics Full Existing
"{3899B709-95BD-752E-B320-1686DACA370E}" = CCC Help Portuguese
"{3E84E56E-FC81-4E08-AA90-E8B2FDC02557}" = Catalyst Control Center Localization Norwegian
"{469DFB95-185F-CA9E-3D5E-0036754B5033}" = Catalyst Control Center Localization German
"{475BF3D4-E418-18CF-34FC-1D8DD3E67F46}" = Catalyst Control Center Localization Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D881F9F-90B1-6992-BA30-72333A6BC669}" = CCC Help Danish
"{51035563-B7F5-01AF-0BE4-47533DEE5B51}" = Catalyst Control Center Localization Russian
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AC66835-7850-401E-AC93-65AD4D6A7E2E}" = Catalyst Control Center Localization Portuguese
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5F4B9958-F507-449A-A6E1-FD223314AF5A}" = TMPGEnc 4.0 XPress Testversion
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6789E743-FF41-3E96-8C59-0F43ADE6D9E6}" = Catalyst Control Center Localization French
"{698CEC51-8E29-5B7C-2C88-20CDE9DC3DFF}" = ccc-core-static
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74E2F60E-5C4D-3200-3AB5-6A5C1806A64F}" = CCC Help Hungarian
"{759D7567-3027-5605-BF42-9363090FAF71}" = CCC Help Czech
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{85737D46-5FDE-7798-02BA-68AC06CD0B17}" = CCC Help Spanish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{892DB0A0-CF31-DA46-8142-2B3953CA7B38}" = CCC Help English
"{8F2E8ADC-871F-7B91-708D-BC2899C7D986}" = Catalyst Control Center Localization Swedish
"{8FC9A62D-90DB-7122-09F3-587C42EE9FAC}" = Catalyst Control Center Localization Czech
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9128A108-FE27-997F-A118-E6C65FAE2256}" = CCC Help Korean
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9809A7E4-3B3B-4547-3B80-0073E0115EB4}" = Catalyst Control Center Graphics Previews Vista
"{9842DEA7-806B-08CA-608C-9717F5F5D7F3}" = Catalyst Control Center Graphics Light
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C6ABCF3-A9BF-2A09-0974-777B6C421E28}" = CCC Help Swedish
"{A04BF5DC-6DD3-4B6D-BABD-B1BC5DB23CF0}" = Ulead DVD PowerTools
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6F2C0CD-E0A2-BCC1-5BEF-600AC4D9AE62}" = Catalyst Control Center Localization Spanish
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AED8FA19-763C-BA3F-A243-3136EEF255E8}" = CCC Help Russian
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.7
"{BA98E840-DCB3-10B7-D016-8890E4F8F4CC}" = Catalyst Control Center Graphics Full New
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{BF29BDFC-4DF0-4C00-BE14-B326D0BA84B6}_is1" = GermaniX Transcoder
"{C1F4123D-6C93-D087-F50F-8D7AC51AFE76}" = ATI Catalyst Install Manager
"{C3E7A3AD-142E-2433-0107-D2CA4D85F19F}" = CCC Help Greek
"{C5A5F901-08F3-7E96-3049-A950A80ACCF4}" = Catalyst Control Center Graphics Previews Common
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB082B01-F65B-05DA-3048-8979BF7B5BD2}" = CCC Help Dutch
"{CC0E0442-B3BA-6FB5-3E94-C5F96B9B8915}" = Skins
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFC9F871-7C40-40B6-BE4A-B98A5B309716}" = Adobe Flash Professional CS5
"{D121161E-AD64-4438-97A0-66A1AB7FFDE3}" = Works Suite-Betriebssystem-Pack
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D281F20C-FA11-D09A-8A20-B78D771222F8}" = Catalyst Control Center Localization Japanese
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DD766B16-BE10-F87C-73A7-A6FC09148633}" = CCC Help Polish
"{DDF91F62-6CBF-2932-93BA-D487B60635B5}" = Catalyst Control Center Core Implementation
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEC00B1F-5E63-D40F-6291-A2A531414613}" = CCC Help Chinese Traditional
"{DF066D23-C0C8-8755-8244-A8A78B8798A5}" = CCC Help Thai
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E60BFE17-F44C-4A28-9ACF-1DD7362B0278}_is1" = Acunetix Web Vulnerability Scanner 6.5
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EC2F2081-6B46-810C-8408-EC04D29EDFF0}" = Catalyst Control Center Localization Thai
"{ED5EDCD0-5745-4B13-8061-58C9833FD06D}" = Microsoft Works 6.0
"{F0EF93AE-6B13-DB6A-3C03-8CB5A51D0A7A}" = CCC Help Finnish
"{F0FFE43C-7FCC-55F3-6BDE-11F6E9F9FB4A}" = CCC Help Chinese Standard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E1E2E3-2F93-E548-7675-10A78CDD04A6}" = Catalyst Control Center Localization Finnish
"{F20B6876-0F18-1A47-D858-D0D9F6888B99}" = Catalyst Control Center Localization Polish
"{F2260E94-80F2-4CB1-B6B1-6043D9BFFA47}" = Works-Synchronisierung
"{F400ED9E-848C-DB0B-CED5-F69DAA2CE8AD}" = ccc-utility
"{F5EFBB2D-2CD6-FD3D-FA53-DFB962BFD14C}" = Catalyst Control Center Localization Korean
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe AIR" = Adobe AIR
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.2.4.1
"FreeUndelete" = FreeUndelete
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.13)" = Mozilla Firefox (3.5.13)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"Paros_is1" = Paros 3.2.13
"PersonalFax" = PersonalFax 1.50
"Recuva" = Recuva
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"SuperMailer" = SuperMailer 4.90
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 1.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = WinRAR
"Works2002Setup" = Microsoft Works 2002-Setup-Start

