|
Plagegeister aller Art und deren Bekämpfung: WIE WERDE ICH (ganz einfach) VIRENFREI?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
06.03.2010, 10:22 | #31 |
| WIE WERDE ICH (ganz einfach) VIRENFREI? [QUOTE=John Marcos;507732]RESULTAT: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 03/06/2010 at 00:39 AM Application Version : 4.34.1000 Core Rules Database Version : 4644 Trace Rules Database Version: 2456 Scan type : Complete Scan Total Scan Time : 02:01:00 Memory items scanned : 843 Memory threats detected : 0 Registry items scanned : 7683 Registry threats detected : 11 File items scanned : 192908 File threats detected : 0 MUSS DAS NUN JETZT GELÖSCHT WERDEN? Adware.DoubleD HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945} HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0 HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\0 HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\0\win32 HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\FLAGS HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\HELPDIR HKCR\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF} HKCR\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}\ProxyStubClsid HKCR\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}\ProxyStubClsid32 HKCR\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}\TypeLib HKCR\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}\TypeLib#Version John Marcos |
06.03.2010, 10:37 | #32 |
| WIE WERDE ICH (ganz einfach) VIRENFREI? Und noch mal der letzte GMER (vielleicht hilfts):
__________________GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-03-06 10:33:09 Windows 6.0.6002 Service Pack 2 Running: 5cl742y2.exe; Driver: C:\Users\Johannes\AppData\Local\Temp\pgtyrkow.sys ---- System - GMER 1.0.15 ---- SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8F99A320] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 621 822E4D84 4 Bytes [20, A3, 99, 8F] .text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8A952480, 0x3C939, 0xE8000020] .dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8A993900, 0x3CA, 0x48000040] .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E004000, 0x1FB0FA, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[3712] ntdll.dll!DbgBreakPoint 778F8B2E 1 Byte [90] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[3976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [71EB7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [71F0A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [71EBBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [71EAF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [71EB75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [71EAE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [71EE8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [71EBDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [71EAFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [71EAFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [71EA71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [71F3CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [71EDC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [71EAD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [71EA6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [71EA687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [71EB2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) John Marcos |
07.03.2010, 01:01 | #33 |
/// Helfer-Team | WIE WERDE ICH (ganz einfach) VIRENFREI? moin John Marcos,
__________________meines Erachtens ist der PC wieder sauber Die Funde von SpuerAntiSpyware bitte löschen lassen. Das war's Du bist entlassen... Gruß Handball10
__________________ |
07.03.2010, 09:01 | #34 | |
| WIE WERDE ICH (ganz einfach) VIRENFREI?Zitat:
Übrigens, mein System hat sich wieder infiziert (4 Sachen). Hab' zuerst Malwarebytes' Anti-Malware und dann SUPERAntiSpyware Free Edition benutzt und die Dinger sind weg! Das habe ich bei euch gelernt! SUPER! John Marcos PS: Würde dennoch ein sogenanntes Anti-Virus Programm installieren. Aber welches?
__________________ Nichts fühlt sich schlimmer an, als auf jemanden böse zu sein. |
07.03.2010, 10:31 | #35 | ||
/// Helfer-Team | WIE WERDE ICH (ganz einfach) VIRENFREI? Super... Zitat:
-------------------------------------------------------------------------- Btte folgendes noch abarbeite. Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
----------------- Zitat:
Öffne Hijackthis.exe -> Open The Misc Tool Section -> Open Uninstall manager -> Save List. -------------------- Alle Logfiles bitte hier rein posten (aber bitte nicht mehr in der großen und farblichen Schrift ) Gruß Handball10
__________________ Lustige Rechtschreibfehler des Trojanischen Pferdes "Trojan.Win32.FraudPack.ajn" Lustige Rechtschreibfehler von "XP Deluxe Protector" - Neu !! Geändert von handball10 (07.03.2010 um 11:22 Uhr) |
07.03.2010, 12:12 | #36 | |
| WIE WERDE ICH (ganz einfach) VIRENFREI?Zitat:
