![]() |
Log-Analyse und Auswertung: thealltimes.com entfernt logfiles prüfenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() |
![]() | #1 |
![]() | ![]() thealltimes.com entfernt logfiles prüfen Hallo zusammen. gestern war es wieder soweit, ein Freund rief mich an, das sein Computer nicht richtig funktioniert. Google-Suchen werden auf thealltimes.com umgeleitet und das Windows-Sicherheitscenter ist deaktiviert und kann nicht aktiviert werden. Ob es noch weitere Symptome gab, kann ich nicht sagen. Diverse Scanner, darunter Malewarebytes, Spybot, Avira haben nichts gefunden. tdsskiller (ich war über irgendein Forum darauf gestoßen) hatte zwei Dateien gefunden, dass Problem bestand aber weiterhin. Als letzen Ausweg und vor der Windows Neuinstallation haben wir uns entschieden, Combofix über das System zu jagen. Entweder es hilft, oder das System ist futsch. (Ich weiß, ohne fachmännische Hilfe sollte man das nie tun. Und ich kann es auch keinem empfehlen, der nicht schon mit dem rechner abgeschlossen hat.) Nachdem Combofix fertig war, traten ein paar Probleme beim ausführen von Programmen auf, welche aber nach einem Neustart verschwunden waren. Und scheinbar ist auch der Trojaner/Rootkit/was auch immer verschwunden. Zumindest ist das Windows-Sicherheitscenter wieder aktiv und Google-Suchen werden nicht mehr umgeleitet. Ganz traue ich dem Frieden noch nicht. Daher wäre es nett, wenn Ihr einen Blick auf die Logfiles werfen könnt. Eventuell erkennt ihr noch etwas. Viele Grüße Andreas OTL.txt HTML-Code: OTL logfile created on: 28.02.2012 16:57:20 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Christian\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19190) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 67,43% Memory free 5,72 Gb Paging File | 4,71 Gb Available in Paging File | 82,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,89 Gb Total Space | 95,37 Gb Free Space | 64,05% Space Free | Partition Type: NTFS Drive E: | 147,73 Gb Total Space | 109,27 Gb Free Space | 73,97% Space Free | Partition Type: NTFS Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012.02.28 16:54:50 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.12.15 15:00:00 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.12.15 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2009.04.21 16:36:06 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) -- C:\Programme\Toshiba TEMPRO\TemproSvc.exe PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2009.01.26 15:31:16 | 002,144,088 | ---- | M] (Safer Networking Limited) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008.04.24 18:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe PRC - [2008.04.16 23:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2008.04.10 23:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe PRC - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe PRC - [2007.12.23 00:03:28 | 000,916,240 | ---- | M] (The Eraser Project) -- C:\Programme\Eraser\Eraser.exe PRC - [2007.12.03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe PRC - [2007.11.21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe PRC - [2007.10.26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2007.06.20 21:04:52 | 000,046,432 | ---- | M] (Microsoft® Corporation) -- C:\Programme\Microsoft Works\WkCalRem.exe PRC - [2006.08.23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2008.04.22 21:05:08 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2008.02.02 22:08:12 | 001,722,368 | ---- | M] () -- C:\Programme\TUGZip\Plugins\TzArchive10.tgp MOD - [2007.03.12 22:34:20 | 000,162,304 | ---- | M] () -- C:\Windows\System32\ztvunrar36.dll MOD - [2006.05.14 12:03:54 | 000,655,360 | ---- | M] () -- C:\Programme\TUGZip\TzShell.dll MOD - [2005.02.17 22:15:22 | 000,077,824 | ---- | M] () -- C:\Programme\TUGZip\Plugins\TzImage10.tgp [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2009.04.21 16:36:06 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) SRV - [2008.04.24 18:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv) SRV - [2008.04.16 23:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2008.04.10 23:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2007.12.03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service) SRV - [2007.11.21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) SRV - [2007.10.26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2006.08.23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2005.11.17 13:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2012.02.16 21:35:59 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.01.24 02:50:10 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2010.01.24 02:50:10 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2008.04.22 23:36:32 | 003,551,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.04.15 09:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.04.10 20:25:30 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32) DRV - [2008.02.27 18:36:02 | 000,141,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2007.12.26 09:20:32 | 000,290,304 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B) DRV - [2007.12.17 11:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR) DRV - [2007.11.09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ) DRV - [2007.10.17 22:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.01.31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007.01.18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.11.20 13:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk) DRV - [2006.10.30 10:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) DRV - [2006.10.18 10:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-821676565-1905554400-4105622299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKU\S-1-5-21-821676565-1905554400-4105622299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-821676565-1905554400-4105622299-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-821676565-1905554400-4105622299-1000\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKU\S-1-5-21-821676565-1905554400-4105622299-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.t-online.