Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.12.2009, 08:50   #1
wfra1
 
Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll - Standard

Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll



Hallo, habe den lästigen Trojaner tdlclk.dll, das Trojanische Pferd TR/PCK.Tdss.Z.230 auf meinem Rechner. Wird erkannt, lässt sich aber mit keinem Tool beseitigen und kommt immer wieder. Habe hier im Forum schon einiges gelesen und Tools getestet, leider ohne Erfolg. Weiss jemand Rat?

Gruss Wolle

Alt 05.12.2009, 10:34   #2
Angel21
 
Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll - Standard

Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll



Hallo,

und willkommen.


Starte bitte GMER und lass es laut Anleitung durchlaufen. Poste dessen Ergebnis in deinen Thread.
__________________

__________________

Alt 05.12.2009, 13:36   #3
wfra1
 
Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll - Standard

Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll



Hallo Angel21,

danke das du dich meiner annimmst.
Habe also alle Progs beendet und GMER laufen lassen. Hier das Protokoll:

PHP-Code:
GMER 1.0.15.15252 http://www.gmer.net
Rootkit scan 2009-12-05 13:24:36
Windows 6.0.6002 Service Pack 2
Running
imjdsm3r.exeDriverC:\Users\EIFEL-~1\AppData\Local\Temp\pwldipow.sys


---- System GMER 1.0.15 ----

SSDT            \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                         ZwCreateProcess [0x8680FCDE]
SSDT            \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                         ZwCreateProcessEx [0x8680FED0]
SSDT            \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                         ZwTerminateProcess [0x8680F984]
SSDT            \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                         ZwCreateUserProcess [0x868100D8]

---- 
Kernel code sections GMER 1.0.15 ----

.
text           ntoskrnl.exe!KeInsertQueue 3F9                                                                     82475A30 8 Bytes  [DEFC8086D0FE80, ...]
.
text           ntoskrnl.exe!KeInsertQueue 811                                                                     82475E48 4 Bytes  [84F98086]
.
text           ntoskrnl.exe!KeInsertQueue 8D5                                                                     82475F0C 4 Bytes  [D8008186]
.
rsrc           C:\Windows\system32\drivers\atapi.sys                                                                entry point in ".rsrc" section [0x82FC3000]

---- 
User IAT/EAT GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[1988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [74877817C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                 [748CA86DC:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]             [7487BB22C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]       [7486F695C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                 [748775E9C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [7486E7CAC:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [748A8395C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]     [7487DA60C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]             [7486FFFAC:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [7486FF61C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]               [748671CFC:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]       [748FCAE2C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [7489C8D8C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]             [7486D968C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                       [74866853C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [7486687EC:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]         [74872AD1C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- 
Devices GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                              tcpipBM.SYS (Bytemobile Kernel Network Provider/BytemobileInc.)

Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                          [82FBF9B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device          \Driver\atapi \Device\Ide\IdePort0                                                                   [82FBF9B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device          \Driver\atapi \Device\Ide\IdePort1                                                                   [82FBF9B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1                                                          [82FBF9B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}

---- 
Registry GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd502966                          
Reg             HKLM
\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd502966 (not active ControlSet)      

---- 
Files GMER 1.0.15 ----

File            C:\Windows\system32\drivers\atapi.sys                                                                suspicious modification

---- EOF GMER 1.0.15 ---- 
Hoffe du findest etwas.

thx wolle
__________________

Alt 05.12.2009, 13:50   #4
Angel21
 
Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll - Standard

Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll



Bitte künftig die Logs nicht in PHP Code Tags posten.

Das erschwert die Übersicht über das Log nur.


ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir das Tool hier herunter auf den Desktop -> KLICK
Wichtig! Bitte die combofix.exe per Rechtsklick, "Ziel speichern unter" unter smss.exe abspeichern!
Besonders hartnäckige Malware erkennt eine combofix.exe und würde sich vor ihr gezielt verstecken!


Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:
  • Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser.
    Vermeide es auch explizit während das Combofix läuft die Maus und Tastatur zu benutzen.
  • Starte nun die in smss.exe umbenannte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.

Poste alle Logfiles bitte mit Codetags umschlossen (#-Button) also so:

[HTML]
Code:
ATTFilter
 Hier das Logfile rein!
         
[/HTML)
__________________
Avira Upgrade 10 ist auf dem Markt!
Agressive Einstellung von Avira

What goes around comes around!

Alt 06.12.2009, 08:56   #5
wfra1
 
Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll - Standard

Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll



Hallo Angel21,

ich verzweifel so langsam am combofix, habe schon ca. 20 mal die Ausführung gestartet und irgendwann kommt ein Bluescreen mit schwerem Ausnahmefehler.
Einige male schafft es combo bis zum Neustart und Schritt 4, dann die Fehlermeldung (Ausnahmefehler adresse etc.). Manchmal kommt der Bluescreen schon vor dem Neustart.
Bis dahin alles nach Vorgaben erledigt. Alle Progs beendet, Virenprog deinstalliert, mit CCleaner alles gescannt und Fehler entfernt oder behoben. combofix in smss umbenannt und natürlich alle Tools als Administrator gestartet. Was nun???

Habe ich was übersehen?? Ist der Trojaner mit einer Formatierung als letzte Möglichkeit zu beseitigen?

Gruss Wolle


Alt 06.12.2009, 10:10   #6
Angel21
 
Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll - Standard

Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll



Hast du Combofix auch VOR dem auf dem Desktop zu gelangen umbenannt?
Kam bei der Fehlermeldung vielleicht mehr als nur "schwerer Ausnahmefehler?"
__________________
--> Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll

Alt 06.12.2009, 12:18   #7
wfra1
 
Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll - Standard

Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll



Hallo Angel21,

nein habe combo natürlich als combo auf dem Desktop gespeichert und dann umbenannt. Dann werde ich es nochmal anders versuchen. Die Datei welche den Absturz verursacht nennt sich übrigens catchme.sys

Hört sich so an wie "wir holen dich wir kriegen dich"

Gruss wolle

Alt 06.12.2009, 12:31   #8
Angel21
 
Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll - Standard

Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll



Hallo,

start - ausführen - combofix /u eingeben, ausführen......
Dann nochmal Combofix diesmal _MIT_ Rechtsklick -> Ziel speichern unter... *smss.exe umbenennen* speichern.