OTL 1: OTL Extras logfile created on: 07.03.2010 12:01:00 - Run 1 OTL by OldTimer - Version 3.1.34.0 Folder = C:\Users\Johannes\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,89 Gb Total Space | 65,77 Gb Free Space | 44,18% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 147,73 Gb Total Space | 142,57 Gb Free Space | 96,51% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JOHANNES-PC Current User Name: Johannes Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .reg [@ = Regedit.Document] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-56140064-1159931152-2532776722-1000] "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{ECF24EF9-B78A-4328-B1F3-515C7A7C0865}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01E125E1-0AD0-444F-ABC1-06815F654DDE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{01F635C2-E864-4DB9-A80F-53CC173F5025}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{4510FD25-EBAE-4D10-9429-E19389924374}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{506B3731-590A-434A-A7E8-24440D5D9CA0}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{8C774369-96BE-4492-9797-4E0E6142656E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{9B498DD1-4C97-486A-B340-1FE2C07DF822}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9D59BD37-38C5-4315-B7F4-21FF8EE0D41A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9E52A1C6-A6B4-4C10-B9D7-4783696138A4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9F9B638E-5085-4BB0-86B5-93077747E699}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{D9991767-7FDF-41F1-A86E-3919E652AC77}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{F528DCF7-D5D2-443F-AAED-B4462FAC7DD9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "TCP Query User{173F99D9-AD22-4AF8-A8F2-5EE39C72C8B2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{706B76E6-7381-4995-AAFD-D68E7070AB7C}C:\users\johannes\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\johannes\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | "TCP Query User{FC69CCCD-459D-4919-8DB0-31F71345A3ED}C:\program files\safari\safari.exe" = protocol=6 | dir=in | app=c:\program files\safari\safari.exe | "UDP Query User{10106C0D-DCDC-4038-9CDA-1546059E0AF6}C:\users\johannes\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\johannes\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | "UDP Query User{21F28FAC-5B36-4574-BD5C-0BDF17598206}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{BBE05868-009F-4497-8F03-8615C65802F8}C:\program files\safari\safari.exe" = protocol=17 | dir=in | app=c:\program files\safari\safari.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01E19402-C0E4-B301-17F6-551EA53F7351}" = Catalyst Control Center Localization Japanese "{03B39295-B637-9491-9A38-90872F42966A}" = Catalyst Control Center Localization Italian "{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree "{0D6D148C-DFE8-C643-C4E7-A7DB84B9031E}" = Catalyst Control Center Localization Swedish "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1A7979D5-9AED-2730-A561-AE28CC747B91}" = Catalyst Control Center Localization Chinese Standard "{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher "{1EF7109C-CEC0-45A6-3965-C99FAE0B7A4B}" = Catalyst Control Center Core Implementation "{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17 "{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3 "{2C0ADDC5-6FF6-60AC-104F-81C1E7DD1E6E}" = CCC Help Swedish "{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6 "{3513D67C-9B77-6242-D2B4-8C96D4587B51}" = CCC Help German "{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02 "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{64A2B0D7-2204-298F-F4ED-B386CAFFA694}" = Catalyst Control Center Localization German "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{6F04A6FF-7F7B-55E0-C649-C781D27C3515}" = Catalyst Control Center Graphics Full New "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{70455234-B242-88EE-EEC6-5FB8B3C5A68D}" = CCC Help Italian "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73764932-E12C-1F98-15B9-2B4FAB03C521}" = Skins "{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings "{76E72622-885F-7D3D-D74D-ADFC2D054D4E}" = CCC Help Korean "{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder "{78FBDFAF-9463-E30B-C19C-DB78ADF7F894}" = CCC Help French "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7E7AD30F-D34E-1DBB-95F4-6A174127A6A6}" = Catalyst Control Center Graphics Full Existing "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{8A877662-8051-E928-0CB4-4A6C5FE90EEC}" = CCC Help Dutch "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007 "{90120000-0015-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007 "{90120000-0016-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007 "{90120000-0018-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007 "{90120000-0019-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007 "{90120000-001A-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007 "{90120000-001B-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007 "{90120000-001F-0403-0000-0000000FF1CE}_ENTERPRISE_{A5B6B786-2D6F-4B75-940F-42B32D01D146}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007 "{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{669EB263-0AFE-4FCB-A068-DB082CA6273C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007 "{90120000-001F-042D-0000-0000000FF1CE}_ENTERPRISE_{042190ED-F17C-4A8D-95D8-87A37B4095BD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007 "{90120000-001F-0456-0000-0000000FF1CE}_ENTERPRISE_{D3064ADE-5D4C-4AA4-8F71-C63D87D4A263}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2007 "{90120000-0044-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007 "{90120000-006E-0C0A-0000-0000000FF1CE}_ENTERPRISE_{35B14BD6-6042-4A55-B326-58309DC8C72A}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007 "{90120000-00A1-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs "{90120000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2007 "{90120000-00BA-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A050CE7-1EF2-A942-4CAB-7C02E99FFDB0}" = Catalyst Control Center Localization Korean "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AE0832C-194D-D1B3-5E93-A45BC14E8D0C}" = Catalyst Control Center Localization Portuguese "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A63769B5-2D2B-518A-55D7-16458D553605}" = CCC Help Portuguese "{A7965F9D-92AA-5C12-F389-A05339170ACF}" = CCC Help Japanese "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AB0F54CA-798B-1BF9-AA82-DE78BD3AAE6B}" = Catalyst Control Center Localization Dutch "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2F3087C-10C9-BAA7-0827-7501AA64588A}" = CCC Help Chinese Standard "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{B73F949B-839C-9F5A-2E51-40B2AC3BC779}" = Catalyst Control Center Graphics Previews Vista "{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 6.3 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{CF98DACA-A3C6-E90C-1FF6-326F7ABF531D}" = ccc-core-static "{CFE95E33-9B99-9FF5-8051-03E21D955ACF}" = CCC Help English "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari "{D8CF7AE3-1D21-F454-7798-2EA7ED006269}" = CCC Help Chinese Traditional "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{E240D2D0-FF54-6B3A-F866-36717C0E068B}" = CCC Help Spanish "{E257B0A7-3B49-4943-7455-F2E7B09137C8}" = ATI Catalyst Install Manager "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe "{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2009 "{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{EA983525-B803-F9C8-9E00-4AD187D597C1}" = ccc-utility "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities "{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup "{F08CA874-5735-0EFC-0832-68BDD155A2F3}" = Catalyst Control Center Localization Chinese Traditional "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA "{F273BBCA-68BF-76D7-8666-F8A5B40EA83B}" = Catalyst Control Center Localization French "{F4A256A6-E670-FEAF-A45A-444DB34CBD5F}" = Catalyst Control Center Graphics Light "{F73DB365-02E3-1E83-6F55-FDF9596038F5}" = Catalyst Control Center Localization Spanish "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3 "Any DWG to PDF Converter_is1" = Any DWG to PDF Converter 2008 "CCleaner" = CCleaner "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "ENTERPRISE" = Microsoft Office Enterprise 2007 "Escritorio movistar" = Escritorio movistar "ExpressBurn" = Express Burn "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) "Free Studio_is1" = Free Studio version 4.2 "Free YouTube Download_is1" = Free YouTube Download 2.3 "Google Chrome" = Google Chrome "HijackThis" = HijackThis 2.0.2 "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder "InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition "InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MP3 Cutter_is1" = MP3 Cutter 1.3 "myphotobook" = myphotobook 3.5 "Picasa2" = Picasa 2 "SimpleOCR 3.1" = SimpleOCR 3.1 "Smart Protector Pro_is1" = Smart Protector Pro "ST6UNST #1" = Screeny LT 2.3.0 "SynTPDeinstKey" = Synaptics Pointing Device Driver "udkyygvd" = Favorit "Uninstall_is1" = Uninstall 1.0.0.1 "Veetle TV" = Veetle TV 0.9.16 "WavePad" = WavePad Uninstall "Windows Media Encoder 9" = Windows Media Encoder 9-Reihe "WinRAR archiver" = WinRAR "XSManager" = XSManager "Yahoo! Companion" = Yahoo! Toolbar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "0ac7d207f51cb75e" = Text2Speech "Octoshape Streaming Services" = Octoshape Streaming Services "Yahoo! BrowserPlus" = Yahoo! BrowserPlus ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12.02.2010 23:19:45 | Computer Name = Johannes-PC | Source = WinMgmt | ID = 10 Description = Error - 13.02.2010 10:45:02 | Computer Name = Johannes-PC | Source = WinMgmt | ID = 10 Description = Error - 13.02.2010 