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 11.07.2010 11:08:30 | Computer Name = pc | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11.07.2010 11:20:22 | Computer Name = pc | Source = EventSystem | ID = 4621
Description =

Error - 11.07.2010 13:48:59 | Computer Name = pc | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11.07.2010 13:48:59 | Computer Name = pc | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12.07.2010 07:02:27 | Computer Name = pc | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12.07.2010 07:02:27 | Computer Name = pc | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12.07.2010 12:28:42 | Computer Name = pc | Source = VSS | ID = 8193
Description =

Error - 13.07.2010 03:51:31 | Computer Name = pc | Source = VSS | ID = 8193
Description =

Error - 13.07.2010 05:55:37 | Computer Name = pc | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 13.07.2010 05:55:37 | Computer Name = pc | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ System Events ]
Error - 15.10.2010 07:15:51 | Computer Name = pc | Source = Service Control Manager | ID = 7000
Description =

Error - 15.10.2010 07:15:51 | Computer Name = pc | Source = Service Control Manager | ID = 7000
Description =

Error - 15.10.2010 09:05:32 | Computer Name = pc | Source = DCOM | ID = 10010
Description =

Error - 15.10.2010 11:07:25 | Computer Name = pc | Source = DCOM | ID = 10010
Description =

Error - 15.10.2010 11:08:56 | Computer Name = pc | Source = Service Control Manager | ID = 7000
Description =

Error - 15.10.2010 11:08:56 | Computer Name = pc | Source = Service Control Manager | ID = 7000
Description =

Error - 15.10.2010 11:35:37 | Computer Name = pc | Source = DCOM | ID = 10010
Description =

Error - 15.10.2010 15:36:24 | Computer Name = pc | Source = Service Control Manager | ID = 7000
Description =

Error - 15.10.2010 15:36:24 | Computer Name = pc | Source = Service Control Manager | ID = 7000
Description =

Error - 15.10.2010 15:57:14 | Computer Name = pc | Source = DCOM | ID = 10010
Description =


< End of report >
Seitenanfang Seitenende
16.10.2010, 08:23
Moderator

Beiträge: 7798
#3 MAche bitte einen Kontrollscan mit Malwarebytes und sag, wo und in welcher DAtei SuperAntiSpyware die Malware gefunden haben will...
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
16.10.2010, 09:53
Member

Themenstarter

Beiträge: 11
#4 Malwarebytes hat nichts gefunden.

Nach dem Scan von Super AntiSpyware wurde ich aufgefordert neu zu starten, um die Bereinigung zu beenden. Danach konnte ich keine Option in dem Programm mehr finden, um mir die Log-Datei anzuschauen. Somit weiß ich nicht genau wo er den Virus gefunden hatte.
Seitenanfang Seitenende
16.10.2010, 10:37
Moderator

Beiträge: 7798
#5 Das waere aber schon wichtig, da sich das ganze nach Fehlalarm seitens SAS anhoert. Auffaelligkeiten sehe ich so nicht.

