|
Plagegeister aller Art und deren Bekämpfung: Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dllWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.12.2009, 08:50 | #1 |
| Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll Hallo, habe den lästigen Trojaner tdlclk.dll, das Trojanische Pferd TR/PCK.Tdss.Z.230 auf meinem Rechner. Wird erkannt, lässt sich aber mit keinem Tool beseitigen und kommt immer wieder. Habe hier im Forum schon einiges gelesen und Tools getestet, leider ohne Erfolg. Weiss jemand Rat? Gruss Wolle |
05.12.2009, 13:36 | #3 |
| Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll Hallo Angel21,
__________________danke das du dich meiner annimmst. Habe also alle Progs beendet und GMER laufen lassen. Hier das Protokoll: PHP-Code: thx wolle |
05.12.2009, 13:50 | #4 |
| Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll Bitte künftig die Logs nicht in PHP Code Tags posten. Das erschwert die Übersicht über das Log nur. ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Besonders hartnäckige Malware erkennt eine combofix.exe und würde sich vor ihr gezielt verstecken! Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten. Poste alle Logfiles bitte mit Codetags umschlossen (#-Button) also so: [HTML] Code:
ATTFilter Hier das Logfile rein!
__________________ Avira Upgrade 10 ist auf dem Markt! Agressive Einstellung von Avira What goes around comes around! |
06.12.2009, 08:56 | #5 |
| Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll Hallo Angel21, ich verzweifel so langsam am combofix, habe schon ca. 20 mal die Ausführung gestartet und irgendwann kommt ein Bluescreen mit schwerem Ausnahmefehler. Einige male schafft es combo bis zum Neustart und Schritt 4, dann die Fehlermeldung (Ausnahmefehler adresse etc.). Manchmal kommt der Bluescreen schon vor dem Neustart. Bis dahin alles nach Vorgaben erledigt. Alle Progs beendet, Virenprog deinstalliert, mit CCleaner alles gescannt und Fehler entfernt oder behoben. combofix in smss umbenannt und natürlich alle Tools als Administrator gestartet. Was nun??? Habe ich was übersehen?? Ist der Trojaner mit einer Formatierung als letzte Möglichkeit zu beseitigen? Gruss Wolle |
06.12.2009, 10:10 | #6 |
| Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll Hast du Combofix auch VOR dem auf dem Desktop zu gelangen umbenannt? Kam bei der Fehlermeldung vielleicht mehr als nur "schwerer Ausnahmefehler?"
__________________ --> Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll |
06.12.2009, 12:18 | #7 |
| Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll Hallo Angel21, nein habe combo natürlich als combo auf dem Desktop gespeichert und dann umbenannt. Dann werde ich es nochmal anders versuchen. Die Datei welche den Absturz verursacht nennt sich übrigens catchme.sys Hört sich so an wie "wir holen dich wir kriegen dich" Gruss wolle |
06.12.2009, 12:31 | #8 |
| Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll Hallo, start - ausführen - combofix /u eingeben, ausführen...... Dann nochmal Combofix diesmal _MIT_ Rechtsklick -> Ziel speichern unter... *smss.exe umbenennen* speichern. Hast du eine Windows CD?
__________________ Avira Upgrade 10 ist auf dem Markt! Agressive Einstellung von Avira What goes around comes around! Geändert von Angel21 (06.12.2009 um 12:50 Uhr) |
06.12.2009, 21:05 | #9 |
| Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll Hallo angel21, bin am verzweifeln. Immer wieder blue screen. Alles versucht combofix /u bis er wirklich deinstalliert ist. Neu runtergeladen auf Desktop unter smss. Ausgeführt bis Neustart mit Administratorrechten, bluescreen. Unter abgesichertem Modus ausgeführt, blue screen. Was nun? Formatierung sollte nun wirklich der allerletzte Ausweg sein. Gruss Wolle |
06.12.2009, 21:24 | #10 |
| Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs %SYSTEMDRIVE%\*.exe %SYSTEMDRIVE%\eventlog.dll /s /md5 %SYSTEMDRIVE%\scecli.dll /s /md5 %SYSTEMDRIVE%\netlogon.dll /s /md5 %SYSTEMDRIVE%\cngaudit.dll /s /md5 %SYSTEMDRIVE%\sceclt.dll /s /md5 %SYSTEMDRIVE%\ntelogon.dll /s /md5 %SYSTEMDRIVE%\logevent.dll /s /md5 %SYSTEMDRIVE%\iaStor.sys /s /md5 %SYSTEMDRIVE%\nvstor.sys /s /md5 %SYSTEMDRIVE%\atapi.sys /s /md5 %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 %SYSTEMDRIVE%\viasraid.sys /s /md5 %SYSTEMDRIVE%\AGP440.sys /s /md5 %SYSTEMDRIVE%\vaxscsi.sys /s /md5 %SYSTEMDRIVE%\nvatabus.sys /s /md5
__________________ Avira Upgrade 10 ist auf dem Markt! Agressive Einstellung von Avira What goes around comes around! |
06.12.2009, 22:15 | #11 |
| Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll Hallo, OTL ist also ohne Probleme durchgelaufen. Hier die Protokolle OTLTxt Code:
ATTFilter OTL logfile created on: 06.12.2009 21:46:12 - Run 1 OTL by OldTimer - Version 3.1.11.8 Folder = C:\Users\Eifel-Kaffee 2\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18828) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1021,32 Mb Total Physical Memory | 491,20 Mb Available Physical Memory | 48,10% Memory free 2,25 Gb Paging File | 1,50 Gb Available in Paging File | 66,77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,53 Gb Total Space | 44,20 Gb Free Space | 59,31% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TOSHIBA Current User Name: Eifel-Kaffee 2 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009.12.06 21:44:53 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Users\Eifel-Kaffee 2\Desktop\OTL.exe PRC - [2009.11.10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe PRC - [2009.07.02 13:29:14 | 00,161,080 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe PRC - [2009.07.02 13:28:18 | 00,132,408 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!Fernzugang\certsrv.exe PRC - [2009.07.02 13:27:30 | 00,267,576 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!Fernzugang\avmike.exe PRC - [2009.04.11 07:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:20 | 00,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe PRC - [2009.03.30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.03.30 16:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.02.09 09:26:10 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe PRC - [2008.08.14 10:40:44 | 00,103,720 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe PRC - [2008.08.14 10:40:36 | 01,348,904 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2008.08.14 10:14:20 | 00,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe PRC - [2008.07.11 13:22:56 | 00,251,184 | ---- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe PRC - [2008.02.02 02:20:34 | 00,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe PRC - [2008.01.18 23:33:40 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe PRC - [2007.05.31 08:21:28 | 00,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdcBase.exe