11:58:55 | Computer Name = Johannes-PC | Source = EventSystem | ID = 4621 Description = Error - 14.02.2010 06:35:07 | Computer Name = Johannes-PC | Source = WinMgmt | ID = 10 Description = Error - 17.02.2010 03:40:33 | Computer Name = Johannes-PC | Source = WinMgmt | ID = 10 Description = Error - 18.02.2010 04:09:45 | Computer Name = Johannes-PC | Source = WinMgmt | ID = 10 Description = Error - 19.02.2010 03:13:46 | Computer Name = Johannes-PC | Source = WinMgmt | ID = 10 Description = Error - 21.02.2010 05:28:50 | Computer Name = Johannes-PC | Source = EventSystem | ID = 4621 Description = Error - 21.02.2010 05:30:00 | Computer Name = Johannes-PC | Source = WinMgmt | ID = 10 Description = Error - 22.02.2010 05:50:33 | Computer Name = Johannes-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung Photoshop.exe, Version 10.0.0.0, Zeitstempel 0x461aabf7, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821, Ausnahmecode 0xc0000374, Fehleroffset 0x000afaf8, Prozess-ID 0x1af0, Anwendungsstartzeit 01cab3a45e552fd0. [ OSession Events ] Error - 22.06.2009 17:22:10 | Computer Name = Johannes-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1894 seconds with 0 seconds of active time. This session ended with a crash. Error - 10.07.2009 13:45:37 | Computer Name = Johannes-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7204 seconds with 1080 seconds of active time. This session ended with a crash. Error - 10.07.2009 13:45:49 | Computer Name = Johannes-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. Error - 13.07.2009 16:44:34 | Computer Name = Johannes-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 31450 seconds with 3480 seconds of active time. This session ended with a crash. Error - 09.09.2009 08:48:40 | Computer Name = Johannes-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4033 seconds with 300 seconds of active time. This session ended with a crash. Error - 18.09.2009 08:19:54 | Computer Name = Johannes-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 20075 seconds with 14880 seconds of active time. This session ended with a crash. [ System Events ] Error - 10.09.2009 09:39:44 | Computer Name = Johannes-PC | Source = HTTP | ID = 15016 Description = Error - 10.09.2009 09:41:15 | Computer Name = Johannes-PC | Source = Service Control Manager | ID = 7000 Description = Error - 10.09.2009 09:42:17 | Computer Name = Johannes-PC | Source = DCOM | ID = 10000 Description = Error - 11.09.2009 02:29:47 | Computer Name = Johannes-PC | Source = HTTP | ID = 15016 Description = Error - 11.09.2009 02:31:20 | Computer Name = Johannes-PC | Source = Service Control Manager | ID = 7000 Description = Error - 11.09.2009 02:32:08 | Computer Name = Johannes-PC | Source = DCOM | ID = 10000 Description = Error - 11.09.2009 09:42:11 | Computer Name = Johannes-PC | Source = DCOM | ID = 10016 Description = Error - 11.09.2009 09:42:11 | Computer Name = Johannes-PC | Source = DCOM | ID = 10016 Description = Error - 11.09.2009 20:33:29 | Computer Name = Johannes-PC | Source = HTTP | ID = 15016 Description = Error - 11.09.2009 20:35:00 | Computer Name = Johannes-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > OTL 2: OTL logfile created on: 07.03.2010 12:01:00 - Run 1 OTL by OldTimer - Version 3.1.34.0 Folder = C:\Users\Johannes\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,89 Gb Total Space | 65,77 Gb Free Space | 44,18% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 147,73 Gb Total Space | 142,57 Gb Free Space | 96,51% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JOHANNES-PC Current User Name: Johannes Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Johannes\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Johannes\AppData\Local\Yahoo!\BrowserPlus\2.5.1\BrowserPlusCore.exe (Yahoo! Inc.) PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) PRC - C:\Windows\service4g.exe (4G Systems GmbH & Co. KG) PRC - C:\Programme\Safari\Safari.exe (Apple Inc.) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Users\Johannes\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS) PRC - C:\Programme\XSManager\WTGService.exe () PRC - C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) PRC - C:\Programme\Camera Assistant Software for Toshiba\CEC_MAIN.exe () PRC - C:\Programme\Camera Assistant Software for Toshiba\traybar.exe (Chicony) PRC - C:\Programme\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba) PRC - C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) PRC - C:\Programme\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH) PRC - C:\Programme\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH) PRC - C:\Programme\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) PRC - C:\Programme\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) PRC - C:\Programme\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\Toshiba\Registration\ToshibaRegistration.exe (Toshiba) PRC - C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Programme\Smart