MAche noch einen Kontrollscan mit Emsisofts eek:
http://www.emsisoft.de/de/software/eek/
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
16.10.2010, 10:50
Member

Themenstarter

Beiträge: 11
#6 wird die Log-Datei von AntiSpyWare denn irgendwo gespeichert? Ich konnte nichts finden.

Ich werde jetzt noch einen Kontrollscan mit der von dir genannten Software durchführen. Mir ist allerdings noch aufgefallen, dass mein PC seit 1-2 Tagen nicht mehr automatisch in den Standy-Modus wechselt, obwohl ich dies nach 15 Minuten Inaktivität so eingestellt habe. Ich erwähnt das nur, weil ich vor längerer Zeit ein Trojaner auf dem PC hatte, der den Wechsel in den Standby verhindert hatte. Nach der damaligen Entfernung war das Problem auch mit dem Standby gelöst.
Seitenanfang Seitenende
16.10.2010, 10:53
Member

Themenstarter

Beiträge: 11
#7 noch eine Ergänzung zu SuperAntiSpyware: Einer der beiden Viren war in jedem Fall in einem Verzeichnis oder Unterverzeichnis von Microsoft shared o.ä.
Seitenanfang Seitenende
16.10.2010, 17:12
Member

Themenstarter

Beiträge: 11
#8 Hier der Scan von Emsisoft:

Zitat

Emsisoft Anti-Malware - Version 1.0
Letztes Update: 16.10.2010 10:54:58

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Speicher, Traces, Cookies, C:\, E:\
Archiv Scan: Aus
Heuristik: Aus
ADS Scan: An

Scan Beginn: 16.10.2010 10:56:42

c:\windows\system32\TVUAx gefunden: Trace.Directory.dl.tvunetworks.com!A2
c:\windows\system32\TVUAx\libcurl.dll gefunden: Trace.File.dl.tvunetworks.com!A2
c:\windows\system32\TVUAx\libeay32.dll gefunden: Trace.File.dl.tvunetworks.com!A2
c:\windows\system32\TVUAx\libexpatw.dll gefunden: Trace.File.dl.tvunetworks.com!A2
c:\windows\system32\TVUAx\npTVUAx.dll gefunden: Trace.File.dl.tvunetworks.com!A2
c:\windows\system32\TVUAx\ssleay32.dll gefunden: Trace.File.dl.tvunetworks.com!A2
c:\windows\system32\TVUAx\zlib1.dll gefunden: Trace.File.dl.tvunetworks.com!A2
Value: HKEY_CLASSES_ROOT\AppID\TVUAx.DLL --> AppID gefunden: Trace.Registry.dl.tvunetworks.com!A2
Value: HKEY_CLASSES_ROOT\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} --> AppID gefunden: Trace.Registry.dl.tvunetworks.com!A2
Value: HKEY_CLASSES_ROOT\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}\InprocServer32 --> ThreadingModel gefunden: Trace.Registry.dl.tvunetworks.com!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\TVUAx.DLL --> AppID gefunden: Trace.Registry.dl.tvunetworks.com!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} --> AppID gefunden: Trace.Registry.dl.tvunetworks.com!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}\InprocServer32 --> ThreadingModel gefunden: Trace.Registry.dl.tvunetworks.com!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TVUPlayer --> NSIS:Language gefunden: Trace.Registry.dl.tvunetworks.com!A2
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@bs.serving-sys[1].txt gefunden: Trace.TrackingCookie.bs.serving-sys!A2
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@com[1].txt gefunden: Trace.TrackingCookie.com!A2
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@com[2].txt gefunden: Trace.TrackingCookie.com!A2
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@serving-sys[1].txt gefunden: Trace.TrackingCookie.serving-sys!A2
C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\z5gf9b9g.default\cookies.sqlite:1280176605199000 gefunden: Trace.TrackingCookie.ad2.doublepimp.com!A2
C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\z5gf9b9g.default\cookies.sqlite:1283355950957002 gefunden: Trace.TrackingCookie.com!A2
C:\Windows\System32\bin2exe16.exe gefunden: Trojan-Downloader.Win32.BHO!IK