PRC - [2006.10.31 21:40:16 | 00,077,824 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe ========== Modules (SafeList) ========== MOD - [2009.12.06 21:44:53 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Users\Eifel-Kaffee 2\Desktop\OTL.exe MOD - [2009.04.11 07:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2009.11.10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service) SRV - [2009.11.06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService) SRV - [2009.10.30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService) SRV - [2009.09.25 02:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009.07.02 13:29:14 | 00,161,080 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe -- (nwtsrv) SRV - [2009.07.02 13:28:18 | 00,132,408 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!Fernzugang\certsrv.exe -- (certsrv) SRV - [2009.07.02 13:27:30 | 00,267,576 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!Fernzugang\avmike.exe -- (avmike) SRV - [2009.06.05 19:11:31 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9e60912df045e) Google Update Service (gupdate1c9e60912df045e) SRV - [2009.06.05 19:10:57 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2009.03.30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.02.09 09:26:10 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc) SRV - [2009.02.09 09:26:02 | 00,360,192 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2008.12.11 13:31:36 | 00,027,904 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2008.11.04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008.07.11 13:22:56 | 00,251,184 | ---- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService) SRV - [2008.02.02 02:20:34 | 00,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe -- (PDFProFiltSrv) SRV - [2008.01.18 23:38:26 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.16 19:14:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12) SRV - [2008.01.16 19:14:18 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12) SRV - [2007.11.06 21:16:54 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08) SRV - [2007.11.06 21:16:54 | 00,139,264 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc) SRV - [2007.10.14 21:15:52 | 00,663,552 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC) SRV - [2007.06.29 19:16:56 | 00,800,040 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService) SRV - [2007.06.27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2007.05.31 08:21:24 | 00,379,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 08:21:18 | 00,183,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2006.11.02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart) SRV - [2006.10.31 21:40:16 | 00,077,824 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2006.10.26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\URLSearchHook: {D3F669EB-57CE-4f45-8FBD-E245CBB46366} - C:\Program Files\STOPzilla!\Toolbar\SZIESearchHook.dll (iS3 Inc.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Live Search" FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q=" FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://home.1und1.de/?__rd=ac170c22xtxW8xC9yO8OVP97HK2fqJ2X&origin[site]=MX.EUE.DE&origin[page]=index&ucuoId=MX.EUE.DE-20090603131513-ac170c57ItANZhiKpcylKQjev0Cg9FOO-S1" FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0 FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.4.0 FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.3.1 FF - prefs.js..keyword.URL: "http://www.ask.com/web?&o=13048&l=dis&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009.04.03 07:29:11 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{780044d1-e8c0-488f-8059-4522ddbfc2ea}: C:\Program Files\Stopzilla!\Toolbar\Extension [2009.12.06 16:29:48 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.11.07 07:48:12 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.11.21 22:26:58 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009.11.27 22:48:58 | 00,000,000 | ---D | M] [2008.10.27 08:32:37 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\mozilla\Extensions [2009.12.06 18:10:46 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\mozilla\Firefox\Profiles\myz50cwr.default\extensions [2009.07.18 18:46:36 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\mozilla\Firefox\Profiles\myz50cwr.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} [2009.07.18 18:46:36 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\mozilla\Firefox\Profiles\myz50cwr.default\extensions\{31513E58-F253-47ad-86DB-D5F21E905429} [2009.07.18 18:46:36 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\mozilla\Firefox\Profiles\myz50cwr.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048} [2009.08.08 21:55:36 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\mozilla\Firefox\Profiles\myz50cwr.default\extensions\de-DE@dictionaries.addons.mozilla.org [2009.11.30 09:01:05 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\mozilla\Firefox\Profiles\myz50cwr.default\extensions\fb_add_on@avm.de [2009.02.21 12:48:32 | 00,001,632 | ---- | M] () -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\Mozilla\FireFox\Profiles\myz50cwr.default\searchplugins\live-search.xml [2009.12.06 18:10:46 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009.09.09 06:45:22 | 00,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.09.09 06:45:22 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2009.09.09 06:45:22 | 00,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.09.10 20:00:40 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.09.09 06:45:22 | 00,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: (743 bytes) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (ZILLAbar Browser Helper Object) - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\Toolbar\SZSG.dll (iS3, Inc) O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (STOPzilla) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\Toolbar\SZSG.dll (iS3, Inc) O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation) O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present O8 - Extra context menu item: Mit Nuance PDF Converter 5.0 öffnen - C:\Program Files\Nuance\PDF Professional 5\cnvres_ger.dll (Nuance Communications, Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2006.09.18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{877d5d91-b154-11dd-8dd3-00a0d130cf35}\Shell - "" = AutoRun O33 - MountPoints2\{877d5d91-b154-11dd-8dd3-00a0d130cf35}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{a56b087e-7b62-11de-8502-00a0d130cf35}\Shell - "" = AutoRun O33 - MountPoints2\{a56b087e-7b62-11de-8502-00a0d130cf35}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{a56b08c2-7b62-11de-8502-00a0d130cf35}\Shell - "" = AutoRun