Hast du eine Windows CD?
__________________
Avira Upgrade 10 ist auf dem Markt!
Agressive Einstellung von Avira

What goes around comes around!

Geändert von Angel21 (06.12.2009 um 12:50 Uhr)

Alt 06.12.2009, 21:05   #9
wfra1
 
Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll - Standard

Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll



Hallo angel21,

bin am verzweifeln. Immer wieder blue screen. Alles versucht combofix /u bis er wirklich deinstalliert ist. Neu runtergeladen auf Desktop unter smss. Ausgeführt bis Neustart mit Administratorrechten, bluescreen. Unter abgesichertem Modus ausgeführt, blue screen.

Was nun? Formatierung sollte nun wirklich der allerletzte Ausweg sein.

Gruss Wolle

Alt 06.12.2009, 21:24   #10
Angel21
 
Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll - Standard

Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista-User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Code-Tags in Deinen Thread
__________________
Avira Upgrade 10 ist auf dem Markt!
Agressive Einstellung von Avira

What goes around comes around!

Alt 06.12.2009, 22:15   #11
wfra1
 
Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll - Standard

Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll



Hallo,

OTL ist also ohne Probleme durchgelaufen. Hier die Protokolle

OTLTxt
Code:
ATTFilter
OTL logfile created on: 06.12.2009 21:46:12 - Run 1
OTL by OldTimer - Version 3.1.11.8     Folder = C:\Users\Eifel-Kaffee 2\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1021,32 Mb Total Physical Memory | 491,20 Mb Available Physical Memory | 48,10% Memory free
2,25 Gb Paging File | 1,50 Gb Available in Paging File | 66,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 44,20 Gb Free Space | 59,31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TOSHIBA
Current User Name: Eifel-Kaffee 2
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2009.12.06 21:44:53 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Users\Eifel-Kaffee 2\Desktop\OTL.exe
PRC - [2009.11.10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009.07.02 13:29:14 | 00,161,080 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
PRC - [2009.07.02 13:28:18 | 00,132,408 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!Fernzugang\certsrv.exe
PRC - [2009.07.02 13:27:30 | 00,267,576 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!Fernzugang\avmike.exe
PRC - [2009.04.11 07:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:20 | 00,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009.03.30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.03.30 16:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.02.09 09:26:10 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
PRC - [2008.08.14 10:40:44 | 00,103,720 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2008.08.14 10:40:36 | 01,348,904 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008.08.14 10:14:20 | 00,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2008.07.11 13:22:56 | 00,251,184 | ---- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
PRC - [2008.02.02 02:20:34 | 00,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
PRC - [2008.01.18 23:33:40 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2007.05.31 08:21:28 | 00,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdcBase.exe
PRC - [2006.10.31 21:40:16 | 00,077,824 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2009.12.06 21:44:53 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Users\Eifel-Kaffee 2\Desktop\OTL.exe
MOD - [2009.04.11 07:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2009.11.10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009.11.06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009.10.30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009.09.25 02:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.02 13:29:14 | 00,161,080 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe -- (nwtsrv)
SRV - [2009.07.02 13:28:18 | 00,132,408 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!Fernzugang\certsrv.exe -- (certsrv)
SRV - [2009.07.02 13:27:30 | 00,267,576 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!Fernzugang\avmike.exe -- (avmike)
SRV - [2009.06.05 19:11:31 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9e60912df045e) Google Update Service (gupdate1c9e60912df045e)
SRV - [2009.06.05 19:10:57 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009.03.30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.02.09 09:26:10 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009.02.09 09:26:02 | 00,360,192 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008.12.11 13:31:36 | 00,027,904 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.11.04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.07.11 13:22:56 | 00,251,184 | ---- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)
SRV - [2008.02.02 02:20:34 | 00,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe -- (PDFProFiltSrv)
SRV - [2008.01.18 23:38:26 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 19:14:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008.01.16 19:14:18 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2007.11.06 21:16:54 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007.11.06 21:16:54 | 00,139,264 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007.10.14 21:15:52 | 00,663,552 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2007.06.29 19:16:56 | 00,800,040 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2007.06.27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007.05.31 08:21:24 | 00,379,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 08:21:18 | 00,183,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.11.02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006.10.31 21:40:16 | 00,077,824 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006.10.26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: {D3F669EB-57CE-4f45-8FBD-E245CBB46366} - C:\Program Files\STOPzilla!\Toolbar\SZIESearchHook.dll (iS3 Inc.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://home.1und1.de/?__rd=ac170c22xtxW8xC9yO8OVP97HK2fqJ2X&origin[site]=MX.EUE.DE&origin[page]=index&ucuoId=MX.EUE.DE-20090603131513-ac170c57ItANZhiKpcylKQjev0Cg9FOO-S1"
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0
FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.4.0
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.3.1
FF - prefs.js..keyword.URL: "http://www.ask.com/web?&o=13048&l=dis&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009.04.03 07:29:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{780044d1-e8c0-488f-8059-4522ddbfc2ea}: C:\Program Files\Stopzilla!\Toolbar\Extension [2009.12.06 16:29:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.11.07 07:48:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.11.21 22:26:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009.11.27 22:48:58 | 00,000,000 | ---D | M]
 