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb110/?loc=IB_DS&a=6OypKk47Yy&&i=26&search=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.09.17 08:49:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.22 21:23:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.16 09:10:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.02.22 21:03:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.09.17 08:49:58 | 000,000,000 | ---D | M] [2010.02.06 19:20:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions [2010.02.06 19:20:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.02.26 19:44:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\fhpsr1wz.default\extensions [2011.03.06 14:52:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\fhpsr1wz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.01.14 08:49:02 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\fhpsr1wz.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} [2011.12.19 20:04:40 | 000,002,419 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\fhpsr1wz.default\searchplugins\englische-ergebnisse.xml [2010.11.20 21:37:55 | 000,002,434 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\fhpsr1wz.default\searchplugins\google-scholar.xml [2011.12.19 20:04:40 | 000,005,508 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\fhpsr1wz.default\searchplugins\webde-suche.xml [2012.01.14 07:47:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.04.15 20:39:40 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2008.12.18 18:27:08 | 000,000,000 | ---D | M] (PHPNukeDE Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{c9508125-4747-4733-b048-e4b82dc9716d} [2012.02.22 21:23:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.02.22 21:23:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.22 21:23:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.22 21:23:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.22 21:23:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.22 21:23:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.22 21:23:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.02.26 20:14:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-821676565-1905554400-4105622299-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-821676565-1905554400-4105622299-1000\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-21-821676565-1905554400-4105622299-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-821676565-1905554400-4105622299-1000..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project) O4 - HKU\S-1-5-21-821676565-1905554400-4105622299-1000..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-821676565-1905554400-4105622299-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Programme\Microsoft Works\WkCalRem.exe (Microsoft® Corporation) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-821676565-1905554400-4105622299-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-821676565-1905554400-4105622299-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O15 - HKU\S-1-5-21-821676565-1905554400-4105622299-1000\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-821676565-1905554400-4105622299-1000\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A803B0C9-9CB6-44A7-A1D1-2DE5CF144BCF}: DhcpNameServer = O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012.02.28 16:54:49 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe [2012.02.27 19:30:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos [2012.02.27 19:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos [2012.02.27 19:16:07 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\temp [2012.02.27 19:14:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.02.27 18:48:55 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.02.27 08:42:42 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012.02.26 20:02:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.02.26 20:02:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.02.26 20:02:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.02.26 20:02:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012.02.26 18:32:19 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.02.26 17:59:28 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes [2012.02.26 17:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.02.26 17:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.26 17:59:19 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.02.26 17:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.02.26 15:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.02.26 15:24:06 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2012.02.26 14:35:28 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\QuickScan [2012.02.16 07:54:01 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.02.16 07:53:55 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.02.16 07:53:54 