O33 - MountPoints2\{a56b08c2-7b62-11de-8502-00a0d130cf35}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{c0fef388-7f4e-11de-804d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{c0fef388-7f4e-11de-804d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{c0fef3e4-7f4e-11de-804d-00a0d130cf35}\Shell - "" = AutoRun O33 - MountPoints2\{c0fef3e4-7f4e-11de-804d-00a0d130cf35}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{c0fef3e6-7f4e-11de-804d-00a0d130cf35}\Shell - "" = AutoRun O33 - MountPoints2\{c0fef3e6-7f4e-11de-804d-00a0d130cf35}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{c0fef3f1-7f4e-11de-804d-00a0d130cf35}\Shell - "" = AutoRun O33 - MountPoints2\{c0fef3f1-7f4e-11de-804d-00a0d130cf35}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{c0fef3f3-7f4e-11de-804d-00a0d130cf35}\Shell - "" = AutoRun O33 - MountPoints2\{c0fef3f3-7f4e-11de-804d-00a0d130cf35}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{c0fef3fd-7f4e-11de-804d-00a0d130cf35}\Shell - "" = AutoRun O33 - MountPoints2\{c0fef3fd-7f4e-11de-804d-00a0d130cf35}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{c0fef422-7f4e-11de-804d-00a0d130cf35}\Shell - "" = AutoRun O33 - MountPoints2\{c0fef422-7f4e-11de-804d-00a0d130cf35}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2008.10.28 11:15:47 | 00,000,000 | ---D | M] NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found ========== Files/Folders - Created Within 14 Days ========== [2009.12.06 21:44:51 | 00,537,088 | ---- | C] (OldTimer Tools) -- C:\Users\Eifel-Kaffee 2\Desktop\OTL.exe [2009.12.06 20:25:21 | 00,000,000 | --SD | C] -- C:\cf [2009.12.06 18:20:51 | 00,000,000 | ---D | C] -- C:\Users\Eifel-Kaffee 2\AppData\Local\Threat Expert [2009.12.06 16:30:26 | 00,000,000 | ---D | C] -- C:\ProgramData\SITEguard [2009.12.06 16:29:15 | 00,000,000 | ---D | C] -- C:\Program Files\STOPzilla! [2009.12.06 16:29:14 | 00,000,000 | ---D | C] -- C:\ProgramData\STOPzilla! [2009.12.06 16:29:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3 [2009.12.06 15:05:44 | 00,000,000 | ---D | C] -- C:\Qoobox [2009.12.06 08:41:28 | 00,000,000 | ---D | C] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\MozBackup [2009.12.06 08:33:38 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2009.12.05 21:27:52 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2009.12.05 21:27:52 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2009.12.05 21:27:52 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2009.12.05 21:27:52 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2009.12.05 08:53:55 | 01,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll [2009.12.05 08:53:55 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll [2009.12.05 08:53:55 | 00,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll [2009.12.05 08:52:26 | 00,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys [2009.12.05 08:52:26 | 00,098,600 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys [2009.12.05 08:52:20 | 00,207,792 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys [2009.12.05 08:52:19 | 00,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys [2009.12.05 08:51:59 | 00,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys [2009.12.05 08:51:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2009.12.05 08:51:37 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor [2009.12.05 08:51:37 | 00,000,000 | ---D | C] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\PC Tools [2009.12.05 08:51:37 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2009.12.03 21:24:44 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009.12.03 21:24:42 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2009.12.03 19:43:07 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT [2009.11.30 09:11:09 | 00,050,480 | ---- | C] (AVM Berlin) -- C:\Windows\System32\AvmColorFaxRender.dll [2009.11.30 09:11:09 | 00,046,384 | ---- | C] (AVM Berlin) -- C:\Windows\System32\AvmFaxRender.dll [2009.11.30 09:11:09 | 00,024,880 | ---- | C] (AVM Berlin) -- C:\Windows\System32\FritzVistaMon.dll [2009.11.30 09:11:09 | 00,024,880 | ---- | C] (AVM Berlin) -- C:\Windows\System32\FritzVistaColorMon.dll [2009.11.30 09:11:08 | 00,451,888 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\System32\HHActiveX.dll [2009.11.30 09:11:08 | 00,054,576 | ---- | C] (AVM Berlin GmbH) -- C:\Windows\System32\FritzPort.dll [2009.11.30 09:11:08 | 00,054,576 | ---- | C] (AVM Berlin GmbH) -- C:\Windows\System32\FritzColorPort.dll [2009.11.30 09:11:08 | 00,042,288 | ---- | C] (AVM Berlin GmbH) -- C:\Windows\System32\Fridru32.dll [2009.11.30 09:11:07 | 00,000,000 | ---D | C] -- C:\ProgramData\ISDNWatch [2009.11.30 09:11:07 | 00,000,000 | ---D | C] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\FRITZ!fax für FRITZ!Box [2009.11.29 21:24:43 | 00,000,000 | ---D | C] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\ImgBurn [2009.11.29 21:20:25 | 00,000,000 | ---D | C] -- C:\Program Files\ImgBurn [2009.11.28 16:55:09 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner [2009.11.28 10:41:24 | 00,000,000 | ---D | C] -- C:\AVZ [2009.11.28 10:37:16 | 00,000,000 | ---D | C] -- C:\Users\Eifel-Kaffee 2\Desktop\Virus [2009.11.23 20:23:34 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2009.11.22 22:37:44 | 00,000,000 | ---D | C] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\Malwarebytes [2009.11.22 22:35:52 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2009.11.22 22:35:02 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware ========== Files - Modified Within 14 Days ========== [2009.12.06 21:45:07 | 03,932,160 | ---- | M] () -- C:\Users\Eifel-Kaffee 2\ntuser.dat [2009.12.06 21:44:53 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Users\Eifel-Kaffee 2\Desktop\OTL.exe [2009.12.06 21:43:27 | 00,012,800 | ---- | M] () -- C:\Windows\System32\tdlclk.dll [2009.12.06 21:40:00 | 00,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2009.12.06 21:18:20 | 00,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2009.12.06 21:00:02 | 00,000,518 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2009.12.06 20:38:24 | 00,023,552 | ---- | M] () -- C:\Windows\System32\tdlcmd.dll [2009.12.06 20:35:39 | 00,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2009.12.06 20:33:53 | 00,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2009.12.06 20:33:47 | 00,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2009.12.06 20:33:41 | 00,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009.12.06 20:33:41 | 00,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009.12.06 20:33:40 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2009.12.06 20:33:21 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2009.12.06 20:24:34 | 03,581,761 | R--- | M] () -- C:\Users\Eifel-Kaffee 