Gescannt

Dateien: 707601
Traces: 472655
Cookies: 3204
Prozesse: 67

Gefunden

Dateien: 1
Traces: 14
Cookies: 6
Prozesse: 0
Registry Keys: 0

Scan Ende: 16.10.2010 17:11:07
Scan Zeit: 6:14:25

C:\Windows\System32\bin2exe16.exe Quarantäne Trojan-Downloader.Win32.BHO!IK

Quarantäne

Dateien: 1
Traces: 0
Cookies: 0

C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\z5gf9b9g.default\cookies.sqlite:1280176605199000 Gelöscht Trace.TrackingCookie.ad2.doublepimp.com!A2
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@serving-sys[1].txt Gelöscht Trace.TrackingCookie.serving-sys!A2
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@com[1].txt Gelöscht Trace.TrackingCookie.com!A2
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@com[2].txt Gelöscht Trace.TrackingCookie.com!A2
C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\z5gf9b9g.default\cookies.sqlite:1283355950957002 Gelöscht Trace.TrackingCookie.com!A2
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\Low\stefan@bs.serving-sys[1].txt Gelöscht Trace.TrackingCookie.bs.serving-sys!A2
Value: HKEY_CLASSES_ROOT\AppID\TVUAx.DLL --> AppID Gelöscht Trace.Registry.dl.tvunetworks.com!A2
Value: HKEY_CLASSES_ROOT\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} --> AppID Gelöscht Trace.Registry.dl.tvunetworks.com!A2
Value: HKEY_CLASSES_ROOT\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}\InprocServer32 --> ThreadingModel Gelöscht Trace.Registry.dl.tvunetworks.com!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\TVUAx.DLL --> AppID Gelöscht Trace.Registry.dl.tvunetworks.com!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} --> AppID Gelöscht Trace.Registry.dl.tvunetworks.com!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}\InprocServer32 --> ThreadingModel Gelöscht Trace.Registry.dl.tvunetworks.com!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TVUPlayer --> NSIS:Language Gelöscht Trace.Registry.dl.tvunetworks.com!A2
c:\windows\system32\TVUAx\libcurl.dll Gelöscht Trace.File.dl.tvunetworks.com!A2
c:\windows\system32\TVUAx\libeay32.dll Gelöscht Trace.File.dl.tvunetworks.com!A2
c:\windows\system32\TVUAx\libexpatw.dll Gelöscht Trace.File.dl.tvunetworks.com!A2
c:\windows\system32\TVUAx\npTVUAx.dll Gelöscht Trace.File.dl.tvunetworks.com!A2
c:\windows\system32\TVUAx\ssleay32.dll Gelöscht Trace.File.dl.tvunetworks.com!A2
c:\windows\system32\TVUAx\zlib1.dll Gelöscht Trace.File.dl.tvunetworks.com!A2
c:\windows\system32\TVUAx Gelöscht Trace.Directory.dl.tvunetworks.com!A2

Gelöscht

Dateien: 0
Traces: 14
Cookies: 6
Seitenanfang Seitenende
18.10.2010, 08:32
Member

Themenstarter

Beiträge: 11
#9 ich hab jett noch Gmer ausgeführt:

Zitat

GMER 1.0.15.15319 - http://www.gmer.net
Rootkit scan 2010-10-18 08:30:33
Windows 6.0.6002 Service Pack 2
Running: rbey9ure.exe; Driver: C:\Users\PC\AppData\Local\Temp\ugldipod.sys