[2008.10.27 08:32:37 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\mozilla\Extensions
[2009.12.06 18:10:46 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\mozilla\Firefox\Profiles\myz50cwr.default\extensions
[2009.07.18 18:46:36 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\mozilla\Firefox\Profiles\myz50cwr.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2009.07.18 18:46:36 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\mozilla\Firefox\Profiles\myz50cwr.default\extensions\{31513E58-F253-47ad-86DB-D5F21E905429}
[2009.07.18 18:46:36 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\mozilla\Firefox\Profiles\myz50cwr.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}
[2009.08.08 21:55:36 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\mozilla\Firefox\Profiles\myz50cwr.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2009.11.30 09:01:05 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\mozilla\Firefox\Profiles\myz50cwr.default\extensions\fb_add_on@avm.de
[2009.02.21 12:48:32 | 00,001,632 | ---- | M] () -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\Mozilla\FireFox\Profiles\myz50cwr.default\searchplugins\live-search.xml
[2009.12.06 18:10:46 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.09.09 06:45:22 | 00,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.09.09 06:45:22 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.09.09 06:45:22 | 00,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.09.10 20:00:40 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.09.09 06:45:22 | 00,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: (743 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 	localhost
O1 - Hosts: ::1 	localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ZILLAbar Browser Helper Object) - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\Toolbar\SZSG.dll (iS3, Inc)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (STOPzilla) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\Toolbar\SZSG.dll (iS3, Inc)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: Mit Nuance PDF Converter 5.0 öffnen - C:\Program Files\Nuance\PDF Professional 5\cnvres_ger.dll (Nuance Communications, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006.09.18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{877d5d91-b154-11dd-8dd3-00a0d130cf35}\Shell - "" = AutoRun
O33 - MountPoints2\{877d5d91-b154-11dd-8dd3-00a0d130cf35}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a56b087e-7b62-11de-8502-00a0d130cf35}\Shell - "" = AutoRun
O33 - MountPoints2\{a56b087e-7b62-11de-8502-00a0d130cf35}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{a56b08c2-7b62-11de-8502-00a0d130cf35}\Shell - "" = AutoRun
O33 - MountPoints2\{a56b08c2-7b62-11de-8502-00a0d130cf35}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{c0fef388-7f4e-11de-804d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c0fef388-7f4e-11de-804d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{c0fef3e4-7f4e-11de-804d-00a0d130cf35}\Shell - "" = AutoRun
O33 - MountPoints2\{c0fef3e4-7f4e-11de-804d-00a0d130cf35}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{c0fef3e6-7f4e-11de-804d-00a0d130cf35}\Shell - "" = AutoRun
O33 - MountPoints2\{c0fef3e6-7f4e-11de-804d-00a0d130cf35}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{c0fef3f1-7f4e-11de-804d-00a0d130cf35}\Shell - "" = AutoRun
O33 - MountPoints2\{c0fef3f1-7f4e-11de-804d-00a0d130cf35}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{c0fef3f3-7f4e-11de-804d-00a0d130cf35}\Shell - "" = AutoRun
O33 - MountPoints2\{c0fef3f3-7f4e-11de-804d-00a0d130cf35}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{c0fef3fd-7f4e-11de-804d-00a0d130cf35}\Shell - "" = AutoRun
O33 - MountPoints2\{c0fef3fd-7f4e-11de-804d-00a0d130cf35}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{c0fef422-7f4e-11de-804d-00a0d130cf35}\Shell - "" = AutoRun
O33 - MountPoints2\{c0fef422-7f4e-11de-804d-00a0d130cf35}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008.10.28 11:15:47 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
========== Files/Folders - Created Within 14 Days ==========
 
[2009.12.06 21:44:51 | 00,537,088 | ---- | C] (OldTimer Tools) -- C:\Users\Eifel-Kaffee 2\Desktop\OTL.exe
[2009.12.06 20:25:21 | 00,000,000 | --SD | C] -- C:\cf
[2009.12.06 18:20:51 | 00,000,000 | ---D | C] -- C:\Users\Eifel-Kaffee 2\AppData\Local\Threat Expert
[2009.12.06 16:30:26 | 00,000,000 | ---D | C] -- C:\ProgramData\SITEguard
[2009.12.06 16:29:15 | 00,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2009.12.06 16:29:14 | 00,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2009.12.06 16:29:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2009.12.06 15:05:44 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009.12.06 08:41:28 | 00,000,000 | ---D | C] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\MozBackup
[2009.12.06 08:33:38 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009.12.05 21:27:52 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009.12.05 21:27:52 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009.12.05 21:27:52 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009.12.05 21:27:52 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009.12.05 08:53:55 | 01,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2009.12.05 08:53:55 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2009.12.05 08:53:55 | 00,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2009.12.05 08:52:26 | 00,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2009.12.05 08:52:26 | 00,098,600 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2009.12.05 08:52:20 | 00,207,792 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2009.12.05 08:52:19 | 00,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2009.12.05 08:51:59 | 00,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2009.12.05 08:51:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009.12.05 08:51:37 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009.12.05 08:51:37 | 00,000,000 | ---D | C] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\PC Tools
[2009.12.05 08:51:37 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2009.12.03 21:24:44 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009.12.03 21:24:42 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009.12.03 19:43:07 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009.11.30 09:11:09 | 00,050,480 | ---- | C] (AVM Berlin) -- C:\Windows\System32\AvmColorFaxRender.dll
[2009.11.30 09:11:09 | 00,046,384 | ---- | C] (AVM Berlin) -- C:\Windows\System32\AvmFaxRender.dll
[2009.11.30 09:11:09 | 00,024,880 | ---- | C] (AVM Berlin) -- C:\Windows\System32\FritzVistaMon.dll
[2009.11.30 09:11:09 | 00,024,880 | ---- | C] (AVM Berlin) -- C:\Windows\System32\FritzVistaColorMon.dll
[2009.11.30 09:11:08 | 00,451,888 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\System32\HHActiveX.dll
[2009.11.30 09:11:08 | 00,054,576 | ---- | C] (AVM Berlin GmbH) -- C:\Windows\System32\FritzPort.dll
[2009.11.30 09:11:08 | 00,054,576 | ---- | C] (AVM Berlin GmbH) -- C:\Windows\System32\FritzColorPort.dll
[2009.11.30 09:11:08 | 00,042,288 | ---- | C] (AVM Berlin GmbH) -- C:\Windows\System32\Fridru32.dll
[2009.11.30 09:11:07 | 00,000,000 | ---D | C] -- C:\ProgramData\ISDNWatch
[2009.11.30 09:11:07 | 00,000,000 | ---D | C] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2009.11.29 21:24:43 | 00,000,000 | ---D | C] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\ImgBurn
[2009.11.29 21:20:25 | 00,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2009.11.28 16:55:09 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009.11.28 10:41:24 | 00,000,000 | ---D | C] -- C:\AVZ
[2009.11.28 10:37:16 | 00,000,000 | ---D | C] -- C:\Users\Eifel-Kaffee 2\Desktop\Virus
[2009.11.23 20:23:34 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2009.11.22 22:37:44 | 00,000,000 | ---D | C] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\Malwarebytes
[2009.11.22 22:35:52 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009.11.22 22:35:02 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
 