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.02.16 07:53:53 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.02.16 07:53:53 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.02.16 07:53:52 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.02.16 07:53:52 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2012.02.16 07:53:52 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012.02.16 07:53:52 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012.02.16 07:53:52 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012.02.16 07:53:52 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2012.02.16 07:53:52 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.02.16 07:53:52 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.02.16 07:53:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2012.02.16 07:53:52 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2012.02.16 07:53:52 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2012.02.16 07:53:52 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2012.02.16 07:53:52 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2012.02.16 07:53:52 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2012.02.09 11:23:44 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Avira [2012.02.09 11:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.02.09 11:22:40 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.02.09 11:22:39 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.02.09 11:22:39 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.02.09 11:22:39 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.02.09 11:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.02.09 11:22:34 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.02.02 21:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache [2012.02.02 20:41:48 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\pdfforge [2012.02.02 20:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.02.02 20:41:42 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX [2012.02.02 20:41:40 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL [2012.02.02 20:41:40 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL [2012.02.02 20:41:40 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL [2012.02.02 20:41:40 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL [2012.02.02 20:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012.02.28 16:54:50 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe [2012.02.28 16:35:01 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.28 16:32:44 | 000,002,631 | ---- | M] () -- C:\Users\Christian\Desktop\Microsoft Office Word.lnk [2012.02.28 16:26:06 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.28 16:26:06 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.28 16:26:06 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.28 16:26:06 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.28 16:19:06 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.28 16:18:51 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.28 16:18:51 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.28 16:18:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.27 14:35:32 | 001,410,192 | ---- | M] () -- C:\Users\Christian\Desktop\sar_15_sfx.exe [2012.02.27 13:31:04 | 353,106,618 | ---- | M] () -- C:\Users\Christian\Documents\cristian_reg_backup_27_02_12.reg [2012.02.26 20:14:50 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.02.26 19:41:25 | 000,131,454 | ---- | M] () -- C:\Users\Christian\Documents\cc_20120226_194104.reg [2012.02.26 17:59:22 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.26 17:04:48 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.02.22 11:18:08 | 000,002,633 | ---- | M] () -- C:\Users\Christian\Desktop\Microsoft Office Excel.lnk [2012.02.21 18:17:27 | 000,002,673 | ---- | M] () -- C:\Users\Christian\Desktop\Microsoft Office PowerPoint.lnk [2012.02.16 21:35:59 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.02.16 14:39:34 | 000,439,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.01.30 20:43:50 | 000,375,701 | ---- | M] () -- C:\Users\Christian\Desktop\factsheet_umwelt_de.pdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012.02.27 19:30:06 | 001,410,192 | ---- | C] () -- C:\Users\Christian\Desktop\sar_15_sfx.exe [2012.02.27 13:30:33 | 353,106,618 | ---- | C] () -- C:\Users\Christian\Documents\cristian_reg_backup_27_02_12.reg [2012.02.26 20:02:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.02.26 20:02:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.02.26 20:02:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.02.26 20:02:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.02.26 20:02:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.02.26 19:41:11 | 000,131,454 | ---- | C] () -- C:\Users\Christian\Documents\cc_20120226_194104.reg [2012.02.26 17:59:22 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.26 16:56:12 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2012.02.22 21:03:06 | 000,001,807 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2012.02.02 20:41:42 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2012.01.30 20:43:50 | 000,375,701 | ---- | C] () -- C:\Users\Christian\Desktop\factsheet_umwelt_de.pdf [2010.09.07 17:13:25 | 000,238,962 | ---- | C] () -- C:\Windows\hpwins26.dat [2010.05.04 10:29:42 | 000,001,843 | ---- | C] () -- C:\Windows\System32\RC98E1A0.dat [2010.05.04 10:29:41 | 000,000,029 | ---- | C] () -- C:\Windows\System32\RPCS.ini [2010.05.04 10:27:06 | 