2\Desktop\cf.exe [2009.12.06 20:07:48 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2009.12.06 20:07:29 | 00,524,288 | -HS- | M] () -- C:\Users\Eifel-Kaffee 2\ntuser.dat{1b370249-9f60-11de-b589-00a0d130cf35}.TMContainer00000000000000000001.regtrans-ms [2009.12.06 20:07:29 | 00,065,536 | -HS- | M] () -- C:\Users\Eifel-Kaffee 2\ntuser.dat{1b370249-9f60-11de-b589-00a0d130cf35}.TM.blf [2009.12.06 18:47:42 | 00,000,328 | ---- | M] () -- C:\Windows\System32\drivers\kgpfr2.cfg [2009.12.06 18:47:39 | 00,001,288 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg [2009.12.06 18:15:08 | 00,000,093 | ---- | M] () -- C:\Users\Eifel-Kaffee 2\Desktop\Viren- und Spywareschutz und Schutz vor schädlicher Software Microsoft Security Essentials.URL [2009.12.06 16:36:06 | 02,492,046 | -H-- | M] () -- C:\Users\Eifel-Kaffee 2\AppData\Local\IconCache.db [2009.12.06 15:28:04 | 00,061,056 | ---- | M] () -- C:\Users\Eifel-Kaffee 2\AppData\Local\GDIPFONTCACHEV1.DAT [2009.12.06 09:06:53 | 00,001,604 | ---- | M] () -- C:\Users\Eifel-Kaffee 2\Documents\cc_20091206_090649.reg [2009.12.04 19:59:35 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2009.12.04 19:59:34 | 00,049,664 | ---- | M] () -- C:\Users\Eifel-Kaffee 2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.12.03 21:35:23 | 00,269,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2009.12.03 21:04:17 | 00,006,404 | ---- | M] () -- C:\Users\Eifel-Kaffee 2\Documents\cc_20091203_210409.reg [2009.11.29 10:52:41 | 00,051,942 | ---- | M] () -- C:\Users\Eifel-Kaffee 2\Desktop\Kenwwod - PayPal.pdf [2009.11.29 10:34:38 | 00,000,139 | ---- | M] () -- C:\Users\Eifel-Kaffee 2\Desktop\powernetshop.de - Detailansicht.URL [2009.11.28 17:01:01 | 00,026,418 | ---- | M] () -- C:\Users\Eifel-Kaffee 2\Documents\cc_20091128_170050.reg [2009.11.27 22:15:00 | 01,418,612 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2009.11.27 22:15:00 | 00,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2009.11.27 22:15:00 | 00,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2009.11.27 22:15:00 | 00,122,648 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2009.11.27 22:15:00 | 00,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2009.11.23 20:24:29 | 00,000,743 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2009.11.22 23:37:43 | 00,019,944 | ---- | M] () -- C:\Windows\System32\drivers\atapi(46).sys ========== Files Created - No Company Name ========== [2009.12.06 20:23:06 | 00,023,552 | ---- | C] () -- C:\Windows\System32\tdlcmd.dll [2009.12.06 20:02:42 | 00,260,608 | ---- | C] () -- C:\Windows\PEV.exe [2009.12.06 18:58:11 | 00,012,800 | ---- | C] () -- C:\Windows\System32\tdlclk.dll [2009.12.06 18:47:42 | 00,000,328 | ---- | C] () -- C:\Windows\System32\drivers\kgpfr2.cfg [2009.12.06 18:46:03 | 00,001,288 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg [2009.12.06 18:15:08 | 00,000,093 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\Desktop\Viren- und Spywareschutz und Schutz vor schädlicher Software Microsoft Security Essentials.URL [2009.12.06 16:22:00 | 03,581,761 | R--- | C] () -- C:\Users\Eifel-Kaffee 2\Desktop\cf.exe [2009.12.06 09:06:52 | 00,001,604 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\Documents\cc_20091206_090649.reg [2009.12.05 21:27:52 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe [2009.12.05 21:27:52 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe [2009.12.05 21:27:52 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2009.12.05 21:27:52 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe [2009.12.05 08:53:57 | 00,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll [2009.12.05 08:53:56 | 00,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml [2009.12.05 08:53:56 | 00,000,880 | ---- | C] () -- C:\Windows\RegISSImport.xml [2009.12.05 08:53:55 | 01,152,444 | ---- | C] () -- C:\Windows\UDB.zip [2009.12.05 08:53:55 | 00,000,131 | ---- | C] () -- C:\Windows\IDB.zip [2009.12.05 08:52:26 | 00,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat [2009.12.05 08:52:20 | 00,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat [2009.12.05 08:52:20 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat [2009.12.05 08:51:59 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat [2009.12.03 21:04:11 | 00,006,404 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\Documents\cc_20091203_210409.reg [2009.11.29 10:52:40 | 00,051,942 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\Desktop\Kenwwod - PayPal.pdf [2009.11.29 10:34:38 | 00,000,139 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\Desktop\powernetshop.de - Detailansicht.URL [2009.11.28 17:00:57 | 00,026,418 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\Documents\cc_20091128_170050.reg [2009.11.15 12:37:55 | 00,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.09.17 20:44:02 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.17 20:43:20 | 00,019,944 | ---- | C] () -- C:\Windows\System32\drivers\atapi(46).sys [2009.08.03 20:54:36 | 00,000,020 | ---- | C] () -- C:\Windows\tm.ini [2009.08.03 20:49:04 | 00,130,560 | ---- | C] () -- C:\Windows\System32\ZipDll.dll [2009.07.31 07:06:03 | 00,000,082 | ---- | C] () -- C:\Windows\odbc_merge.INI [2009.05.01 19:41:36 | 00,000,680 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\AppData\Local\d3d9caps.dat [2009.03.08 08:18:28 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.03.08 08:14:20 | 00,288,627 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\AppData\Local\yqiui_nav.dat [2009.03.08 08:13:50 | 00,002,973 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\AppData\Local\yqiui.dat [2009.03.08 08:13:50 | 00,000,322 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\AppData\Local\yqiui_navps.dat [2009.03.08 08:13:50 | 00,000,097 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\AppData\Local\yqiui.bat [2009.02.09 20:45:57 | 00,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2008.12.10 19:55:10 | 00,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll [2008.12.10 19:53:30 | 00,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll [2008.12.10 19:53:18 | 00,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll [2008.11.07 20:16:48 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.11.03 20:02:36 | 00,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2008.11.03 18:17:40 | 00,049,664 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.10.30 09:49:34 | 00,000,022 | ---- | C] () -- C:\ProgramData\8f01a90e-7eb3-48d3-93b1-50d88fd146fb [2008.10.30 08:00:19 | 00,001,551 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2008.10.26 20:46:55 | 00,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2006.11.02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.10.31 16:37:00 | 