========== Files - Modified Within 14 Days ==========
 
[2009.12.06 21:45:07 | 03,932,160 | ---- | M] () -- C:\Users\Eifel-Kaffee 2\ntuser.dat
[2009.12.06 21:44:53 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Users\Eifel-Kaffee 2\Desktop\OTL.exe
[2009.12.06 21:43:27 | 00,012,800 | ---- | M] () -- C:\Windows\System32\tdlclk.dll
[2009.12.06 21:40:00 | 00,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009.12.06 21:18:20 | 00,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009.12.06 21:00:02 | 00,000,518 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2009.12.06 20:38:24 | 00,023,552 | ---- | M] () -- C:\Windows\System32\tdlcmd.dll
[2009.12.06 20:35:39 | 00,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2009.12.06 20:33:53 | 00,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2009.12.06 20:33:47 | 00,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009.12.06 20:33:41 | 00,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009.12.06 20:33:41 | 00,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009.12.06 20:33:40 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.12.06 20:33:21 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.12.06 20:24:34 | 03,581,761 | R--- | M] () -- C:\Users\Eifel-Kaffee 2\Desktop\cf.exe
[2009.12.06 20:07:48 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009.12.06 20:07:29 | 00,524,288 | -HS- | M] () -- C:\Users\Eifel-Kaffee 2\ntuser.dat{1b370249-9f60-11de-b589-00a0d130cf35}.TMContainer00000000000000000001.regtrans-ms
[2009.12.06 20:07:29 | 00,065,536 | -HS- | M] () -- C:\Users\Eifel-Kaffee 2\ntuser.dat{1b370249-9f60-11de-b589-00a0d130cf35}.TM.blf
[2009.12.06 18:47:42 | 00,000,328 | ---- | M] () -- C:\Windows\System32\drivers\kgpfr2.cfg
[2009.12.06 18:47:39 | 00,001,288 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2009.12.06 18:15:08 | 00,000,093 | ---- | M] () -- C:\Users\Eifel-Kaffee 2\Desktop\Viren- und Spywareschutz und Schutz vor schädlicher Software Microsoft Security Essentials.URL
[2009.12.06 16:36:06 | 02,492,046 | -H-- | M] () -- C:\Users\Eifel-Kaffee 2\AppData\Local\IconCache.db
[2009.12.06 15:28:04 | 00,061,056 | ---- | M] () -- C:\Users\Eifel-Kaffee 2\AppData\Local\GDIPFONTCACHEV1.DAT
[2009.12.06 09:06:53 | 00,001,604 | ---- | M] () -- C:\Users\Eifel-Kaffee 2\Documents\cc_20091206_090649.reg
[2009.12.04 19:59:35 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2009.12.04 19:59:34 | 00,049,664 | ---- | M] () -- C:\Users\Eifel-Kaffee 2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.03 21:35:23 | 00,269,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.12.03 21:04:17 | 00,006,404 | ---- | M] () -- C:\Users\Eifel-Kaffee 2\Documents\cc_20091203_210409.reg
[2009.11.29 10:52:41 | 00,051,942 | ---- | M] () -- C:\Users\Eifel-Kaffee 2\Desktop\Kenwwod - PayPal.pdf
[2009.11.29 10:34:38 | 00,000,139 | ---- | M] () -- C:\Users\Eifel-Kaffee 2\Desktop\powernetshop.de - Detailansicht.URL
[2009.11.28 17:01:01 | 00,026,418 | ---- | M] () -- C:\Users\Eifel-Kaffee 2\Documents\cc_20091128_170050.reg
[2009.11.27 22:15:00 | 01,418,612 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009.11.27 22:15:00 | 00,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2009.11.27 22:15:00 | 00,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009.11.27 22:15:00 | 00,122,648 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2009.11.27 22:15:00 | 00,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009.11.23 20:24:29 | 00,000,743 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009.11.22 23:37:43 | 00,019,944 | ---- | M] () -- C:\Windows\System32\drivers\atapi(46).sys
 
========== Files Created - No Company Name ==========
 
[2009.12.06 20:23:06 | 00,023,552 | ---- | C] () -- C:\Windows\System32\tdlcmd.dll
[2009.12.06 20:02:42 | 00,260,608 | ---- | C] () -- C:\Windows\PEV.exe
[2009.12.06 18:58:11 | 00,012,800 | ---- | C] () -- C:\Windows\System32\tdlclk.dll
[2009.12.06 18:47:42 | 00,000,328 | ---- | C] () -- C:\Windows\System32\drivers\kgpfr2.cfg
[2009.12.06 18:46:03 | 00,001,288 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2009.12.06 18:15:08 | 00,000,093 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\Desktop\Viren- und Spywareschutz und Schutz vor schädlicher Software Microsoft Security Essentials.URL
[2009.12.06 16:22:00 | 03,581,761 | R--- | C] () -- C:\Users\Eifel-Kaffee 2\Desktop\cf.exe
[2009.12.06 09:06:52 | 00,001,604 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\Documents\cc_20091206_090649.reg
[2009.12.05 21:27:52 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009.12.05 21:27:52 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009.12.05 21:27:52 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009.12.05 21:27:52 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009.12.05 08:53:57 | 00,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2009.12.05 08:53:56 | 00,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2009.12.05 08:53:56 | 00,000,880 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2009.12.05 08:53:55 | 01,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2009.12.05 08:53:55 | 00,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2009.12.05 08:52:26 | 00,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2009.12.05 08:52:20 | 00,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2009.12.05 08:52:20 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2009.12.05 08:51:59 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2009.12.03 21:04:11 | 00,006,404 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\Documents\cc_20091203_210409.reg
[2009.11.29 10:52:40 | 00,051,942 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\Desktop\Kenwwod - PayPal.pdf
[2009.11.29 10:34:38 | 00,000,139 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\Desktop\powernetshop.de - Detailansicht.URL
[2009.11.28 17:00:57 | 00,026,418 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\Documents\cc_20091128_170050.reg
[2009.11.15 12:37:55 | 00,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.09.17 20:44:02 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.17 20:43:20 | 00,019,944 | ---- | C] () -- C:\Windows\System32\drivers\atapi(46).sys
[2009.08.03 20:54:36 | 00,000,020 | ---- | C] () -- C:\Windows\tm.ini
[2009.08.03 20:49:04 | 00,130,560 | ---- | C] () -- C:\Windows\System32\ZipDll.dll
[2009.07.31 07:06:03 | 00,000,082 | ---- | C] () -- C:\Windows\odbc_merge.INI
[2009.05.01 19:41:36 | 00,000,680 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\AppData\Local\d3d9caps.dat
[2009.03.08 08:18:28 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.03.08 08:14:20 | 00,288,627 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\AppData\Local\yqiui_nav.dat
[2009.03.08 08:13:50 | 00,002,973 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\AppData\Local\yqiui.dat
[2009.03.08 08:13:50 | 00,000,322 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\AppData\Local\yqiui_navps.dat
[2009.03.08 08:13:50 | 00,000,097 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\AppData\Local\yqiui.bat
[2009.02.09 20:45:57 | 00,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008.12.10 19:55:10 | 00,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2008.12.10 19:53:30 | 00,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2008.12.10 19:53:18 | 00,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2008.11.07 20:16:48 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.11.03 20:02:36 | 00,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2008.11.03 18:17:40 | 00,049,664 | ---- | C] () -- C:\Users\Eifel-Kaffee 2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.30 09:49:34 | 00,000,022 | ---- | C] () -- C:\ProgramData\8f01a90e-7eb3-48d3-93b1-50d88fd146fb
[2008.10.30 08:00:19 | 00,001,551 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008.10.26 20:46:55 | 00,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2006.11.02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.10.31 16:37:00 | 00,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.08.10 14:00:52 | 00,094,208 | ---- | C] () -- C:\Windows\System32\TosBtHcrpAPI.dll
[2006.06.02 11:54:00 | 00,015,648 | ---- | C] () -- C:\Windows\UN060501.INI
[2005.07.22 20:30:20 | 00,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
 