000,000,372 | ---- | C] () -- C:\Windows\ricdb.ini [color=#E56717]========== LOP Check ==========[/color] [2009.04.07 21:56:44 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Application Y [2010.09.11 10:54:57 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\CheckPoint [2008.12.19 11:31:00 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DAEMON Tools [2008.12.19 11:50:08 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DAEMON Tools Lite [2009.12.04 11:03:29 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DAEMON Tools Pro [2009.01.02 22:11:16 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Design Science [2009.04.17 13:48:14 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\gtk-2.0 [2009.04.15 20:39:43 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ICQ [2008.12.18 16:50:48 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\InfraRecorder [2008.12.17 18:39:58 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenOffice.org [2011.08.23 17:23:45 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PanPlot [2012.02.02 20:41:48 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\pdfforge [2012.02.26 14:35:33 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\QuickScan [2008.12.21 15:26:49 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Sony [2009.05.07 11:52:38 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Template [2010.02.06 19:14:18 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Thunderbird [2009.01.02 17:15:40 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Toshiba [2008.12.16 20:31:53 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Ulead Systems [2010.09.14 18:30:28 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Uniblue [2012.02.27 22:02:56 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.12.17 03:29:30 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{457DAF69-C04F-4A64-A6ED-701858349FE1}.job [color=#E56717]========== Purity Check ==========[/color] < End of report > HTML-Code: OTL Extras logfile created on: 28.02.2012 16:57:20 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Christian\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19190) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 67,43% Memory free 5,72 Gb Paging File | 4,71 Gb Available in Paging File | 82,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,89 Gb Total Space | 95,37 Gb Free Space | 64,05% Space Free | Partition Type: NTFS Drive E: | 147,73 Gb Total Space | 109,27 Gb Free Space | 73,97% Space Free | Partition Type: NTFS Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-821676565-1905554400-4105622299-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04D77E34-B343-4936-8746-44E3E5C6F150}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 | "{1EB1E69C-D4F9-4CD2-A896-F108A515D217}" = rport=139 | protocol=6 | dir=out | app=system | "{1F6B6B4A-9676-44EC-A8E2-F25F66A6C022}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 | "{2A39D5BA-C9C8-4E4D-A045-41A4C08C110F}" = lport=445 | protocol=6 | dir=in | app=system | "{2B8F0D11-1473-4B54-9F7E-4F4B030B7DED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{45DF638D-7738-49DA-8424-3961750A1190}" = rport=445 | protocol=6 | dir=out | app=system | "{8625488E-1BC8-4869-9EF1-C8FA7126A0ED}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{86C579DA-7EB4-41C9-84FB-AB549E6E87D1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{A8337089-670F-4474-B053-D4C65E0F0D0B}" = rport=137 | protocol=17 | dir=out | app=system | "{B1275947-674E-4BD2-AFF1-2644E298B58F}" = lport=138 | protocol=17 | dir=in | app=system | "{CD4197CF-FE1F-4B72-A2A1-E863D9A13209}" = lport=137 | protocol=17 | dir=in | app=system | "{E7DC22D2-B4E3-432E-A58A-D000ADC76221}" = rport=138 | protocol=17 | dir=out | app=system | "{F15EE85C-3822-4D2D-A64A-F417A84109C9}" = lport=139 | protocol=6 | dir=in | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0282E26D-8929-4DB8-AB4C-728BBAED5732}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{02A0016F-C8F7-4776-A60D-590D5D34EB39}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{08D03A1F-3FD4-4AD0-B46C-D20300858FCF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{17A03B53-E62C-48BE-BFC1-1A5E975075D5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | "{184D0730-ED2C-4295-A760-0E7D74D0FBAB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | "{1BBEC821-DC3C-42B0-B557-5E2E3FE15CA6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{1D68CB78-77FC-4830-A6DF-801AA1446056}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager 1.0\mediamanager.exe | "{20105B78-B91E-4BBE-9E34-BFCD511FD687}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{20C76A6F-CCFA-4E19-B24F-591F56AEB0A7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{22A1AC84-BCE4-46DC-AC24-34F7002E6B7D}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | "{29A65036-4059-4901-936C-57A1978F474E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{29A8AEE4-8888-40CE-ADEE-85D4931BF654}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{36AD7AFE-81FF-41F3-94B0-AB377E5D1A19}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{47C63415-AAD2-41BD-98EA-C1BDD2FD643D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{59517C90-A7B2-40F4-929C-95259DB6262B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5E011624-8B6B-4759-A428-2BB43D705E7F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{88110C40-03AD-4B1A-A7EA-B169987A336C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | "{8BB77F31-02CC-4F0E-805F-13540C8A42B8