---- System - GMER 1.0.15 ----

SSDT 8CB973F4 ZwCreateThread
SSDT 8CB973E0 ZwOpenProcess
SSDT 8CB973E5 ZwOpenThread
SSDT 8CB973EF ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 222 81EC6985 3 Bytes [73, B9, 8C]
.text ntkrnlpa.exe!KeSetEvent + 3F1 81EC6B54 4 Bytes [E0, 73, B9, 8C]
.text ntkrnlpa.exe!KeSetEvent + 40D 81EC6B70 4 Bytes [E5, 73, B9, 8C]
.text ntkrnlpa.exe!KeSetEvent + 621 81EC6D84 4 Bytes [EF, 73, B9, 8C]
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8A55E000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8A5A7000, 0x510, 0x40000040]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[3220] USER32.dll!SetWindowsHookExW 774E87AD 5 Bytes JMP 6DC29AED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3220] USER32.dll!CallNextHookEx 774E8E3B 5 Bytes JMP 6DC1D14D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3220] USER32.dll!UnhookWindowsHookEx 774E98DB 5 Bytes JMP 6DB94686 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3220] USER32.dll!CreateWindowExW 774F1305 5 Bytes JMP 6DC2DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3220] USER32.dll!DialogBoxParamW 775110B0 5 Bytes JMP 6DB554F5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3220] USER32.dll!DialogBoxIndirectParamW 77512EF5 5 Bytes JMP 6DD25027 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3220] USER32.dll!DialogBoxParamA 77528152 5 Bytes JMP 6DD24FC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3220] USER32.dll!DialogBoxIndirectParamA 7752847D 5 Bytes JMP 6DD2508A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3220] USER32.dll!MessageBoxIndirectA 7753D4D9 5 Bytes JMP 6DD24F59 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3220] USER32.dll!MessageBoxIndirectW 7753D5D3 5 Bytes JMP 6DD24EEE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3220] USER32.dll!MessageBoxExA 7753D639 5 Bytes JMP 6DD24E8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3220] USER32.dll!MessageBoxExW 7753D65D 5 Bytes JMP 6DD24E2A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3220] ole32.dll!OleLoadFromStream 75E51E80 5 Bytes JMP 6DD2538F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3220] ole32.dll!CoCreateInstance 75E89F3E 5 Bytes JMP 6DC2DBA0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] USER32.dll!SetWindowsHookExW 774E87AD 5 Bytes JMP 6DC29AED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] USER32.dll!CallNextHookEx 774E8E3B 5 Bytes JMP 6DC1D14D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] USER32.dll!UnhookWindowsHookEx 774E98DB 5 Bytes JMP 6DB94686 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] USER32.dll!CreateWindowExW 774F1305 5 Bytes JMP 6DC2DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] USER32.dll!DialogBoxParamW 775110B0 5 Bytes JMP 6DB554F5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] USER32.dll!DialogBoxIndirectParamW 77512EF5 5 Bytes JMP 6DD25027 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] USER32.dll!DialogBoxParamA 77528152 5 Bytes JMP 6DD24FC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] USER32.dll!DialogBoxIndirectParamA 7752847D 5 Bytes JMP 6DD2508A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] USER32.dll!MessageBoxIndirectA 7753D4D9 5 Bytes JMP 6DD24F59 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] USER32.dll!MessageBoxIndirectW 7753D5D3 5 Bytes JMP 6DD24EEE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] USER32.dll!MessageBoxExA 7753D639 5 Bytes JMP 6DD24E8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] USER32.dll!MessageBoxExW 7753D65D 5 Bytes JMP 6DD24E2A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] ole32.dll!OleLoadFromStream 75E51E80 5 Bytes JMP 6DD2538F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] ole32.dll!CoCreateInstance 75E89F3E 5 Bytes JMP 6DC2DBA0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5156] USER32.dll!CreateWindowExW 774F1305 5 Bytes JMP 6DC2DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5156] USER32.dll!DialogBoxParamW 775110B0 5 Bytes JMP 6DB554F5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5156] USER32.dll!DialogBoxIndirectParamW 77512EF5 5 Bytes JMP 6DD25027 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5156] USER32.dll!DialogBoxParamA 77528152 5 Bytes JMP 6DD24FC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5156] USER32.dll!DialogBoxIndirectParamA 7752847D 5 Bytes JMP 6DD2508A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5156] USER32.dll!MessageBoxIndirectA 7753D4D9 5 Bytes JMP 6DD24F59 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5156] USER32.dll!MessageBoxIndirectW 7753D5D3 5 Bytes JMP 6DD24EEE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5156] USER32.dll!MessageBoxExA 7753D639 5 Bytes JMP 6DD24E8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5156] USER32.dll!MessageBoxExW 7753D65D 5 Bytes JMP 6DD24E2A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [72D67817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [72DBA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [72D6BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [72D5F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [72D675E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [72D5E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [72D98395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [72D6DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [72D5FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [72D5FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [72D571CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [72DECAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [72D8C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [72D5D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [72D56853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [72D5687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [72D62AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
Was soll ich jetzt weiter tun?
Seitenanfang Seitenende
18.10.2010, 09:39
Moderator

Beiträge: 7798
#10 Auch das sieht nicht ungewoehnlich aus. Nutze bite einem MBRCheck und poste den REport:
http://www.computerguard.de/anleitung-mbrcheckexe-vt5432.html
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
18.10.2010, 09:46
Member

Beiträge: 39
#11 ok hab ich durchgeführt (hab die Zugangsdaten meines alten Accounts doch wieder gefunden, daher jetzt unter diesem Nick):

Zitat

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: TOSHIBA
System Manufacturer: TOSHIBA
System Product Name: Satellite A200
Logical Drives Mask: 0x00000034