========== LOP Check ==========
 
[2009.09.23 17:01:05 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\1&1
[2009.03.14 08:26:38 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\AceBIT
[2009.07.28 11:58:04 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\Bytemobile
[2009.11.17 09:09:10 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\FileZilla
[2009.08.25 06:51:32 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\FRITZ!
[2009.11.30 09:11:07 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2009.11.30 20:01:42 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\GoodSync
[2009.07.28 11:59:05 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\HCM Updater
[2009.08.03 20:31:17 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\hed
[2009.11.29 21:27:48 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\ImgBurn
[2009.11.12 08:11:53 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\Internet-Radio Player
[2009.04.24 06:41:00 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\Internetradio Player
[2009.06.03 08:00:23 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\IrfanView
[2009.11.11 09:04:39 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\Lexware
[2009.12.06 08:41:28 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\MozBackup
[2009.11.15 18:49:31 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\NASNaviator2
[2009.05.21 07:49:56 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\phonostar-Player
[2009.02.08 20:32:05 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\RapidSolution
[2008.10.27 08:34:54 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\Thunderbird
[2009.05.04 19:44:11 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\Toshiba
[2009.02.09 09:01:00 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\TuneUp Software
[2008.10.27 11:01:23 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\Uniblue
[2009.12.06 18:09:39 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\UseNeXT
[2008.10.27 08:19:27 | 00,000,000 | ---D | M] -- C:\Users\Eifel-Kaffee 2\AppData\Roaming\Zeon
[2009.12.06 21:00:02 | 00,000,518 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2009.12.06 20:07:51 | 00,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.exe >
 
< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
 
< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2009.04.11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2008.01.18 23:36:20 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2009.04.11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2008.01.18 23:35:38 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2009.04.11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
 
< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
[2006.11.02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< %SYSTEMDRIVE%\sceclt.dll /s /md5 >
 
< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >
 
< %SYSTEMDRIVE%\logevent.dll /s /md5 >
 
< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
 
< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
[2006.11.02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.18 23:42:10 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2006.11.02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.18 23:42:10 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2009.04.11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\atapi.sys
[2008.10.26 21:11:29 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2009.04.11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2006.11.02 10:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.01.18 23:41:32 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.10.26 21:11:29 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.10.26 21:11:29 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
[2008.01.18 23:41:32 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2009.04.11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
 
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >
 
< %SYSTEMDRIVE%\viasraid.sys /s /md5 >
 
< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2006.11.02 10:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.18 23:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2006.11.02 10:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[2008.01.18 23:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.18 23:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.18 23:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
 
< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
 
< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E29ACA54
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
         