Protector Pro\SmartProtector-Pro.exe (SmartSoft) PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Johannes\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (TOSHIBA Bluetooth Service) -- File not found SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (AV Engine Scanning Service) -- C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe () SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (WTGService) -- C:\Programme\XSManager\WTGService.exe () SRV - (TNaviSrv) -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (SmartFaceVWatchSrv) -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba) SRV - (TempoMonitoringService) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH) SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASENUM) -- C:\Programme\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (cm_ser) -- C:\Windows\System32\drivers\cm_ser.sys (C-motech Co.,Ltd.) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation) DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdom...SEA&bmod=TSEA; IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdom...TSEA&bmod=TSEA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdom...SEA&bmod=TSEA; IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.schnellsucher.com/?t=Q1003063475&s=h IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1 FF - prefs.js..extensions.enabledItems: {0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}:2.0.0.1050 FF - prefs.js..extensions.enabledItems: {2224E955-00E9-4613-A844-CE69FCCAAE91}:3.7.2.4650 FF - prefs.js..extensions.enabledItems: {7AB6D133-2A14-4C11-B3AD-35B1548D38F9}:1.0 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546 [2009.06.06 22:32:48 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\mozilla\Extensions [2009.10.10 22:48:05 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\odf72dn1.default\extensions [2009.09.02 10:13:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\odf72dn1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.06.08 08:12:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\odf72dn1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009.09.27 17:19:12 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\odf72dn1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009.10.12 01:54:21 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.09.05 09:00:05 | 000,000,000 | ---D | M] (Sukoku) -- C:\Programme\Mozilla Firefox\extensions\{7AB6D133-2A14-4C11-B3AD-35B1548D38F9} O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [00TCrdMain] C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) O4 - HKLM..\Run: [cfFncEnabler.exe] File not found O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( ) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NDSTray.exe] File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\Toshiba\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [Toshiba TEMPO] C:\Programme\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH) O4 - HKLM..\Run: [TPwrMain] C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Johannes\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS) O4 - HKCU..\Run: [SPSTEALT] C:\Program Files\Smart Protector Pro\SmartProtector-Pro.exe (SmartSoft) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [TOSCDSPD] File not found O4 - Startup: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found O24 - Desktop WallPaper: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{19bad49a-addf-11de-9fcd-0022fa35a37c}\Shell - "" = AutoRun O33 - MountPoints2\{19bad49a-addf-11de-9fcd-0022fa35a37c}\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found O33 - MountPoints2\{2fb4edaf-ab7f-11de-a068-001e339e59db}\Shell - "" = AutoRun O33 - MountPoints2\{2fb4edaf-ab7f-11de-a068-001e339e59db}\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found O33 - MountPoints2\{a6a4990e-051c-11df-b40f-0022fa35a37c}\Shell - "" = AutoRun O33 - MountPoints2\{a6a4990e-051c-11df-b40f-0022fa35a37c}\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found O33 - MountPoints2\{d69654e1-7da7-11de-adc8-001e339e59db}\Shell - "" = AutoRun O33 - MountPoints2\{d69654e1-7da7-11de-adc8-001e339e59db}\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.03.07 11:59:32 | 000,553,984 | ---- | C] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe [2010.03.05 22:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010.03.05 22:34:15 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\SUPERAntiSpyware.com [2010.03.05 22:34:15 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2010.03.04 01:03:11 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.03.03 14:21:20 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.03.03 14:21:18 | 000,000,000 | ---D | C] -- C:\rsit [2010.03.03 14:02:16 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Malwarebytes [2010.03.03 14:02:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.03.03 14:02:07 