Kernel Drivers (total 158):
0x81E3F000 \SystemRoot\system32\ntkrnlpa.exe
0x81E0C000 \SystemRoot\system32\hal.dll
0x8040C000 \SystemRoot\system32\kdcom.dll
0x80413000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80483000 \SystemRoot\system32\PSHED.dll
0x80494000 \SystemRoot\system32\BOOTVID.dll
0x8049C000 \SystemRoot\system32\CLFS.SYS
0x804DD000 \SystemRoot\system32\CI.dll
0x8060C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80688000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80695000 \SystemRoot\system32\drivers\acpi.sys
0x806DB000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E4000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EC000 \SystemRoot\system32\drivers\pci.sys
0x80713000 \SystemRoot\system32\DRIVERS\LPCFilter.sys
0x8071D000 \SystemRoot\System32\drivers\partmgr.sys
0x8072C000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8072F000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80739000 \SystemRoot\system32\drivers\volmgr.sys
0x80748000 \SystemRoot\System32\drivers\volmgrx.sys
0x80792000 \SystemRoot\system32\drivers\intelide.sys
0x80799000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807A7000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x807D4000 \SystemRoot\System32\drivers\mountmgr.sys
0x8280C000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x828CA000 \SystemRoot\system32\drivers\atapi.sys
0x828D2000 \SystemRoot\system32\drivers\ataport.SYS
0x828F0000 \SystemRoot\system32\drivers\msahci.sys
0x828F9000 \SystemRoot\system32\drivers\fltmgr.sys
0x8292B000 \SystemRoot\system32\drivers\fileinfo.sys
0x8293B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82A04000 \SystemRoot\system32\drivers\ndis.sys
0x82B0F000 \SystemRoot\system32\drivers\msrpc.sys
0x82B3A000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A209000 \SystemRoot\System32\drivers\tcpip.sys
0x8A2F3000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A400000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A510000 \SystemRoot\system32\drivers\volsnap.sys
0x8A549000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x8A54E000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
0x8A599000 \SystemRoot\System32\Drivers\spldr.sys
0x8A5A1000 \SystemRoot\System32\Drivers\mup.sys
0x8A5B0000 \SystemRoot\System32\drivers\ecache.sys
0x8A5D7000 \SystemRoot\system32\drivers\disk.sys
0x8A30E000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A5E8000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A3ED000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A200000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x82B75000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8F009000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8E609000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E6AA000 \SystemRoot\System32\drivers\watchdog.sys
0x8E6B6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E743000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8E74E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E78C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E79B000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8FA06000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8FC2D000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8FC3D000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8FC4B000 \SystemRoot\system32\drivers\tifm21.sys
0x8FC97000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8FCB1000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8FCB5000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8FCC8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8FCD3000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8FD00000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8FD02000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8FD0D000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x8FD11000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8FD29000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8FD58000 \SystemRoot\system32\DRIVERS\storport.sys
0x8FD99000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8FDA4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8FDBB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8FDC6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8FDE9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8E7B3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8E7C7000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8E7DC000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8FDF8000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F76B000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E7EC000 \SystemRoot\system32\DRIVERS\circlass.sys
0x8F795000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F79F000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F7AC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F7E1000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x82B84000 \SystemRoot\system32\drivers\HdAudio.sys
0x82BC3000 \SystemRoot\system32\drivers\portcls.sys
0x829AC000 \SystemRoot\system32\drivers\drmk.sys
0x9000B000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x90207000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x90323000 \SystemRoot\system32\drivers\modem.sys
0x90330000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x90339000 \SystemRoot\System32\Drivers\Null.SYS
0x90340000 \SystemRoot\System32\Drivers\Beep.SYS
0x90350000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x90357000 \SystemRoot\System32\drivers\vga.sys
0x90363000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x90384000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x9038C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x90394000 \SystemRoot\System32\Drivers\Msfs.SYS
0x9039F000 \SystemRoot\System32\Drivers\Npfs.SYS
0x903AD000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x903B6000 \SystemRoot\system32\DRIVERS\tdx.sys
0x903CC000 \SystemRoot\system32\DRIVERS\smb.sys
0x90603000 \SystemRoot\system32\drivers\afd.sys
0x9064B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x9067D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90693000 \SystemRoot\system32\DRIVERS\netbios.sys
0x906A1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x906B4000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x906BA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x906F6000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90700000 \SystemRoot\System32\Drivers\dfsc.sys
0x90717000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x90733000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x90735000 \SystemRoot\System32\Drivers\crashdmp.sys
0x90742000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x97AD0000 \SystemRoot\System32\win32k.sys
0x903E0000 \SystemRoot\System32\drivers\Dxapi.sys
0x903EA000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x901E7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x903F3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8A32F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x90347000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8A5F1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97CF0000 \SystemRoot\System32\TSDDD.dll
0x97D10000 \SystemRoot\System32\cdd.dll
0x97D20000 \SystemRoot\System32\ATMFD.DLL
0x8A346000 \SystemRoot\system32\drivers\luafv.sys
0x8A361000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x9C603000 \SystemRoot\system32\drivers\spsys.sys
0x9C6B3000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9C6C3000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9C6ED000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9C6F7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9C70A000 \SystemRoot\system32\drivers\HTTP.sys
0x9C777000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9C794000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9C7AD000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9C7C2000 \SystemRoot\system32\drivers\mrxdav.sys
0x8A375000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8A394000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9C7E3000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x829D1000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA0E0D000 \SystemRoot\System32\DRIVERS\srv.sys
0xA0E73000 \SystemRoot\System32\drivers\detewecp.sys
0xA0E7C000 \SystemRoot\System32\Drivers\CAPI20.SYS
0xA3C08000 \SystemRoot\system32\drivers\peauth.sys
0xA3CE6000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA3CF0000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA3CFC000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA3D22000 \SystemRoot\system32\drivers\tdtcp.sys
0xA3D2D000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xA3D39000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA3D6C000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77050000 \Windows\System32\ntdll.dll