Alt 06.12.2009, 22:17   #12
wfra1
 
Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll - Standard

Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll



Und Extras.Txt

Code:
ATTFilter
OTL Extras logfile created on: 06.12.2009 21:46:12 - Run 1
OTL by OldTimer - Version 3.1.11.8     Folder = C:\Users\Eifel-Kaffee 2\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1021,32 Mb Total Physical Memory | 491,20 Mb Available Physical Memory | 48,10% Memory free
2,25 Gb Paging File | 1,50 Gb Available in Paging File | 66,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 44,20 Gb Free Space | 59,31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TOSHIBA
Current User Name: Eifel-Kaffee 2
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03AEB1D6-316A-425B-A028-3A5D871E959A}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{0D040324-126B-493C-93C5-0DB64C1F909C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0F2A5917-C585-4F47-926C-1F8F17C63767}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1E4157A5-FE2F-4E6F-89D3-6A10E43C6789}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{22D84576-5FE4-4906-BBD8-CE102604E9E0}" = lport=5031 | protocol=17 | dir=in | name=avm tapi services for fritz!box - udp 5031 | 
"{2BA1E7CD-2A7E-4D05-9DC6-113FA9317363}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{30BE8358-4715-4AD9-A37D-945421953053}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{378E1153-B451-413E-810E-04EA72D0ECE9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3D1BC1BC-D9DC-461E-AA8E-2229F9770235}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4090A722-3F47-4693-A2CD-511B618ADF75}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{44DCA9C2-7676-4EB5-987A-471E307E2099}" = rport=445 | protocol=6 | dir=out | app=system | 
"{4B0E4A95-FD0E-4247-B32C-104133EAA1B6}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{4BD8067F-23DE-4C43-BBD7-9904738FF9FD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe | 
"{5362725E-FCCE-4113-980D-FC9D6218A5DF}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{61DCFD93-B07E-4732-92EE-996E939CAC29}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{64B768D0-5104-4E35-A105-80C69493600F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6EE6B1BD-5928-4225-B2CD-852795E11DC6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6F0D0BE2-D9A8-4512-A075-1E65E02C428D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6FD3497D-2ADE-4C9F-AA04-49CBA491A052}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{7515502D-6C13-4222-8E93-A2D01B8C3100}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{8395BB33-102F-4B51-9B74-C95578C2D41C}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9123368A-7054-45F2-A8BA-18EC37EF8CB3}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{92A6181C-3995-481A-953D-23EE078C3709}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{9BA1AD5C-AE4E-4C62-96AA-5D342755399D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9DEA75B9-CD84-4E21-8EE3-B61229206118}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A0E475FB-9985-4B18-85F3-660F6A62973A}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{A6DB7D0F-CD12-4DBF-BDBE-46114DABF7A7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AFB0A8BC-7C9A-4AA9-8979-C00E4E5EBC1A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D46C9286-C099-4F6E-96E5-55B6543650AC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D4AD6D6F-3668-4AA4-924D-9C556DFE7E7C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=datei- und druckerfreigabe (spoolerdienst - rpc-epmap) | 
"{D4E70EBD-FE27-4031-9F87-20E6EA2AD255}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{D81B24B6-7588-4197-B3BB-8460BC332BBB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{DB2DAD60-1D27-413B-BE5A-57D44CC5E3FF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DCAF6D3D-6268-46A5-9DC8-13554165C3BE}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E275A021-6254-4CF4-B8DF-43FC2F10E327}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E6F94FFD-155F-4EC2-A957-FC6E8F3FBE5C}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{EBCF2295-1EF8-478F-9565-CFF53339C3F4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EE530C87-9A37-4C53-8FB6-1BD346852562}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{F1C926D2-EF5F-4907-BB87-DE397B0B51D2}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{F5C76F02-A348-420C-82FC-8D11B300F60C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03EA08DB-8FFC-43D2-810B-9097555DF205}" = protocol=6 | dir=in | app=c:\users\eifel-kaffee 2\appdata\local\apps\2.0\ha4w3e1a.45t\998j5n1q.040\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe | 
"{073EA634-8750-4776-8CD0-696CACE24895}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0A5956F1-3486-4488-8694-8F468176E6EB}" = protocol=6 | dir=in | app=c:\program files\tapi services for fritz!box\fboxset.exe | 
"{1828AD09-ADB7-4B5E-B3B1-21F778D75B0F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{218C0136-1A91-45AA-8EEB-41B6D41BAC6F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{24E10276-E850-4202-A22B-39FCDA5387B3}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{303A9EE8-D018-4DF4-9963-3FC951BE3155}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{313ADBB7-B719-479C-B882-86712257E627}" = protocol=17 | dir=in | app=c:\program files\tapi services for fritz!box\fboxset.exe | 
"{3B5A23D6-7C22-4DEF-8494-6EA1DF88074F}" = protocol=17 | dir=in | app=c:\users\eifel-kaffee 2\appdata\local\apps\2.0\ha4w3e1a.45t\998j5n1q.040\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe | 
"{3CDE2F4B-776D-4E26-8D00-607C21574984}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3D063818-8EEF-4D98-82EA-46DFEDE690C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{50CDBC6D-5623-4D81-942D-FB21B2B3D5C3}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{57215715-11A2-49AF-B505-1E907C0E07F5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5D5654A1-0123-4E8D-B66F-321B22958312}" = protocol=58 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv6 ausgehend) | 
"{62322491-D8CD-4FEE-9ACC-D1C13918E513}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{63151601-5EB1-4ED5-B4B8-846CEF8EF2B8}" = protocol=6 | dir=in | app=c:\program files\fritz!\igd_finder.exe | 
"{64013DAF-035F-4235-AD37-B46F8CE3FC2B}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{6698F1BC-EF11-4310-9FBE-64FF9C31E771}" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | 
"{66DE9A73-C10E-4930-B49E-F7BC59E6BC32}" = protocol=17 | dir=in | app=c:\program files\fritz!\igd_finder.exe | 
"{8963FFEF-5947-4BD1-B906-80A07C667BA5}" = protocol=1 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv4 ausgehend) | 
"{89BA1CA1-F071-4C35-BB33-3996A9F38190}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8D831126-B729-43EC-84EE-6D70F6C38AC2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9405FEC9-64A7-46D7-B2BD-50555828DAC1}" = protocol=1 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv4 eingehend) | 
"{94AAEA25-9ABB-4683-BD9A-C4C2F430C8F8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9820ABE9-8A10-41D8-AB72-A46529685AF9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{99FABDB8-8809-4820-B179-8F1EE7548E13}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9C90D155-E574-4DF0-AB56-59FD9FAD4EE6}" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | 
"{A411668E-B050-403E-9CDA-C80836B4195E}" = protocol=6 | dir=in | app=c:\program files\tapi services for fritz!box\igd_finder.exe | 
"{A6341A6C-E6D2-48D9-861E-74C915912E47}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{B21DB6E8-7839-4EB7-BD12-B0DC35A3D5A0}" = protocol=6 | dir=out | app=system | 
"{B224000F-69B4-4B1D-9857-A40497F0E220}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C576F0C1-FC4F-4C91-BCDF-9C3850A9BB50}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C5F6245B-F3DC-4A06-93D7-9B088E2DE39D}" = protocol=6 | dir=in | app=c:\users\eifel-kaffee 2\appdata\local\apps\2.0\ha4w3e1a.45t\998j5n1q.040\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe | 
"{C8E815EF-B189-4808-A0B7-2B8AA599C198}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D1AFDC57-4E2B-4211-9DB1-AD5741196871}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D2321DE1-67E6-4CFD-A485-2062898F0C31}" = protocol=17 | dir=in | app=c:\users\eifel-kaffee 2\appdata\local\apps\2.0\ha4w3e1a.45t\998j5n1q.040\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe | 
"{D476F701-18A1-4F74-96CE-CCDEB8624920}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D945F86C-6B1C-4E99-8E3E-1F653B23A936}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DA7F92C4-5E22-4D63-9463-F0536DA2FE42}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
"{DF35FEFE-CBB1-4A18-9358-98E7DF308996}" = protocol=17 | dir=in | app=c:\program files\tapi services for fritz!box\igd_finder.exe | 
"{E27C0915-4351-46A0-B277-F20355826123}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E67ACE1E-64FC-4346-9999-7108A6A4469A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E8B5DE5C-5B71-4518-869E-07075E90910B}" = protocol=58 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv6 eingehend) | 
"{EC8E1940-423E-4B97-9FBE-0AD334F538B9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{F062CF74-4E50-4C9D-96B7-2B0387A743CD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{1B54E4BE-99AD-4A21-BBCD-5F9746A52162}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe | 
"TCP Query User{8CFFAFFB-DE3B-490D-A765-43383B7CFD2C}\\eifel-kaffee\share\wolle soft\philips\media manager\philips media manager.exe" = protocol=6 | dir=in | app=\\eifel-kaffee\share\wolle soft\philips\media manager\philips media manager.exe | 
"TCP Query User{C16C7F39-2BFE-4E53-B353-E35204D68ED4}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{CE31147B-B367-4C47-8670-D7BD68834E41}C:\program files\namo\webeditor 2006\bin\webeditor.exe" = protocol=6 | dir=in | app=c:\program files\namo\webeditor 2006\bin\webeditor.exe | 
"TCP Query User{F56EDF58-216F-4731-9EBA-90512B088FE1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{0A3F064A-CF55-443D-8142-82EBFEF123C0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{4DCD6078-479D-41F5-BC35-DE1B85698425}C:\program files\namo\webeditor 2006\bin\webeditor.exe" = protocol=17 | dir=in | app=c:\program files\namo\webeditor 2006\bin\webeditor.exe | 
"UDP Query User{A071577C-F780-4D76-A933-D085C5D356A9}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{C8B70624-17E8-4DE8-A727-840F4F0D9AFC}\\eifel-kaffee\share\wolle soft\philips\media manager\philips media manager.exe" = protocol=17 | dir=in | app=\\eifel-kaffee\share\wolle soft\philips\media manager\philips media manager.exe | 
"UDP Query User{D5007418-44EF-4B0B-B08B-A97EFDC22CB3}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer
"{0C72C79F-2ECA-4595-B5FB-DDBE62D06B46}" = Lexware Elster
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 13
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{37888B36-58B5-41C6-BE67-B846BB4809FF}" = iS3 STOPzilla Toolbar
"{482019C6-E633-443F-A8D8-96F1915FECC5}" = CAS Interface Studio 8.6c
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_EXCEL_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_POWERPOINT_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_WORD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_EXCEL_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_POWERPOINT_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_WORD_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_EXCEL_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_POWERPOINT_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_EXCEL_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_POWERPOINT_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_EXCEL_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_POWERPOINT_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_WORD_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_EXCEL_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_POWERPOINT_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_WORD_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A3C34-1652-472D-84AC-2A4D3D4955BF}" = Namo WebEditor 2006
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A7B5CF5F-6BB3-4616-950E-0CF3C9A023AD}" = Namo WebUtilities 2006
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{c600ab3d-8b64-41df-bf36-b3d87ce0706b}" = C7200_Help
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CECEB0FF-5C45-4b50-9A00-C596E36D88F4}" = C7200
"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Ultra Edition
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E11DFB49-0F7A-4FC5-B6D2-AD0A3CA7F152}" = AVM FRITZ!Fernzugang
"{EBFF3839-5A5B-400A-B8A2-4A627C4B29B4}" = Nuance PDF Professional 5
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI
"1&1 MultiMessenger" = 1&1 MultiMessenger
"1&1 SmartFax" = 1&1 SmartFax
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Backup4all 3_is1" = Backup4all 3
"Browser Defender_is1" = Browser Defender 2.0.6.11
"CCleaner" = CCleaner
"EXCEL" = Microsoft Office Excel 2007
"Fausto" = Fausto
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"ImgBurn" = ImgBurn
"InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Internet-Radio Player_is1" = Internet-Radio Player Version 2.01.4
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"POWERPOINT" = Microsoft Office PowerPoint 2007
"RealPlayer 6.0" = RealPlayer
"SetEditArgus" = SetEditArgus (remove only)
"Spyware Doctor" = Spyware Doctor 7.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TAPI" = AVM TAPI Services for FRITZ!Box
"UN060501" = BUFFALO NAS Navigator2
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 0.9.9
"web'n'walk Manager" = web'n'walk Manager
"WinRAR archiver" = WinRAR archiver
"WORD" = Microsoft Office Word 2007
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f6791b188d8f3ff8" = AVM FRITZ!Box USB-Fernanschluss
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.12.2009 03:31:50 | Computer Name = Toshiba | Source = VSS | ID = 8194
Description = 
 
Error - 06.12.2009 03:41:57 | Computer Name = Toshiba | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
 0x49e01da5, fehlerhaftes Modul SHELL32.dll, Version 6.0.6002.18005, Zeitstempel
 0x49e037ec, Ausnahmecode 0xc0000005, Fehleroffset 0x002d2c67,  Prozess-ID 0x7cc, 
Anwendungsstartzeit 01ca76441ef2c489.
 
Error - 06.12.2009 03:44:39 | Computer Name = Toshiba | Source = Application Hang | ID = 1002
Description = Programm MozBackup.exe, Version 1.4.8.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: fcc  Anfangszeit: 01ca764785408ee9  Zeitpunkt der Beendigung:
 5
 
Error - 06.12.2009 07:44:03 | Computer Name = Toshiba | Source = RasClient | ID = 20227
Description = 
 
Error - 06.12.2009 09:19:16 | Computer Name = Toshiba | Source = EventSystem | ID = 4609
Description = 
 
Error - 06.12.2009 09:19:59 | Computer Name = Toshiba | Source = EventSystem | ID = 4609
Description = 
 
Error - 06.12.2009 09:19:59 | Computer Name = Toshiba | Source = VSS | ID = 19
Description = 
 
Error - 06.12.2009 09:19:59 | Computer Name = Toshiba | Source = VSS | ID = 8193
Description = 
 
Error - 06.12.2009 09:29:37 | Computer Name = Toshiba | Source = EventSystem | ID = 4609
Description = 
 
Error - 06.12.2009 10:00:37 | Computer Name = Toshiba | Source = EventSystem | ID = 4609
Description = 
 
[ System Events ]
Error - 06.12.2009 13:45:17 | Computer Name = Toshiba | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 06.12.2009 15:04:37 | Computer Name = Toshiba | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 06.12.2009 15:11:19 | Computer Name = Toshiba | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 06.12.2009 15:12:57 | Computer Name = Toshiba | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 06.12.2009 15:18:06 | Computer Name = Toshiba | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 06.12.2009 um 20:15:57 unerwartet heruntergefahren.
 
Error - 06.12.2009 15:20:07 | Computer Name = Toshiba | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 06.12.2009 15:27:47 | Computer Name = Toshiba | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 06.12.2009 15:33:25 | Computer Name = Toshiba | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 06.12.2009 um 20:28:55 unerwartet heruntergefahren.
 
Error - 06.12.2009 15:35:25 | Computer Name = Toshiba | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 06.12.2009 16:51:58 | Computer Name = Toshiba | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
[ TuneUp Events ]
Error - 22.11.2009 17:37:59 | Computer Name = Toshiba | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-22 22:37:59', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','4612',0)
 
Error - 22.11.2009 17:40:10 | Computer Name = Toshiba | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-22 22:40:10', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','5796',0)
 
Error - 22.11.2009 17:42:15 | Computer Name = Toshiba | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-22 22:42:15', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','6080',0)
 
Error - 22.11.2009 17:57:45 | Computer Name = Toshiba | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-22 22:57:45', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamgui.exe','1864',0)
 
Error - 22.11.2009 17:59:55 | Computer Name = Toshiba | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-22 22:59:55', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','4600',0)
 
Error - 23.11.2009 03:18:22 | Computer Name = Toshiba | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-23 08:18:21', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\unins000.exe','5164',0)
 
Error - 23.11.2009 03:23:54 | Computer Name = Toshiba | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-23 08:23:54', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','5996',0)
 
Error - 23.11.2009 03:24:34 | Computer Name = Toshiba | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-23 08:24:34', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamgui.exe','4620',0)
 
Error - 03.12.2009 16:24:50 | Computer Name = Toshiba | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-12-03 21:24:50', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','3980',0)
 
Error - 03.12.2009 16:25:00 | Computer Name = Toshiba | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-12-03 21:25:00', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','4728',0)
 
 
< End of report >
         
Hoffe es gibt eine Lösung.

Bis Dann, Wolle

Alt 07.12.2009, 14:26   #13
Angel21
 
Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll - Standard

Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll



Hallo,

ich möchte dir nicht zu Nahe treten, aber ist dies ein Geschäftsrechner?

ist dies deine Seite? Eifel Kaffee
__________________
Avira Upgrade 10 ist auf dem Markt!
Agressive Einstellung von Avira

What goes around comes around!

Alt 07.12.2009, 16:19   #14
wfra1
 
Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll - Standard

Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll



Hallo Angel21,

der Name und die Homepage sind wohl richtig, jedoch dient der Laptop nur der Datensicherung. Wenn dies ein Problem sein sollte kann ich ihn gerne umtaufen :-(

Gruss Wolle

Alt 07.12.2009, 20:36   #15
Angel21
 
Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll - Standard

Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll



Hallo,

VERSCHIEBE die Atapi.sys aus dem C.\Windows\system32\drivers Ordner bitte auf dem Desktop. Wie gesagt VERSCHIEBEN nicht kopieren.

Danach drücke F5 um zu sehen, ob die atapi.sys wieder in dem Ordner drivers ist, wenn ja alles okeh, dann Rechner rebooten und neues GMER Logfile.
__________________
Avira Upgrade 10 ist auf dem Markt!
Agressive Einstellung von Avira

What goes around comes around!

Antwort

Themen zu Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll
beseitigen, datei, erkannt, forum, getestet, lästige, pferd, teufel, tool, tools, tr/pck.tdss.z.230, troja, trojaner, trojanische, trojanische pferd




Ähnliche Themen: Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll


  1. Bundespolizei Trojaner und Entfernungsprobleme bei BOO/TDss.M
    Plagegeister aller Art und deren Bekämpfung - 22.03.2012 (4)
  2. BKA Trojaner - habe mit OTLpe txt Datei erstellt - benötige nun eine "FIX-Datei"?
    Log-Analyse und Auswertung - 11.10.2011 (1)
  3. Trojaner BOO/TDss.a auf meinem PC
    Plagegeister aller Art und deren Bekämpfung - 25.06.2011 (31)
  4. Trojaner win32.tdss!IK
    Plagegeister aller Art und deren Bekämpfung - 25.12.2009 (1)
  5. Trojaner C:\WINDOWS\SYSTEM32\tdlclk.dll loswerden.
    Plagegeister aller Art und deren Bekämpfung - 12.12.2009 (1)
  6. TR/PCK.tdss.Z.230 in system32\tdlclk.dll
    Log-Analyse und Auswertung - 11.12.2009 (35)
  7. Trojan.TDss!K - Packed.Win32.Tdss!IK - und wer weiß was noch alles!
    Plagegeister aller Art und deren Bekämpfung - 09.12.2009 (1)
  8. Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen...
    Log-Analyse und Auswertung - 28.11.2009 (35)
  9. TR/PCK.tdss.Z.230 in system32\tdlclk.dll entdeckt
    Log-Analyse und Auswertung - 25.11.2009 (1)
  10. Problem mit Trojaner...Tdss.Z.301
    Plagegeister aller Art und deren Bekämpfung - 11.09.2009 (17)
  11. Trojaner in .rar Datei! Bitte um Analyse dieser Datei!!!
    Plagegeister aller Art und deren Bekämpfung - 23.08.2009 (12)
  12. Trojaner WIN32.TDSS.rtk
    Plagegeister aller Art und deren Bekämpfung - 02.07.2009 (0)
  13. Trojaner? TR/TDss.acdc
    Log-Analyse und Auswertung - 22.05.2009 (2)
  14. BDS/TDSS.adb, BDS/TDSS.JW und einiges mehr
    Log-Analyse und Auswertung - 14.01.2009 (28)
  15. Rootkit RKIT/TDss.G.22 Backdoorprogramm BDS/TDSS.adb und Trojaner TR/Proxy.GHY
    Log-Analyse und Auswertung - 21.12.2008 (28)
  16. Backdoor.TDSS.asz und TDSS.atb gefunden
    Mülltonne - 28.11.2008 (0)
  17. Trojaner in datei gefunden (datei aber nicht vorhanden)
    Plagegeister aller Art und deren Bekämpfung - 29.11.2004 (2)

Zum Thema Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll - Hallo, habe den lästigen Trojaner tdlclk.dll, das Trojanische Pferd TR/PCK.Tdss.Z.230 auf meinem Rechner. Wird erkannt, lässt sich aber mit keinem Tool beseitigen und kommt immer wieder. Habe hier im Forum - Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll...
Archiv
Du betrachtest: Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.