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.03.03 14:02:07 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.03.03 14:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.03.03 12:25:49 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\VIREN SÄUBERUNG [2010.03.02 00:01:03 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Documents\Version Cue [2010.03.02 00:01:02 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Documents\AdobeStockPhotos [2010.03.01 15:07:35 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\03 März [2010.03.01 15:06:15 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\ABRAHAM LOA ÜBERSETZUNGEN [2010.03.01 14:59:50 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\1800 mt [2010.02.24 13:19:05 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2010.02.24 13:19:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.02.24 13:18:49 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll [2010.02.24 13:18:49 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll [2010.02.24 13:18:48 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe [2010.02.24 13:18:48 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe [2010.02.24 13:18:48 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe [2010.02.24 13:18:48 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe [2010.02.24 13:18:48 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll [2010.02.24 13:18:48 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll [2010.02.24 13:18:48 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll [2010.02.24 13:18:46 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2010.02.24 13:18:46 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2010.02.24 13:18:45 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2010.02.23 20:18:14 | 000,000,000 | ---D | C] -- C:\Programme\Veetle [2010.02.22 16:32:08 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Deployment [2010.02.22 16:32:08 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Apps [2010.02.21 17:00:21 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.02.21 17:00:17 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.02.21 09:50:55 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Octoshape [2010.02.17 08:49:41 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\GESUNDHEIT FEBRUAR 2010 [2010.02.14 11:55:57 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\HEAVEN FEBRUAR 2010 [2010.02.10 18:48:25 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.02.10 18:48:25 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.02.10 18:48:17 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2010.02.10 18:48:17 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll [2010.02.10 18:48:17 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll [2010.02.10 18:48:17 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll [2010.02.08 01:36:57 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\bashar xxxxx [2009.10.24 08:08:17 | 000,385,024 | ---- | C] (inventarlo) -- C:\Users\Johannes\AppData\Local\wxipyzj.exe [4 C:\Users\Johannes\Desktop\*.tmp files -> C:\Users\Johannes\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.03.07 12:00:21 | 006,815,744 | -HS- | M] () -- C:\Users\Johannes\ntuser.dat [2010.03.07 11:59:40 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe [2010.03.07 11:41:36 | 000,020,782 | ---- | M] () -- C:\Users\Johannes\Desktop\Ich halte nach dem Ausschau, was ich am liebsten mag..docx [2010.03.07 11:15:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.03.07 10:49:50 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.03.07 10:49:50 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.03.07 09:56:45 | 000,013,824 | ---- | M] () -- C:\Users\Johannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.07 09:54:54 | 000,000,162 | -H-- | M] () -- C:\Users\Johannes\Desktop\~$h halte nach dem Ausschau, was ich am liebsten mag..docx [2010.03.07 09:53:24 | 260,961,708 | ---- | M] () -- C:\Users\Johannes\Desktop\ISOALDEA_1_0001.zip [2010.03.07 09:26:42 | 000,100,252 | ---- | M] () -- C:\Users\Johannes\Desktop\1-24 Auszüge von Abraham-Workshops.docx [2010.03.07 08:52:45 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.03.07 08:52:45 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.03.07 08:52:45 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.03.07 08:52:45 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.03.07 08:52:45 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.03.07 08:49:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.03.06 20:36:18 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job [2010.03.06 20:36:13 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.03.06 20:34:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.03.06 20:34:29 | 3219,120,128 | -HS- | M] () -- C:\hiberfil.sys [2010.03.06 20:33:37 | 000,524,288 | -HS- | M] () -- C:\Users\Johannes\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.03.06 20:33:37 | 000,065,536 | -HS- | M] () -- C:\Users\Johannes\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.03.06 20:33:36 | 002,977,210 | -H-- | M] () -- C:\Users\Johannes\AppData\Local\IconCache.db [2010.03.06 20:32:56 | 000,001,377 | ---- | M] () -- C:\Users\Johannes\AppData\Local\udkyygvd_navps.dat [2010.03.06 20:32:52 | 000,003,496 | ---- | M] () -- C:\Users\Johannes\AppData\Local\udkyygvd.dat [2010.03.06 18:20:53 | 000,270,999 | ---- | M] () -- C:\Users\Johannes\AppData\Local\udkyygvd_nav.dat [2010.03.06 18:20:49 | 000,000,094 | ---- | M] () -- C:\Users\Johannes\AppData\Local\udkyygvd.bat [2010.03.06 13:53:07 | 000,000,162 | -H-- | M] () -- C:\Users\Johannes\Desktop\~$24 Auszüge von Abraham-Workshops.docx [2010.03.04 01:14:07 | 000,000,680 | ---- | M] () -- C:\Users\Johannes\AppData\Local\d3d9caps.dat [2010.03.04 00:19:52 | 000,000,162 | -H-- | M] () -- C:\Users\Johannes\Desktop\~$eeeee.docx [2010.03.03 15:24:59 | 000,011,332 | -HS- | M] () -- C:\Users\Johannes\AppData\Local\1H41 [2010.02.28 21:00:22 | 000,015,941 | ---- | M] () -- C:\Users\Johannes\Desktop\GENEVA - 800M.docx [2010.02.26 16:52:29 | 000,000,162 | -H-- | M] () -- C:\Users\Johannes\Desktop\~$NDA+IMFPA_AU_Blank.doc [2010.02.25 09:18:04 | 000,119,536 | ---- | M] () -- C:\Users\Johannes\AppData\Local\GDIPFONTCACHEV1.DAT [2010.02.25 09:15:11 | 001,765,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.02.24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.02.20 14:51:07 | 000,000,162 | -H-- | M] () -- C:\Users\Johannes\Desktop\~$O 56 BARS LEONARDO 20000 a 100000 leonardo.doc [2010.02.16 14:11:42 | 000,000,162 | -H-- | M] () -- C:\Users\Johannes\Desktop\~$r kluge Esser.docx [2010.02.09 23:23:56 | 000,002,078 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.02.06 21:12:00 | 000,000,162 | -H-- | M] () -- C:\Users\Johannes\Desktop\~$D zu Small.doc [2010.02.06 17:55:38 | 000,000,162 | -H-- | M] () -- C:\Users\Johannes\Desktop\~$D1-LEDGER TO LEDGER_CONTRACT 555555.doc [4 C:\Users\Johannes\Desktop\*.tmp files -> C:\Users\Johannes\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.03.07 09:54:54 | 000,000,162 | -H-- | C] () -- C:\Users\Johannes\Desktop\~$h halte nach dem Ausschau, was ich am liebsten mag..docx [2010.03.07 09:26:36 | 000,020,782 | ---- | C] () -- C:\Users\Johannes\Desktop\Ich halte nach dem Ausschau, was ich am liebsten mag..docx [2010.03.07 08:59:08 | 260,961,708 | ---- | C] () -- C:\Users\Johannes\Desktop\ISOALDEA_1_0001.zip [2010.03.06 18:21:19 | 000,270,999 | ---- | C] () -- C:\Users\Johannes\AppData\Local\udkyygvd_nav.dat [2010.03.06 18:20:49 | 000,003,496 | ---- | C] () -- C:\Users\Johannes\AppData\Local\udkyygvd.dat [2010.03.06 18:20:49 | 000,001,377 | ---- | C] () -- C:\Users\Johannes\AppData\Local\udkyygvd_navps.dat [2010.03.06 18:20:49 | 000,000,094 | ---- | C] () -- C:\Users\Johannes\AppData\Local\udkyygvd.bat [2010.03.06 11:18:41 | 000,000,162 | -H-- | C] () -- C:\Users\Johannes\Desktop\~$24 Auszüge von Abraham-Workshops.docx [2010.03.04 01:47:06 | 000,100,252 | ---- | C] () -- C:\Users\Johannes\Desktop\1-24 Auszüge von Abraham-Workshops.docx [2010.03.04 00:19:52 | 000,000,162 | -H-- | C] () -- C:\Users\Johannes\Desktop\~$eeeee.docx [2010.03.03 06:21:45 | 000,011,332 | -HS- | C] () -- C:\Users\Johannes\AppData\Local\1H41 [2010.02.28 21:00:00 | 000,015,941 | ---- | C] () -- C:\Users\Johannes\Desktop\GENEVA - 800M.docx [2010.02.26 16:52:29 | 000,000,162 | -H-- | C] () -- C:\Users\Johannes\Desktop\~$NDA+IMFPA_AU_Blank.doc [2010.02.20 14:51:07 | 000,000,162 | -H-- | C] () -- C:\Users\Johannes\Desktop\~$O 56 BARS LEONARDO 20000 a 100000 leonardo.doc [2010.02.16 14:11:42 | 000,000,162 | -H-- | C] () -- C:\Users\Johannes\Desktop\~$r kluge Esser.docx [2010.02.09 23:23:56 | 000,002,078 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.02.06 21:12:00 | 000,000,162 | -H-- | C] () -- C:\Users\Johannes\Desktop\~$D zu Small.doc [2010.02.06 17:55:38 | 000,000,162 | -H-- | C] () -- C:\Users\Johannes\Desktop\~$D1-LEDGER TO LEDGER_CONTRACT 555555.doc [2009.10.24 08:08:17 | 000,295,458 | ---- | C] () -- C:\Users\Johannes\AppData\Local\wxipyzj_nav.dat [2009.10.24 08:08:17 | 000,003,409 | ---- | C] () -- C:\Users\Johannes\AppData\Local\wxipyzj.dat [2009.10.24 08:08:17 | 000,001,465 | ---- | C] () -- C:\Users\Johannes\AppData\Local\wxipyzj_navps.dat [2009.09.24 00:28:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.10 13:15:51 | 000,000,680 | ---- | C] () -- C:\Users\Johannes\AppData\Local\d3d9caps.dat [2009.07.03 05:57:21 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2 [2009.06.26 07:59:01 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.06.19 11:10:23 | 000,000,093 | ---- | C] () -- C:\Users\Johannes\AppData\Local\awqio.bat [2009.06.18 18:56:34 | 000,000,334 | ---- | C] () -- C:\Windows\SoftWriting.ini [2009.06.14 11:01:39 | 000,000,016 | -H-- | C] () -- C:\Users\Johannes\AppData\Roaming\mxfilerelatedcache.mxc2 [2009.06.14 11:01:21 | 000,000,016 | -H-- | C] () -- C:\Users\Johannes\AppData\Local\mxfilerelatedcache.mxc2 [2009.06.11 23:41:10 | 000,001,024 | ---- | C] () -- C:\Users\Johannes\AppData\Roaming\WavCodec.wff [2009.06.09 07:07:23 | 000,000,614 | ---- | C] () -- C:\Users\Johannes\AppData\Roaming\wklnhst.dat [2009.06.09 06:52:54 | 000,013,824 | ---- | C] () -- C:\Users\Johannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.08.04 11:30:01 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll [2008.07.03 10:34:43 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2008.07.03 10:27:11 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.07.03 10:17:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2008.07.03 10:17:58 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2008.07.03 10:17:58 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2008.07.03 10:17:58 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2008.07.03 10:17:58 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2008.07.03 10:17:58 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2008.07.03 09:48:03 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.07.03 08:57:12 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.04.24 17:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll [2008.04.24 17:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll [2008.04.24 17:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll [2008.04.24 17:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll [2008.04.24 17:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll [2008.04.24 17:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll [2007.12.21 15:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.07.22 20:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll < End of report >
__________________ --> WIE WERDE ICH (ganz einfach) VIRENFREI? |
07.03.2010, 15:11 | #37 |
| WIE WERDE ICH (ganz einfach) VIRENFREI? RESULTAT: ESET Online Scanner C:\Program Files\Unlocker\eBay_shortcuts_1016.exe a variant of Win32/Adware.ADON application deleted - quarantined C:\Users\Johannes\AppData\Local\wxipyzj.exe a variant of Win32/Skintrim.EW trojan cleaned by deleting - quarantined C:\Users\Johannes\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\6b800f31-335d1ec4 a variant of Java/TrojanDownloader.Agent.NAC trojan deleted - quarantined C:\Users\Johannes\Desktop\PROGRAMME\REST\unlocker1.8.7.exe a variant of Win32/Adware.ADON application deleted - quarantined RESULT: HIJACKTHIS: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:24:15, on 07.03.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\ConfigFree\NDSTray.exe C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe C:\Program Files\Toshiba\Power Saver\TPwrMain.exe C:\Program Files\Toshiba\SmoothView\SmoothView.exe C:\Program Files\Toshiba\FlashCards\TCrdMain.exe C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\starter4g.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe C:\Program Files\Smart Protector Pro\SmartProtector-Pro.exe C:\Users\Johannes\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Safari\Safari.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Users\Johannes\AppData\Local\Yahoo!\BrowserPlus\2.5.1\BrowserPlusCore.exe C:\Windows\system32\conime.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.schnellsucher.com/?t=Q1003063475&s=h R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [starter4g] C:\Windows\starter4g.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE O4 - HKCU\..\Run: [SPSTEALT] "C:\Program Files\Smart Protector Pro\SmartProtector-Pro.exe" /stealt O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Johannes\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user') O4 - Startup: Recorte de pantalla e Inicio rápido de OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file) O9 - Extra button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/707-44556-9400-3/4 (file missing) O9 - Extra button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.de/exec/obidos/red...k-21&site=home (file missing) O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AV Engine Scanning Service - Unknown owner - C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c9eb3755cbd480) (gupdate1c9eb3755cbd480) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing) O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: WTGService - Unknown owner - C:\Program Files\XSManager\WTGService.exe O23 - Service: XS Stick Service - 4G Systems GmbH & Co. KG - C:\Windows\service4g.exe -- End of file - 10731 bytes
__________________ Nichts fühlt sich schlimmer an, als auf jemanden böse zu sein. Geändert von John Marcos (07.03.2010 um 15:25 Uhr) |
Themen zu WIE WERDE ICH (ganz einfach) VIRENFREI? |
bezüglich, einfach, experte, foto, guten, inter, interne, internet, internet security, internet security 2010, kriege, schöne, schönen, security, super, troja, trojaner, viren, virenfrei, vista, vista internet security, vista internet security 2010 |