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | "{8E66DD80-7D5D-4882-98D0-B7CE7DC4D588}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | "{AA1BF4D9-A1E4-4DEC-97AC-2F53D85B8398}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{B01725F0-EDCC-49E9-9D53-AD90057F0321}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{B23410C0-6BC5-4388-9C4E-F4346FD911B6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{BBB45264-1F56-4615-A8FF-C2CFF86B6FB0}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{BE0B8211-93F0-4FCE-A434-E778995A0C10}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{C78D12D5-D75C-47EE-9DB2-BEC7F984C0FF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{CA647011-99CB-4486-A991-8E3CFC9F9780}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | "{DCC88CDE-4264-42E9-B4B4-6F6D30A3579F}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | "{E4D8824B-2BC3-448B-AA06-B33C81264AA4}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager 1.0\mediamanager.exe | "{E68FD794-39A2-4953-9989-A03CA8014AC5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | "{FDCEDE52-C1DA-4CDA-A1B2-34D0008F133C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "TCP Query User{2D901D6E-3CC1-4B44-BF11-C982C578C3C2}C:\program files\matlab\r2009a\bin\win32\matlab.exe" = protocol=6 | dir=in | app=c:\program files\matlab\r2009a\bin\win32\matlab.exe | "TCP Query User{67A1D50E-E57B-4F1C-9C30-365A37024E81}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{438CEB63-8564-4A97-A817-1207785C0FD9}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{CB599D88-3345-40FD-8A0F-F3C3D72BF5D6}C:\program files\matlab\r2009a\bin\win32\matlab.exe" = protocol=17 | dir=in | app=c:\program files\matlab\r2009a\bin\win32\matlab.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{07C9627A-CA0B-2AA2-062E-204359DF7BA1}" = Catalyst Control Center Core Implementation "{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree "{0EFB2016-41D2-5F30-8F60-25250F6DABDD}" = CCC Help Thai "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher "{1E57A11B-AB65-C6D1-F999-B3B37AB2298E}" = Catalyst Control Center Localization Japanese "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 21 "{27265B80-303E-EFFF-6052-B11F91B634C3}" = Catalyst Control Center Localization Italian "{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min "{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup "{2920435D-CE92-5024-1694-DFD43A5FF074}" = Catalyst Control Center Localization Greek "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{2CD6D3D2-1EFC-F0B4-1761-FD4FA7F8750F}" = CCC Help Finnish "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{358004B9-3A16-87FF-4487-4D6F0C70E52F}" = Catalyst Control Center Localization Russian "{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba "{38A3E884-313A-7AE0-11BC-482DE0C8766A}" = CCC Help Czech "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3BB12DBC-0A8E-ECE2-F179-D06B99B8CD02}" = Catalyst Control Center Localization Czech "{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth "{3E0E28DC-DA90-1BA2-FA36-AA3C2E4FB74A}" = Catalyst Control Center Graphics Previews Vista "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password "{4C90501F-864B-5AC4-867D-6AC35BE50721}" = ccc-utility "{55398A75-13E0-570F-BD16-2EE5D9E5523D}" = Catalyst Control Center Localization Norwegian "{5C72622B-643D-4296-B57D-5D53D0C68509}" = Sony Ericsson Media Manager 1.0 "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5F131988-3326-AD64-1817-D76A2FE3C2D3}" = CCC Help Chinese Traditional "{5FBF37CD-B7F9-564C-BDFC-73D970CF7AF2}" = CCC Help Italian "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{61C63422-E5E2-8576-2B82-0E01F5AD2538}" = CCC Help English "{61F90A4F-AD49-7FFB-F027-5B2CB64F0A70}" = Catalyst Control Center Graphics Light "{629044C7-745A-64B8-467F-2F93ED50008B}" = CCC Help Chinese Standard "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{65BF23C0-4EF9-27CC-7B6F-190F4008A569}" = Catalyst Control Center Localization Polish "{65D602E4-DCDE-0743-6A0A-F1A203449F47}" = CCC Help German "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting "{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6B4874CA-13CF-2477-B697-B448201B56B6}" = CCC Help Norwegian "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{6EB0B23B-AA51-6F4E-C94C-C1015ED61EEC}" = CCC Help Japanese "{70495081-1DC8-AD4B-C197-12138B8FBC9E}" = CCC Help Danish "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71B929E2-3556-93DB-DEC0-FD56D3EFB473}" = Catalyst Control Center Localization Chinese Traditional "{71C47830-182D-79FA-0790-0366E6E2C2EB}" = Catalyst Control Center Localization Spanish "{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder "{77CAD946-C573-6647-B222-B6870C072932}" = CCC Help Korean "{7C30283C-8DC7-4FBB-805E-52BEA5F580E8}" = Toshiba TEMPRO "{7E83516C-931B-870F-5CDF-01FDF9A4AEF0}" = Catalyst Control Center Localization Turkish "{86728841-C151-B8E4-43C6-DD289DE570B6}" = Catalyst Control Center Localization Swedish "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86DBA852-5D5E-1856-D828-620E792EDC0D}" = Catalyst Control Center Localization Chinese Standard "{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{88BA2601-8A62-7AB7-DB8A-7AA2840B7C87}" = Catalyst Control Center Localization Thai "{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver "{8B587895-7716-1B99-5D85-3CA4AAF8A0F4}" = Catalyst Control Center Localization Dutch "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00B0-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF – Add-In für 2007 Microsoft Office-Programme "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer "{9244F321-0BBD-9D4A-C1FB-6437E3D0550D}" = Catalyst Control Center Localization German "{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr "{93F3EBDD-4007-C233-7320-977AC0941054}" = CCC Help Turkish "{94AB6CE0-DB26-7048-2A5B-4647EA1FC693}" = ccc-core-static "{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer "{A103C127-2168-4493-8D01-4BF180BED12C}" = CCC Help Portuguese "{A7F27ADB-3C56-0F2B-6B4B-0B8E02A49186}" = ATI Catalyst Install Manager "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC2EE52D-05CD-8140-5D29-5AA29590971E}" = CCC Help French "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{B02A78AE-EA3B-8261-AEBC-8221E22DCC1E}" = CCC Help Polish "{B1D67B62-35A8-A9A1-AA74-F6A495C8271A}" = Catalyst Control Center Localization Danish "{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator "{BC2EA92A-A5A9-A137-5204-F150EDB05DB3}" = CCC Help Hungarian "{BC713970-8C3C-852B-4139-636F21114B7F}" = CCC Help Dutch "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm "{C38D770E-A8ED-4E5B-B790-3971A55642DB}" = Installation der Frutiger-Fonts "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C5F1A9C4-C041-2E95-5D7E-EF56CED2B522}" = Skins "{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D7CC05AF-067D-0D1A-1E4D-9DCBCDCC2D41}" = Catalyst Control Center Graphics Full New "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help "{E0FC3A5D-CF52-ABA7-92EF-D9794F372121}" = Catalyst Control Center Graphics Full Existing "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe "{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m "{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher "{EA7D1919-A6BF-979A-E3A2-F753E23D45FA}" = Catalyst Control Center Localization Hungarian "{ED2BC5D9-20EE-FBB6-8483-240F19EFCAA5}" = CCC Help Swedish "{F0345A2F-1D78-0AEA-7CBB-CEF48622EB44}" = Catalyst Control Center Localization Portuguese "{F0646787-1A2F-34E9-A61D-9DAD69F606F8}" = CCC Help Spanish "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA "{F50E4D66-5280-FDF8-7F55-2E47FCF23E7D}" = Catalyst Control Center Localization Korean "{F67E6AE5-F87B-025F-2D6B-26491304393F}" = CCC Help Russian "{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser "{F9DAAC4B-5E3F-1D39-9D4B-6998664EF402}" = Catalyst Control Center Localization Finnish "{F9F66B99-C1B3-ACEA-1F80-404CC4DD96BF}" = Catalyst Control Center Localization French "{FA493449-3E34-4E05-8CA7-26A42E9F180E}" = CCC Help Greek "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "CCleaner" = CCleaner (remove only) "CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "ENTERPRISE" = Microsoft Office Enterprise 2007 "Eraser" = Eraser "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition (D) "First Class Übersetzer" = First Class Übersetzer "Globus Fotoservice_is1" = Globus Fotoservice "Google Desktop" = Google Desktop "HP Document Manager" = HP Document Manager 2.0 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Smart Web Printing" = HP Smart Web Printing 4.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "InfraRecorder" = InfraRecorder "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder "InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition "InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE (D) "MAGIX Foto Suite D" = MAGIX Foto Suite (D) "MAGIX Online Druck Service D" = MAGIX Online Druck Service (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version "MatlabR2009a" = MATLAB R2009a "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de) "Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de) "myphotobook" = myphotobook 3.5 "PanPlot" = PanPlot 11.04 "Picasa2" = Picasa 2 "Shop for HP Supplies" = Shop for HP Supplies "Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar "Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TUGZip_is1" = TUGZip 3.5 "UDPixel" = UDPixel.exe "Uninstall_is1" = Uninstall "Update Service" = Update Service "Windows Media Encoder 9" = Windows Media Encoder 9-Reihe "WinGimp-2.0_is1" = GIMP 2.6.3 "Xvid_is1" = Xvid 1.2.2 final uninstall [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 26.02.2012 11:16:22 | Computer Name = Christian-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.02.2012 11:16:22 | Computer Name = Christian-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.02.2012 11:16:22 | Computer Name = Christian-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.02.2012 11:16:22 | Computer Name = Christian-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.02.2012 11:16:22 | Computer Name = Christian-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.02.2012 11:16:22 | Computer Name = Christian-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.02.2012 11:16:22 | Computer Name = Christian-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.02.2012 11:16:22 | Computer Name = Christian-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.02.2012 11:16:23 | Computer Name = Christian-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.02.2012 11:16:23 | Computer Name = Christian-PC | Source = Windows Search Service | ID = 3013 Description = [ Media Center Events ] Error - 01.09.2009 04:10:52 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0 Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme: 'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'. [ OSession Events ] Error - 13.09.2009 07:17:06 | Computer Name = Christian-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 111 seconds with 60 seconds of active time. This session ended with a crash. Error - 18.10.2009 18:54:32 | Computer Name = Christian-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6341.5001, Microsoft Office Version: 12.0.4518.1014. This session lasted 163 seconds with 60 seconds of active time. This session ended with a crash. Error - 19.10.2009 14:39:44 | Computer Name = Christian-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6341.