00,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.08.10 14:00:52 | 00,094,208 | ---- | C] () -- C:\Windows\System32\TosBtHcrpAPI.dll [2006.06.02 11:54:00 | 00,015,648 | ---- | C] () -- C:\Windows\UN060501.INI [2005.07.22 20:30:20 | 00,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll ========== LOP Check ========== [2009.09.23 17:01:05 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\1&1 [2009.03.14 08:26:38 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\AceBIT [2009.07.28 11:58:04 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\Bytemobile [2009.11.17 09:09:10 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\FileZilla [2009.08.25 06:51:32 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\FRITZ! [2009.11.30 09:11:07 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\FRITZ!fax für FRITZ!Box [2009.11.30 20:01:42 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\GoodSync [2009.07.28 11:59:05 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\HCM Updater [2009.08.03 20:31:17 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\hed [2009.11.29 21:27:48 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\ImgBurn [2009.11.12 08:11:53 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\Internet-Radio Player [2009.04.24 06:41:00 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\Internetradio Player [2009.06.03 08:00:23 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\IrfanView [2009.11.11 09:04:39 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\Lexware [2009.12.06 08:41:28 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\MozBackup [2009.11.15 18:49:31 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\NASNaviator2 [2009.05.21 07:49:56 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\phonostar-Player [2009.02.08 20:32:05 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\RapidSolution [2008.10.27 08:34:54 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\Thunderbird [2009.05.04 19:44:11 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\Toshiba [2009.02.09 09:01:00 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\TuneUp Software [2008.10.27 11:01:23 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\Uniblue [2009.12.06 18:09:39 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\UseNeXT [2008.10.27 08:19:27 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\Zeon [2009.12.06 21:00:02 | 00,000,518 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job [2009.12.06 20:07:51 | 00,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < %SYSTEMDRIVE%\eventlog.dll /s /md5 > < %SYSTEMDRIVE%\scecli.dll /s /md5 > [2009.04.11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2008.01.18 23:36:20 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < %SYSTEMDRIVE%\netlogon.dll /s /md5 > [2009.04.11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2008.01.18 23:35:38 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll [2009.04.11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll < %SYSTEMDRIVE%\cngaudit.dll /s /md5 > [2006.11.02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < %SYSTEMDRIVE%\sceclt.dll /s /md5 > < %SYSTEMDRIVE%\ntelogon.dll /s /md5 > < %SYSTEMDRIVE%\logevent.dll /s /md5 > < %SYSTEMDRIVE%\iaStor.sys /s /md5 > < %SYSTEMDRIVE%\nvstor.sys /s /md5 > [2006.11.02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2008.01.18 23:42:10 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2006.11.02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.18 23:42:10 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < %SYSTEMDRIVE%\atapi.sys /s /md5 > [2009.04.11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\atapi.sys [2008.10.26 21:11:29 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2009.04.11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2006.11.02 10:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.01.18 23:41:32 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.10.26 21:11:29 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.10.26 21:11:29 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys [2008.01.18 23:41:32 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2009.04.11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys < %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 > < %SYSTEMDRIVE%\viasraid.sys /s /md5 > < %SYSTEMDRIVE%\AGP440.sys /s /md5 > [2006.11.02 10:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.18 23:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2006.11.02 10:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys [2008.01.18 23:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.18 23:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.18 23:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys < %SYSTEMDRIVE%\vaxscsi.sys /s /md5 > < %SYSTEMDRIVE%\nvatabus.sys /s /md5 > ========== Alternate Data Streams ========== @Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E29ACA54 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report > |
06.12.2009, 22:17 | #12 |
| Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll Und Extras.Txt Code:
ATTFilter OTL Extras logfile created on: 06.12.2009 21:46:12 - Run 1 OTL by OldTimer - Version 3.1.11.8 Folder = C:\Users\Eifel-Kaffee 2\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18828) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1021,32 Mb Total Physical Memory | 491,20 Mb Available Physical Memory | 48,10% Memory free 2,25 Gb Paging File | 1,50 Gb Available in Paging File | 66,77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,53 Gb Total Space | 44,20 Gb Free Space | 59,31% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TOSHIBA Current User Name: Eifel-Kaffee 2 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1 .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* chm.file [open] -- "%SystemRoot%\hh.exe" %1 cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03AEB1D6-316A-425B-A028-3A5D871E959A}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{0D040324-126B-493C-93C5-0DB64C1F909C}" = rport=138 | protocol=17 | dir=out | app=system | "{0F2A5917-C585-4F47-926C-1F8F17C63767}" = rport=139 | protocol=6 | dir=out | app=system | "{1E4157A5-FE2F-4E6F-89D3-6A10E43C6789}" = lport=10243 | protocol=6 | dir=in | app=system | "{22D84576-5FE4-4906-BBD8-CE102604E9E0}" = lport=5031 | protocol=17 | dir=in | name=avm tapi services for fritz!box - udp 5031 | "{2BA1E7CD-2A7E-4D05-9DC6-113FA9317363}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{30BE8358-4715-4AD9-A37D-945421953053}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{378E1153-B451-413E-810E-04EA72D0ECE9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3D1BC1BC-D9DC-461E-AA8E-2229F9770235}" = lport=2869 | protocol=6 | dir=in | app=system | "{4090A722-3F47-4693-A2CD-511B618ADF75}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{44DCA9C2-7676-4EB5-987A-471E307E2099}" = rport=445 | protocol=6 | dir=out | app=system | "{4B0E4A95-FD0E-4247-B32C-104133EAA1B6}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{4BD8067F-23DE-4C43-BBD7-9904738FF9FD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe | "{5362725E-FCCE-4113-980D-FC9D6218A5DF}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{61DCFD93-B07E-4732-92EE-996E939CAC29}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{64B768D0-5104-4E35-A105-80C69493600F}" = lport=138 | protocol=17 | dir=in | app=system | "{6EE6B1BD-5928-4225-B2CD-852795E11DC6}" = lport=139 | protocol=6 | dir=in | app=system | "{6F0D0BE2-D9A8-4512-A075-1E65E02C428D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6FD3497D-2ADE-4C9F-AA04-49CBA491A052}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{7515502D-6C13-4222-8E93-A2D01B8C3100}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{8395BB33-102F-4B51-9B74-C95578C2D41C}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9123368A-7054-45F2-A8BA-18EC37EF8CB3}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{92A6181C-3995-481A-953D-23EE078C3709}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{9BA1AD5C-AE4E-4C62-96AA-5D342755399D}" = lport=137 | protocol=17 | dir=in | app=system | "{9DEA75B9-CD84-4E21-8EE3-B61229206118}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A0E475FB-9985-4B18-85F3-660F6A62973A}" = rport=2869 | protocol=6 | dir=out | app=system | "{A6DB7D0F-CD12-4DBF-BDBE-46114DABF7A7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AFB0A8BC-7C9A-4AA9-8979-C00E4E5EBC1A}" = rport=137 | protocol=17 | dir=out | app=system | "{D46C9286-C099-4F6E-96E5-55B6543650AC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D4AD6D6F-3668-4AA4-924D-9C556DFE7E7C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=datei- und druckerfreigabe (spoolerdienst - rpc-epmap) | "{D4E70EBD-FE27-4031-9F87-20E6EA2AD255}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{D81B24B6-7588-4197-B3BB-8460BC332BBB}" = rport=10243 | protocol=6 | dir=out | app=system | "{DB2DAD60-1D27-413B-BE5A-57D44CC5E3FF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{DCAF6D3D-6268-46A5-9DC8-13554165C3BE}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E275A021-6254-4CF4-B8DF-43FC2F10E327}" = lport=445 | protocol=6 | dir=in | app=system | "{E6F94FFD-155F-4EC2-A957-FC6E8F3FBE5C}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{EBCF2295-1EF8-478F-9565-CFF53339C3F4}" = lport=2869 | protocol=6 | dir=in | app=system | "{EE530C87-9A37-4C53-8FB6-1BD346852562}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{F1C926D2-EF5F-4907-BB87-DE397B0B51D2}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{F5C76F02-A348-420C-82FC-8D11B300F60C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03EA08DB-8FFC-43D2-810B-9097555DF205}" = protocol=6 | dir=in | app=c:\users\eifel-kaffee 2\appdata\local\apps\2.0\ha4w3e1a.45t\998j5n1q.040\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe | "{073EA634-8750-4776-8CD0-696CACE24895}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{0A5956F1-3486-4488-8694-8F468176E6EB}" = protocol=6 | dir=in | app=c:\program files\tapi services for fritz!box\fboxset.exe | "{1828AD09-ADB7-4B5E-B3B1-21F778D75B0F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{218C0136-1A91-45AA-8EEB-41B6D41BAC6F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{24E10276-E850-4202-A22B-39FCDA5387B3}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{303A9EE8-D018-4DF4-9963-3FC951BE3155}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{313ADBB7-B719-479C-B882-86712257E627}" = protocol=17 | dir=in | app=c:\program files\tapi services for fritz!box\fboxset.exe | "{3B5A23D6-7C22-4DEF-8494-6EA1DF88074F}" = protocol=17 | dir=in | app=c:\users\eifel-kaffee 2\appdata\local\apps\2.0\ha4w3e1a.45t\998j5n1q.040\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe | "{3CDE2F4B-776D-4E26-8D00-607C21574984}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{3D063818-8EEF-4D98-82EA-46DFEDE690C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{50CDBC6D-5623-4D81-942D-FB21B2B3D5C3}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{57215715-11A2-49AF-B505-1E907C0E07F5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{5D5654A1-0123-4E8D-B66F-321B22958312}" = protocol=58 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv6 ausgehend) | "{62322491-D8CD-4FEE-9ACC-D1C13918E513}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | "{63151601-5EB1-4ED5-B4B8-846CEF8EF2B8}" = protocol=6 | dir=in | app=c:\program files\fritz!\igd_finder.exe | "{64013DAF-035F-4235-AD37-B46F8CE3FC2B}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{6698F1BC-EF11-4310-9FBE-64FF9C31E771}" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | "{66DE9A73-C10E-4930-B49E-F7BC59E6BC32}" = protocol=17 | dir=in | app=c:\program files\fritz!\igd_finder.exe | "{8963FFEF-5947-4BD1-B906-80A07C667BA5}" = protocol=1 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv4 ausgehend) | "{89BA1CA1-F071-4C35-BB33-3996A9F38190}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8D831126-B729-43EC-84EE-6D70F6C38AC2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9405FEC9-64A7-46D7-B2BD-50555828DAC1}" = protocol=1 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv4 eingehend) | "{94AAEA25-9ABB-4683-BD9A-C4C2F430C8F8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9820ABE9-8A10-41D8-AB72-A46529685AF9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{99FABDB8-8809-4820-B179-8F1EE7548E13}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{9C90D155-E574-4DF0-AB56-59FD9FAD4EE6}" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | "{A411668E-B050-403E-9CDA-C80836B4195E}" = protocol=6 | dir=in | app=c:\program files\tapi services for fritz!box\igd_finder.exe | "{A6341A6C-E6D2-48D9-861E-74C915912E47}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{B21DB6E8-7839-4EB7-BD12-B0DC35A3D5A0}" = protocol=6 | dir=out | app=system | "{B224000F-69B4-4B1D-9857-A40497F0E220}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C576F0C1-FC4F-4C91-BCDF-9C3850A9BB50}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{C5F6245B-F3DC-4A06-93D7-9B088E2DE39D}" = protocol=6 | dir=in | app=c:\users\eifel-kaffee 2\appdata\local\apps\2.0\ha4w3e1a.45t\998j5n1q.040\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe | "{C8E815EF-B189-4808-A0B7-2B8AA599C198}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D1AFDC57-4E2B-4211-9DB1-AD5741196871}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D2321DE1-67E6-4CFD-A485-2062898F0C31}" = protocol=17 | dir=in | app=c:\users\eifel-kaffee 2\appdata\local\apps\2.0\ha4w3e1a.45t\998j5n1q.040\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe | "{D476F701-18A1-4F74-96CE-CCDEB8624920}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D945F86C-6B1C-4E99-8E3E-1F653B23A936}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DA7F92C4-5E22-4D63-9463-F0536DA2FE42}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | "{DF35FEFE-CBB1-4A18-9358-98E7DF308996}" = protocol=17 | dir=in | app=c:\program files\tapi services for fritz!box\igd_finder.exe | "{E27C0915-4351-46A0-B277-F20355826123}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E67ACE1E-64FC-4346-9999-7108A6A4469A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E8B5DE5C-5B71-4518-869E-07075E90910B}" = protocol=58 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv6 eingehend) | "{EC8E1940-423E-4B97-9FBE-0AD334F538B9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | "{F062CF74-4E50-4C9D-96B7-2B0387A743CD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{1B54E4BE-99AD-4A21-BBCD-5F9746A52162}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe | "TCP Query User{8CFFAFFB-DE3B-490D-A765-43383B7CFD2C}\\eifel-kaffee\share\wolle soft\philips\media manager\philips media manager.exe" = protocol=6 | dir=in | app=\\eifel-kaffee\share\wolle soft\philips\media manager\philips media manager.exe | "TCP Query User{C16C7F39-2BFE-4E53-B353-E35204D68ED4}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{CE31147B-B367-4C47-8670-D7BD68834E41}C:\program files\namo\webeditor 2006\bin\webeditor.exe" = protocol=6 | dir=in | app=c:\program files\namo\webeditor 2006\bin\webeditor.exe | "TCP Query User{F56EDF58-216F-4731-9EBA-90512B088FE1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{0A3F064A-CF55-443D-8142-82EBFEF123C0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{4DCD6078-479D-41F5-BC35-DE1B85698425}C:\program files\namo\webeditor 2006\bin\webeditor.exe" = protocol=17 | dir=in | app=c:\program files\namo\webeditor 2006\bin\webeditor.exe | "UDP Query User{A071577C-F780-4D76-A933-D085C5D356A9}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{C8B70624-17E8-4DE8-A727-840F4F0D9AFC}\\eifel-kaffee\share\wolle soft\philips\media manager\philips media manager.exe" = protocol=17 | dir=in | app=\\eifel-kaffee\share\wolle soft\philips\media manager\philips media manager.exe | "UDP Query User{D5007418-44EF-4B0B-B08B-A97EFDC22CB3}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional "{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer "{0C72C79F-2ECA-4595-B5FB-DDBE62D06B46}" = Lexware Elster "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox "{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent "{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1 "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService "{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax "{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2 "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 13 "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE "{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant "{37888B36-58B5-41C6-BE67-B846BB4809FF}" = iS3 STOPzilla Toolbar "{482019C6-E633-443F-A8D8-96F1915FECC5}" = CAS Interface Studio 8.6c "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout "{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC "{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery "{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport "{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007 "{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_EXCEL_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007 "{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_POWERPOINT_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007 "{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_WORD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_EXCEL_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}_POWERPOINT_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}_WORD_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_EXCEL_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}_POWERPOINT_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_EXCEL_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}_POWERPOINT_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_EXCEL_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}_POWERPOINT_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}_WORD_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_EXCEL_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}_POWERPOINT_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}_WORD_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{980A3C34-1652-472D-84AC-2A4D3D4955BF}" = Namo WebEditor 2006 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel "{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter "{A7B5CF5F-6BB3-4616-950E-0CF3C9A023AD}" = Namo WebUtilities 2006 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch "{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager "{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4 "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan "{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync "{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc "{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext "{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min "{c600ab3d-8b64-41df-bf36-b3d87ce0706b}" = C7200_Help "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg "{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{CECEB0FF-5C45-4b50-9A00-C596E36D88F4}" = C7200 "{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Ultra Edition "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01 "{E11DFB49-0F7A-4FC5-B6D2-AD0A3CA7F152}" = AVM FRITZ!Fernzugang "{EBFF3839-5A5B-400A-B8A2-4A627C4B29B4}" = Nuance PDF Professional 5 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy "{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI "1&1 MultiMessenger" = 1&1 MultiMessenger "1&1 SmartFax" = 1&1 SmartFax "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3 "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6 "Backup4all 3_is1" = Backup4all 3 "Browser Defender_is1" = Browser Defender 2.0.6.11 "CCleaner" = CCleaner "EXCEL" = Microsoft Office Excel 2007 "Fausto" = Fausto "FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box "Google Updater" = Google Updater "HP Imaging Device Functions" = HP Imaging Device Functions 10.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing "HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0 "HPOCR" = OCR Software by I.R.I.S. 10.0 "ImgBurn" = ImgBurn "InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers. "Internet-Radio Player_is1" = Internet-Radio Player Version 2.01.4 "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5) "Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23) "POWERPOINT" = Microsoft Office PowerPoint 2007 "RealPlayer 6.0" = RealPlayer "SetEditArgus" = SetEditArgus (remove only) "Spyware Doctor" = Spyware Doctor 7.0 "SynTPDeinstKey" = Synaptics Pointing Device Driver "SystemRequirementsLab" = System Requirements Lab "TAPI" = AVM TAPI Services for FRITZ!Box "UN060501" = BUFFALO NAS Navigator2 "UseNeXT_is1" = UseNeXT "VLC media player" = VLC media player 0.9.9 "web'n'walk Manager" = web'n'walk Manager "WinRAR archiver" = WinRAR archiver "WORD" = Microsoft Office Word 2007 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "f6791b188d8f3ff8" = AVM FRITZ!Box USB-Fernanschluss ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 06.12.2009 03:31:50 | Computer Name = Toshiba | Source = VSS | ID = 8194 Description = Error - 06.12.2009 03:41:57 | Computer Name = Toshiba | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel 0x49e01da5, fehlerhaftes Modul SHELL32.dll, Version 6.0.6002.18005, Zeitstempel 0x49e037ec, Ausnahmecode 0xc0000005, Fehleroffset 0x002d2c67, Prozess-ID 0x7cc, Anwendungsstartzeit 01ca76441ef2c489. Error - 06.12.2009 03:44:39 | Computer Name = Toshiba | Source = Application Hang | ID = 1002 Description = Programm MozBackup.exe, Version 1.4.8.0 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: fcc Anfangszeit: 01ca764785408ee9 Zeitpunkt der Beendigung: 5 Error - 06.12.2009 07:44:03 | Computer Name = Toshiba | Source = RasClient | ID = 20227 Description = Error - 06.12.2009 09:19:16 | Computer Name = Toshiba | Source = EventSystem | ID = 4609 Description = Error - 06.12.2009 09:19:59 | Computer Name = Toshiba | Source = EventSystem | ID = 4609 Description = Error - 06.12.2009 09:19:59 | Computer Name = Toshiba | Source = VSS | ID = 19 Description = Error - 06.12.2009 09:19:59 | Computer Name = Toshiba | Source = VSS | ID = 8193 Description = Error - 06.12.2009 09:29:37 | Computer Name = Toshiba | Source = EventSystem | ID = 4609 Description = Error - 06.12.2009 10:00:37 | Computer Name = Toshiba | Source = EventSystem | ID = 4609 Description = [ System Events ] Error - 06.12.2009 13:45:17 | Computer Name = Toshiba | Source = Service Control Manager | ID = 7026 Description = Error - 06.12.2009 15:04:37 | Computer Name = Toshiba | Source = Service Control Manager | ID = 7030 Description = Error - 06.12.2009 15:11:19 | Computer Name = Toshiba | Source = Service Control Manager | ID = 7022 Description = Error - 06.12.2009 15:12:57 | Computer Name = Toshiba | Source = Service Control Manager | ID = 7030 Description = Error - 06.12.2009 15:18:06 | Computer Name = Toshiba | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 06.12.2009 um 20:15:57 unerwartet heruntergefahren. Error - 06.12.2009 15:20:07 | Computer Name = Toshiba | Source = Service Control Manager | ID = 7022 Description = Error - 06.12.2009 15:27:47 | Computer Name = Toshiba | Source = Service Control Manager | ID = 7030 Description = Error - 06.12.2009 15:33:25 | Computer Name = Toshiba | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 06.12.2009 um 20:28:55 unerwartet heruntergefahren. Error - 06.12.2009 15:35:25 | Computer Name = Toshiba | Source = Service Control Manager | ID = 7022 Description = Error - 06.12.2009 16:51:58 | Computer Name = Toshiba | Source = ipnathlp | ID = 31004 Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten. [ TuneUp Events ] Error - 22.11.2009 17:37:59 | Computer Name = Toshiba | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-22 22:37:59', '\device\harddiskvolume1\program files\malwarebytes' anti-malware\mbam.exe','4612',0) Error - 22.11.2009 17:40:10 | Computer Name = Toshiba | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-22 22:40:10', '\device\harddiskvolume1\program files\malwarebytes' anti-malware\mbam.exe','5796',0) Error - 22.11.2009 17:42:15 | Computer Name = Toshiba | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-22 22:42:15', '\device\harddiskvolume1\program files\malwarebytes' anti-malware\mbam.exe','6080',0) Error - 22.11.2009 17:57:45 | Computer Name = Toshiba | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-22 22:57:45', '\device\harddiskvolume1\program files\malwarebytes' anti-malware\mbamgui.exe','1864',0) Error - 22.11.2009 17:59:55 | Computer Name = Toshiba | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-22 22:59:55', '\device\harddiskvolume1\program files\malwarebytes' anti-malware\mbam.exe','4600',0) Error - 23.11.2009 03:18:22 | Computer Name = Toshiba | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-23 08:18:21', '\device\harddiskvolume1\program files\malwarebytes' anti-malware\unins000.exe','5164',0) Error - 23.11.2009 03:23:54 | Computer Name = Toshiba | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-23 08:23:54', '\device\harddiskvolume1\program files\malwarebytes' anti-malware\mbam.exe','5996',0) Error - 23.11.2009 03:24:34 | Computer Name = Toshiba | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-23 08:24:34', '\device\harddiskvolume1\program files\malwarebytes' anti-malware\mbamgui.exe','4620',0) Error - 03.12.2009 16:24:50 | Computer Name = Toshiba | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-12-03 21:24:50', '\device\harddiskvolume1\program files\malwarebytes' anti-malware\mbam.exe','3980',0) Error - 03.12.2009 16:25:00 | Computer Name = Toshiba | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-12-03 21:25:00', '\device\harddiskvolume1\program files\malwarebytes' anti-malware\mbam.exe','4728',0) < End of report > Bis Dann, Wolle |
07.12.2009, 14:26 | #13 |
| Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll Hallo, ich möchte dir nicht zu Nahe treten, aber ist dies ein Geschäftsrechner? ist dies deine Seite? Eifel Kaffee
__________________ Avira Upgrade 10 ist auf dem Markt! Agressive Einstellung von Avira What goes around comes around! |
07.12.2009, 16:19 | #14 |
| Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll Hallo Angel21, der Name und die Homepage sind wohl richtig, jedoch dient der Laptop nur der Datensicherung. Wenn dies ein Problem sein sollte kann ich ihn gerne umtaufen :-( Gruss Wolle |
07.12.2009, 20:36 | #15 |
| Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll Hallo, VERSCHIEBE die Atapi.sys aus dem C.\Windows\system32\drivers Ordner bitte auf dem Desktop. Wie gesagt VERSCHIEBEN nicht kopieren. Danach drücke F5 um zu sehen, ob die atapi.sys wieder in dem Ordner drivers ist, wenn ja alles okeh, dann Rechner rebooten und neues GMER Logfile.
__________________ Avira Upgrade 10 ist auf dem Markt! Agressive Einstellung von Avira What goes around comes around! |
Themen zu Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll |
beseitigen, datei, erkannt, forum, getestet, lästige, pferd, teufel, tool, tools, tr/pck.tdss.z.230, troja, trojaner, trojanische, trojanische pferd |