Processes (total 72):
0 System Idle Process
4 System
572 C:\Windows\System32\smss.exe
640 csrss.exe
696 C:\Windows\System32\wininit.exe
708 csrss.exe
740 C:\Windows\System32\services.exe
752 C:\Windows\System32\lsass.exe
760 C:\Windows\System32\lsm.exe
856 C:\Windows\System32\winlogon.exe
944 C:\Windows\System32\svchost.exe
1008 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
1056 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\Ati2evxx.exe
1216 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\svchost.exe
1316 C:\Windows\System32\svchost.exe
1380 C:\Windows\System32\audiodg.exe
1404 C:\Windows\System32\svchost.exe
1420 C:\Windows\System32\SLsvc.exe
1444 C:\Windows\System32\svchost.exe
1632 C:\Windows\System32\Ati2evxx.exe
1648 C:\Windows\System32\svchost.exe
1916 C:\Windows\System32\spoolsv.exe
124 C:\Program Files\Avira\AntiVir Desktop\sched.exe
392 C:\Windows\System32\svchost.exe
516 C:\Windows\System32\dwm.exe
12 C:\Windows\System32\taskeng.exe
1612 C:\Windows\explorer.exe
2168 C:\Program Files\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe
2216 C:\Windows\System32\agrsmsvc.exe
2252 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2280 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
2380 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2440 C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe
2548 C:\Windows\System32\svchost.exe
2584 C:\Windows\System32\svchost.exe
2784 C:\Program Files\Windows Defender\MSASCui.exe
2792 C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
2860 C:\Windows\System32\TODDSrv.exe
2888 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
2956 C:\Windows\System32\svchost.exe
2992 C:\Windows\System32\SearchIndexer.exe
3096 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3820 C:\Windows\System32\alg.exe
4092 C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
1960 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
2368 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2616 C:\Program Files\Common Files\microsoft shared\Works Shared\WkUFind.exe
1160 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
1356 C:\Program Files\pdf24\pdf24.exe
1876 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
372 C:\Windows\RtHDVCpl.exe
808 C:\Program Files\Common Files\Java\Java Update\jusched.exe
736 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3424 C:\Program Files\Windows Media Player\wmpnscfg.exe
3416 C:\Program Files\Windows Media Player\wmpnetwk.exe
2024 C:\Program Files\Synaptics\SynTP\SynToshiba.exe
2848 C:\Windows\System32\taskeng.exe
2052 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
4324 C:\Program Files\Windows Mail\WinMail.exe
1660 C:\Program Files\Internet Explorer\iexplore.exe
4960 C:\Program Files\Internet Explorer\iexplore.exe
5908 C:\Program Files\Mozilla Firefox\firefox.exe
1268 C:\Windows\System32\SearchProtocolHost.exe
172 C:\Windows\System32\SearchFilterHost.exe
3408 C:\Windows\explorer.exe
4408 dllhost.exe
2300 dllhost.exe
5812 C:\Users\Stefan\Downloads\MBRCheck.exe
3576 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000017`8f500000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK2046GSX, Rev: LB013M