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 7078 seconds with 3120 seconds of active time. This session ended with a crash. Error - 10.01.2010 15:48:55 | Computer Name = Christian-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 117608 seconds with 9780 seconds of active time. This session ended with a crash. Error - 10.05.2010 12:04:41 | Computer Name = Christian-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 85 seconds with 60 seconds of active time. This session ended with a crash. Error - 19.07.2010 05:12:31 | Computer Name = Christian-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 2138 seconds with 60 seconds of active time. This session ended with a crash. [ System Events ] Error - 27.02.2012 11:18:43 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7026 Description = Error - 27.02.2012 11:23:07 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7022 Description = Error - 27.02.2012 13:46:09 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7026 Description = Error - 27.02.2012 13:50:46 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7034 Description = Error - 27.02.2012 13:51:24 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7030 Description = Error - 27.02.2012 13:56:33 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7030 Description = Error - 27.02.2012 14:05:00 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7030 Description = Error - 27.02.2012 15:32:41 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7026 Description = Error - 27.02.2012 16:57:39 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7026 Description = Error - 28.02.2012 11:20:14 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7026 Description = < End of report > HTML-Code: ComboFix 12-02-25.02 - Christian 27.02.2012 18:52:15.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2813.1866 [GMT 1:00] ausgeführt von:: c:\users\Christian\Downloads\comboFix.exe Benutzte Befehlsschalter :: /u AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((( Dateien erstellt von 2012-01-27 bis 2012-02-27 )))))))))))))))))))))))))))))) . . 2012-02-27 18:04 . 2012-02-27 18:05 -------- d-----w- c:\users\Christian\AppData\Local\temp 2012-02-27 18:04 . 2012-02-27 18:04 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-26 17:32 . 2012-02-26 17:44 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-26 16:59 . 2012-02-26 16:59 -------- d-----w- c:\users\Christian\AppData\Roaming\Malwarebytes 2012-02-26 16:59 . 2012-02-26 16:59 -------- d-----w- c:\programdata\Malwarebytes 2012-02-26 16:59 . 2012-02-26 16:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-02-26 16:59 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-26 14:24 . 2012-02-26 17:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-02-26 14:24 . 2012-02-26 17:33 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-02-26 13:35 . 2012-02-26 13:35 -------- d-----w- c:\users\Christian\AppData\Roaming\QuickScan 2012-02-21 15:25 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A805C5D-E193-48EA-AAE3-DE59AAA241C8}\mpengine.dll 2012-02-16 06:54 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-16 06:54 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys 2012-02-09 10:23 . 2012-02-09 10:23 -------- d-----w- c:\users\Christian\AppData\Roaming\Avira 2012-02-09 10:22 . 2012-02-16 20:35 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-02-09 10:22 . 2011-12-15 14:00 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-02-09 10:22 . 2011-12-15 14:00 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-02-09 10:22 . 2012-02-09 10:22 -------- d-----w- c:\programdata\Avira 2012-02-09 10:22 . 2012-02-09 10:22 -------- d-----w- c:\program files\Avira 2012-02-02 20:16 . 2012-02-02 20:16 -------- d-----w- c:\program files\MSECache 2012-02-02 19:41 . 2012-02-02 19:41 -------- d-----w- c:\users\Christian\AppData\Roaming\pdfforge 2012-02-02 19:41 . 2001-10-28 16:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll 2012-02-02 19:41 . 1998-06-24 00:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX 2012-02-02 19:41 . 1998-07-06 17:56 125712 ----a-w- c:\windows\system32\VB6DE.DLL 2012-02-02 19:41 . 1998-07-06 17:55 158208 ----a-w- c:\windows\system32\MSCMCDE.DLL 2012-02-02 19:41 . 1998-07-06 17:55 64512 ----a-w- c:\windows\system32\MSCC2DE.DLL 2012-02-02 19:41 . 1998-07-06 00:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL 2012-02-02 19:41 . 2012-02-02 19:41 -------- d-----w- c:\program files\PDFCreator 2012-01-31 17:44 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-01-31 17:44 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll 2012-01-31 17:44 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll 2012-01-31 17:44 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2012-01-31 17:44 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll 2012-01-31 17:44 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-29 04:10 . 2009-10-04 10:40 237072 ------w- c:\windows\system32\MpSigStub.exe 2011-12-11 10:25 . 2011-05-24 20:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-22 20:23 . 2011-05-03 12:57 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2010-08-23 16:30 . 2010-01-11 14:08 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2009-05-20 2085400] . [HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}] 2009-05-20 17:05 2085400 ----a-w- c:\program files\Softonic_Deutsch\tbSoft.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2009-05-20 2085400] . [HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2009-05-20 2085400] . [HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "Eraser"="c:\program files\Eraser\Eraser.exe" [2007-12-22 916240] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ wkcalrem.LNK - c:\program files\Microsoft Works\WkCalRem.exe [2007-6-20 46432] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2010-12-2 6144] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GOEC62~1.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Christian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^UDPixel.lnk] path=c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UDPixel.lnk backup=c:\windows\pss\UDPixel.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain] 2008-03-19 12:35 716800 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software] 2008-04-29 09:33 417792 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-12-10 09:02 216520 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser] 2007-12-22 23:03 916240 ----a-w- c:\program files\Eraser\Eraser.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2010-08-23 16:30 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 14:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON] 2007-10-31 21:01 54608 ----a-w- c:\program files\TOSHIBA\TBS\HSON.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2006-12-06 01:44 366400 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-06-29 05:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2008-04-08 13:14 6037504 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] 2007-11-20 16:15 1826816 ----a-w- c:\windows\SkyTel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView] 2008-01-25 12:33 509816 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2008-01-21 10:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-04-08 10:22 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2007-12-06 17:12 1029416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi] 2007-07-10 07:24 581632 ----a-w- c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration] 2008-01-11 02:07 574864 ----a-w- c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPRO] 2009-04-21 15:36 1045904 ----a-w- c:\program files\Toshiba TEMPRO\TemproTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain] 2008-01-17 15:27 431456 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhalt des "geplante Tasks" Ordners . 2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-15 09:22] . 2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-15 09:22] . 2010-12-17 c:\windows\Tasks\User_Feed_Synchronization-{457DAF69-C04F-4A64-A6ED-701858349FE1}.job - c:\windows\system32\msfeedssync.exe [2012-02-16 04:44] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://google.de/ IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Save YouTube Video as MP3 TCP: DhcpNameServer = FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\fhpsr1wz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - WEB.DE Suche FF - prefs.js: browser.startup.homepage - www.t-online.de FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb110/?loc=IB_DS&a=6OypKk47Yy&&i=26&search= FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OypKk47Yy&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - fa77c93b00000000000000216373587b FF - user.js: extensions.incredibar_i.hardId - fa77c93b00000000000000216373587b FF - user.js: extensions.incredibar_i.instlDay - 15353 FF - user.js: extensions.incredibar_i.vrsn - FF - user.js: extensions.incredibar_i.vrsni - FF - user.js: extensions.incredibar_i.vrsnTs - FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6OypKk47Yy FF - user.js: extensions.incredibar_i.upn2n - 92260721897947750 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10556 FF - user.js: extensions.incredibar_i.ppd - 1000 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2012-02-27 19:05 Windows 6.0.6002 Service Pack 2 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Zeit der Fertigstellung: 2012-02-27 19:15:47 ComboFix-quarantined-files.txt 2012-02-27 18:15 . Vor Suchlauf: 11 Verzeichnis(se), 102.601.326.592 Bytes frei Nach Suchlauf: 13 Verzeichnis(se), 102.595.149.824 Bytes frei . - - End Of File - - 805A5E16C8D4AAAED64B62B2D803136D |
![]() | #2 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() thealltimes.com entfernt logfiles prüfenZitat:
Der TDSS-Killer ist genauso wie CF ein sehr spezielles Tool und sollte niemals auf eigene Anweisung hin ausgeführt werden! Wenn du Pech hast, hast du dir mit dem TDSS-Killer wichtige Treiber/Dienste zerschossen. Zitat:
__________________ |
![]() |
Themen zu thealltimes.com entfernt logfiles prüfen |
0x00000001, 32 bit, acrobat update, antivir, autorun, avira, bho, combofix, computer, conduit, eraser, error, excel, firefox, flash player, google earth, home, intranet, mozilla thunderbird, mp3, mystart, nodrives, office 2007, officejet, picasa, plug-in, problem, realtek, registry, rundll, safer networking, scan, security, senden, softonic, softonic deutsch toolbar, software, sophos anti-rootkit, svchost, system, thealltimes.com, usb, usb 2.0, vista, windows-sicherheitscenter |