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
Seitenanfang Seitenende
18.10.2010, 09:53
Moderator

Beiträge: 7798
#12 Es sieht mir immer noch nach Fehlalarm von SAS aus. Lasse Mbam nochmal unter diesem Nutzer einen VOllscan machen. Vergesse nicht, es vorher zu aktualisieren...
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
18.10.2010, 10:01
Member

Beiträge: 39
#13 ok werde ich machen, aber vorher noch ne Frage:
Emisoft hatte doch auch einen Trojaner gefunden, der mit einem hohen Risiko gekennzeichnet war. Kann es trotzdem ein Fehlalarm sein? Dazu kommt auch noch das beschriebene Problem mit dem Standby.

Vielen Dank für die tolle Hilfe bisher!
Seitenanfang Seitenende
18.10.2010, 11:31
Moderator

Beiträge: 7798
#14 Der Emsisoft Fund scheint mir ebenfalls ein Fehlalarm zu sein. Lade die DAtei aus der Emsi EK Quarantaene mal bei Virustotal hoch und poste das Ergebniss...

Mit dem Standby kann es viele Ursachen haben, ueber Malwarebefall bis hin zu akuten Treiber/Hardware Problemen.

Wann hast du Combofix genutzt und hast du das schon deinstalliert?
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
18.10.2010, 13:10
Member

Themenstarter

Beiträge: 11
#15 Combofix hatte ich vor einigen Monaten installiert, jedoch noch nicht deinstalliert.

Hier schon mal das Ergebnis von Virustotal:

Zitat

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
2A6E53E80C4E1168F219FD8961A6DA737991AB94.A2Q
Submission date:
2010-10-18 09:55:14 (UTC)
Current status:
queued queued analysing finished
Result:
0/ 42 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.10.18.01 2010.10.18 -
AntiVir 7.10.12.234 2010.10.18 -
Antiy-AVL 2.0.3.7 2010.10.18 -
Authentium 5.2.0.5 2010.10.17 -
Avast 4.8.1351.0 2010.10.17 -
Avast5 5.0.594.0 2010.10.17 -
AVG 9.0.0.851 2010.10.17 -
BitDefender 7.2 2010.10.18 -
CAT-QuickHeal 11.00 2010.10.18 -
ClamAV 0.96.2.0-git 2010.10.18 -
Comodo 6427 2010.10.18 -
DrWeb 5.0.2.03300 2010.10.18 -
eSafe 7.0.17.0 2010.10.17 -
eTrust-Vet 36.1.7917 2010.10.18 -
F-Prot 4.6.2.117 2010.10.17 -
F-Secure 9.0.16160.0 2010.10.18 -
Fortinet 4.2.249.0 2010.10.18 -
GData 21 2010.10.18 -
Ikarus T3.1.1.90.0 2010.10.18 -
Jiangmin 13.0.900 2010.10.18 -
K7AntiVirus 9.66.2760 2010.10.15 -
Kaspersky 7.0.0.125 2010.10.18 -
McAfee 5.400.0.1158 2010.10.18 -
McAfee-GW-Edition 2010.1C 2010.10.18 -
Microsoft 1.6201 2010.10.18 -
NOD32 5541 2010.10.18 -
Norman 6.06.07 2010.10.18 -
nProtect 2010-10-18.01 2010.10.18 -
Panda 10.0.2.7 2010.10.17 -
PCTools 7.0.3.5 2010.10.18 -
Prevx 3.0 2010.10.18 -
Rising 22.69.04.03 2010.10.15 -
Sophos 4.58.0 2010.10.18 -
Sunbelt 7085 2010.10.18 -
SUPERAntiSpyware 4.40.0.1006 2010.10.17 -
Symantec 20101.2.0.161 2010.10.18 -
TheHacker 6.7.0.1.060 2010.10.18 -
TrendMicro 9.120.0.1004 2010.10.18 -
TrendMicro-HouseCall 9.120.0.1004 2010.10.18 -
VBA32 3.12.14.1 2010.10.18 -
ViRobot 2010.10.18.4098 2010.10.18 -
VirusBuster 12.69.3.4 2010.10.17 -
Additional information
Show all
MD5 : e066b22deba3e0fb37f862d50437db93
SHA1 : 2a6e53e80c4e1168f219fd8961a6da737991ab94
SHA256: 47c98e0fe9538f8c89f2bf10d573747d992cd6de41556832b2bd9a35b072f5f0
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: