| |
| |||||||
Log-Analyse und Auswertung: verschicke spam mit msn und er stürzt immer abWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.04.2010, 15:37
| #1 |
 |  verschicke spam mit msn und er stürzt immer ab Kann das mal jemand auswerten bitte ? Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:11:35, on 28.04.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18904) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Toshiba\Utilities\KeNotify.exe C:\Program Files\Toshiba\ConfigFree\NDSTray.exe C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe C:\Program Files\Toshiba\SmoothView\SmoothView.exe C:\Program Files\Toshiba\FlashCards\TCrdMain.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Dealio Toolbar\SearchSettings.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Apoint2K\Apntex.exe C:\Users\Public\infocard.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Smart PC Solutions\1-2-3 Spyware Free\SpywareFree.exe C:\Program Files\ICQ6.5\ICQ.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\b**ni\Downloads\HiJackThis.exe C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://w*w.postarticles.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll R3 - URLSearchHook: (no name) - - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Dealio Toolbar\SearchSettings.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Firewall Administrating] C:\Users\Public\infocard.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user') O4 - Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 begin_of_the_skype_highlighting**************07-44556-9400-3/4******end_of_the_skype_highlighting begin_of_the_skype_highlighting 07-44556-9400-3/4 end_of_the_skype_highlighting begin_of_the_skype_highlighting**************07-44556-9400-3/4 begin_of_the_skype_highlighting 07-44556-9400-3/4 end_of_the_skype_highlighting******end_of_the_skype_highlighting (file missing) O9 - Extra button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Desktop Manager 5.9.909.30391 (GoogleDesktopManager-093009-130223) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1ca4e5615b55cf3) (gupdate1ca4e5615b55cf3) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing) O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 13584 bytes |
|
29.04.2010, 12:12
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | verschicke spam mit msn und er stürzt immer ab Hallo und
__________________ bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
29.04.2010, 13:58
| #3 |
| | verschicke spam mit msn und er stürzt immer ab So Danke. Hier die drei Files.
__________________Code:
ATTFilter Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Datenbank Version: 4050
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904
29.04.2010 14:43:43
mbam-log-2010-04-29 (14-43-43).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 255589
Laufzeit: 1 Stunde(n), 7 Minute(n), 9 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firewall administrating (Backdoor.IRCBot) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (hxxp://www.postarticles.net) Good: (hxxp://www.Google.com/) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\Public\infocard.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
Code:
ATTFilter OTL Extras logfile created on: 29.04.2010 14:52:34 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\benni\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,21 Gb Total Space | 60,80 Gb Free Space | 52,32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 970,13 Mb Total Space | 928,67 Mb Free Space | 95,73% Space Free | Partition Type: FAT
Drive F: | 115,21 Gb Total Space | 40,57 Gb Free Space | 35,22% Space Free | Partition Type: NTFS
Drive G: | 4,20 Gb Total Space | 0,37 Gb Free Space | 8,69% Space Free | Partition Type: UDF
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BENNI-PC
Current User Name: benni
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5A4AFAC7-1773-4CCD-AA6C-95232E595A3C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CAFDA367-FABD-4233-8AC7-A0006A443629}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EF26EFFF-2EC5-4E34-9C02-2E6929CE504C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A52642B-B47B-431D-9AD8-7A8B261B962D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{0EB709C1-B1F7-488D-8629-D967F4AE76DA}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{119A9484-683B-4332-B087-94E001DEB77D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{1C1BAB48-E2B1-4B61-9E3B-E83866178CF9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1EC10C27-A96F-4768-8E7D-9180FD334080}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1F1C7FBD-BCF4-440E-88C6-E4292419DC0C}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{3BBB343A-0655-4DD5-9A88-CF67B58F154F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5AD25F8B-D08D-4BAA-8397-8593AE9755BC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{60C26EB7-8482-4C5F-B8F1-0AB6A1D879DB}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{8800D6E6-9698-43B3-8989-CC503A4773FB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8D1B13CD-F7F3-4505-A191-CD0E98EABFA9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B7C9F0DE-C2F6-4A00-B1C3-48809F16B52A}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{C4D41CFC-66AF-46B2-8FAE-6718C8746427}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E8614323-3657-440B-9D35-E108899A9205}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{EC544A99-7DBB-4C51-9C56-76C0B8BFC1DD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{04AD4EBD-C7ED-49C7-24F3-5687423696F3}" = CCC Help English
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05636DCD-2F70-B7E1-AF83-EE7AE23837DE}" = Catalyst Control Center Localization French
"{05E323E6-5FC5-C5A2-CAF7-B280383C0637}" = CCC Help Finnish
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{0ADA9149-D76D-D1E4-19E8-5186B6BBCB41}" = Catalyst Control Center Localization Portuguese
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1E5E2F9A-17D3-45CA-8FF0-B0C2927D4B03}" = MobileMe Control Panel
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{28A8FF71-182B-28D2-0C6D-FC2C6FFB451C}" = ccc-utility
"{2CE3B0A7-717D-ADA2-0AF4-DFB074592755}" = CCC Help Korean
"{2D57FB4E-6277-4A6D-8739-304C38051B89}" = Jitbit Macro Recorder
"{312372AC-CB58-525F-638B-9EFED1377A46}" = Catalyst Control Center Localization Danish
"{318CE77C-A5EB-4076-A00B-1883F49DCF72}" = CCC Help Turkish
"{31BBF145-EBC7-0150-7B47-FA818D84BEE8}" = Catalyst Control Center Core Implementation
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{325C200A-3F0F-96AF-377B-288B4EF98EC0}" = CCC Help Spanish
"{36D2AE08-4A9D-1899-9B7D-A3EB1AC291AD}" = CCC Help German
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{425960AB-8C55-2F6A-E6D4-A407C8284EEE}" = CCC Help Swedish
"{442CD700-D0F5-D0F8-F80B-6F5823BFE6B8}" = CCC Help Czech
"{46A5D1D1-8956-497C-92FB-59C44EFA6214}" = Safari
"{4D070C59-3AB5-4FEC-8DC6-58159095DED0}" = Catalyst Control Center Localization Chinese Standard
"{4D2A20FD-0803-E381-9957-A18F1EC6C470}" = Catalyst Control Center Graphics Full Existing
"{4EEFD489-C4B3-E9FC-28F7-5C183D09B7C6}" = CCC Help Thai
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{535B6C54-1D89-B796-BB38-FE977A7F560C}" = Catalyst Control Center Localization Korean
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F6A7745-1DBA-B28F-74EA-19204D74ED89}" = CCC Help Greek
"{5F92D927-8D54-57BC-459B-A67030D34ED4}" = CCC Help Chinese Traditional
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60609A7D-DF94-61D4-206C-D4B61C5D3D87}" = CCC Help Italian
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5E277C-F43A-E7E7-6FBC-C48CFCE1F3E0}" = CCC Help French
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6DAE6C40-8D6D-A792-1488-107A5BEF3D72}" = CCC Help Portuguese
"{6E5DAC6F-4735-754E-E56E-3FE027662F10}" = Catalyst Control Center Localization Swedish
"{706F446F-44F9-438E-9D67-F0BDF9313E43}" = Catalyst Control Center Localization German
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73F73AE5-D88E-1F39-A89A-5B65039D918D}" = Catalyst Control Center Localization Thai
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{77B7CE03-AEC6-8F6B-A476-20B4D7E3A126}" = Catalyst Control Center Graphics Previews Common
"{788741FE-8F03-4DB2-A76C-43D748E81B67}" = Catalyst Control Center - Branding
"{78FFA639-2724-1EA9-192E-6BF853F28B9E}" = Catalyst Control Center Localization Russian
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DE35E85-072F-724B-1A01-AC4CDCEFDF53}" = Catalyst Control Center Graphics Previews Vista
"{808771C5-5BB2-0DDE-6A25-00EFAB37F984}" = CCC Help Dutch
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{87725CEF-1BC6-47C5-B2CD-96DD6D392EE3}" = Dolby Control Center
"{87AFB2E3-59C5-4B26-D431-73D66256ECF0}" = Catalyst Control Center Localization Chinese Traditional
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C151E54-94A8-4D18-9580-C2190F7FD3A8}" = Hello Engines! 7
"{8C1A50D9-CF32-38C1-EAED-43FB9C4F6329}" = Catalyst Control Center Localization Italian
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{93E142B4-4327-7B65-C7AE-1FC6DBAE360F}" = Catalyst Control Center Localization Hungarian
"{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}" = Dealio Toolbar v4.0.1
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A72ACD2A-7624-3B81-D133-8BEA67CA0C80}" = CCC Help Hungarian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AEEC32F7-21E3-346E-C825-11B60614C84A}" = Catalyst Control Center Localization Japanese
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B972538D-E30D-FC52-A4AB-AAD4B521D306}" = Catalyst Control Center Graphics Full New
"{BB4F8C46-6F88-25BA-F066-0543AB9FCBAE}" = Catalyst Control Center Localization Turkish
"{BB51414E-224A-CCBF-0D3A-317CC5AF14A4}" = Catalyst Control Center Localization Dutch
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C9B981F2-4798-B112-8E0E-1BC721615067}" = Catalyst Control Center Localization Greek
"{CB2E5B9C-B19A-AE60-CBD5-F5AA4F674636}" = Catalyst Control Center Graphics Light
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF9075AE-0913-AC68-B7B8-3425010B4DFF}" = Catalyst Control Center InstallProxy
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D109F340-6355-BF98-128A-1562D727082A}" = CCC Help Norwegian
"{DD4EA23A-AD69-9F2D-E643-D5867A6B9A1F}" = ccc-core-static
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.14
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E920EB31-2B70-5582-433B-C5006578725E}" = Catalyst Control Center Localization Czech
"{E9A1563C-D5B3-849B-3631-90D36E18750C}" = Catalyst Control Center Localization Polish
"{EA537635-B490-5EC1-6A2E-00BD6A127E67}" = CCC Help Polish
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED62E973-9306-B524-77BF-86C0DE82F9EC}" = CCC Help Danish
"{EDB0F69C-5049-E45C-6E6A-1EF9803F2D16}" = CCC Help Russian
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F277C86B-04F4-1030-6236-4EC3EAAD65AC}" = ATI Catalyst Install Manager
"{F68AD4CC-9DB9-FDA2-8F46-93F4944D5503}" = Catalyst Control Center Localization Finnish
"{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}" = HDMI Control Manager
"{F879B5D5-0887-8D49-0930-00D19188081B}" = Catalyst Control Center Localization Norwegian
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9022FFB-D558-F856-83F7-732A400F9789}" = Catalyst Control Center Localization Spanish
"{F9D8A253-3FC0-C63B-9DAB-870608DB4505}" = Skins
"{FBA93A48-2417-E26B-AFEA-9133BC32372E}" = CCC Help Japanese
"{FCD4B6F6-18F0-7EC1-42C2-E621A2CEAC93}" = CCC Help Chinese Standard
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"1-2-3 Spyware Free_is1" = 1-2-3 Spyware Free v4.8
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVAFX" = AVAFX (remove only)
"BayCalculator_is1" = BayCalculator - Deinstallation
"bwin Poker_is1" = bwin Poker
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Excel Fibu" = Excel Fibu
"Fibu3" = Fibu3
"FileZilla Client" = FileZilla Client 3.3.2.1
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IsoBuster_is1" = IsoBuster 2.6
"KigoVideoConverter_is1" = KigoVideoConverter 1.1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MS-Buchhalter Start" = MS-Buchhalter Start 3.0
"MSC" = McAfee SecurityCenter
"myphotobook" = myphotobook 3.6
"NetView3D_is1" = NetView3D Professional 2.0
"Picasa2" = Picasa 2
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"8f3d5f316bf9c08f" = OffiSync
"DFÜ-Reconnecter 1.70" = DFÜ-Reconnecter 1.70
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 19.04.2010 05:35:39 | Computer Name = benni-PC | Source = WinMgmt | ID = 10
Description =
Error - 19.04.2010 08:53:17 | Computer Name = benni-PC | Source = Application Hang | ID = 1002
Description = Programm AcroRd32.exe, Version 8.1.0.137 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 1078 Anfangszeit: 01cadfbe3b3b78b0 Zeitpunkt der Beendigung:
11
Error - 19.04.2010 11:25:06 | Computer Name = benni-PC | Source = WinMgmt | ID = 10
Description =
Error - 19.04.2010 17:59:51 | Computer Name = benni-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.04.2010 03:34:29 | Computer Name = benni-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.04.2010 08:40:05 | Computer Name = benni-PC | Source = Google Update | ID = 20
Description =
Error - 21.04.2010 09:40:05 | Computer Name = benni-PC | Source = Google Update | ID = 20
Description =
Error - 21.04.2010 19:30:24 | Computer Name = benni-PC | Source = WinMgmt | ID = 10
Description =
Error - 22.04.2010 10:48:36 | Computer Name = benni-PC | Source = VSS | ID = 8194
Description =
Error - 23.04.2010 03:24:28 | Computer Name = benni-PC | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 17.02.2010 09:26:11 | Computer Name = benni-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 10.01.2010 05:30:20 | Computer Name = benni-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10.01.2010 05:30:20 | Computer Name = benni-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10.01.2010 05:34:23 | Computer Name = benni-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "OHCI-konformer IEEE 1394-Hostcontroller" (PCI\VEN_197B&DEV_2380&SUBSYS_FF001179&REV_00\4&2bcebcdb&0&00E5)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 10.01.2010 05:34:23 | Computer Name = benni-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD/MMC Host Controller" (PCI\VEN_197B&DEV_2382&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&01E5)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 10.01.2010 05:34:23 | Computer Name = benni-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD Host Controller" (PCI\VEN_197B&DEV_2381&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&02E5)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 10.01.2010 05:34:23 | Computer Name = benni-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X MS Host Controller" (PCI\VEN_197B&DEV_2383&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&03E5)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 10.01.2010 05:34:24 | Computer Name = benni-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X xD Host Controller" (PCI\VEN_197B&DEV_2384&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&04E5)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 10.01.2010 18:14:45 | Computer Name = benni-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "OHCI-konformer IEEE 1394-Hostcontroller" (PCI\VEN_197B&DEV_2380&SUBSYS_FF001179&REV_00\4&2bcebcdb&0&00E5)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 11.01.2010 05:22:01 | Computer Name = benni-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "OHCI-konformer IEEE 1394-Hostcontroller" (PCI\VEN_197B&DEV_2380&SUBSYS_FF001179&REV_00\4&2bcebcdb&0&00E5)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 11.01.2010 10:01:09 | Computer Name = benni-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "OHCI-konformer IEEE 1394-Hostcontroller" (PCI\VEN_197B&DEV_2380&SUBSYS_FF001179&REV_00\4&2bcebcdb&0&00E5)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
< End of report >
|
|
29.04.2010, 13:59
| #4 |
| | verschicke spam mit msn und er stürzt immer ab Waren zuviele Zeichen deswegen musste ich den dritten extra posten Code:
ATTFilter OTL logfile created on: 29.04.2010 14:52:33 - Run 1 OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\benni\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 66,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,21 Gb Total Space | 60,80 Gb Free Space | 52,32% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 970,13 Mb Total Space | 928,67 Mb Free Space | 95,73% Space Free | Partition Type: FAT Drive F: | 115,21 Gb Total Space | 40,57 Gb Free Space | 35,22% Space Free | Partition Type: NTFS Drive G: | 4,20 Gb Total Space | 0,37 Gb Free Space | 8,69% Space Free | Partition Type: UDF H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BENNI-PC Current User Name: benni Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\benni\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google) PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Dealio Toolbar\SearchSettings.exe (Spigot, Inc.) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Windows\System32\PresentationHost.exe (Microsoft Corporation) PRC - C:\Programme\McAfee\SiteAdvisor\McSACore.exe () PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Camera Assistant Software for Toshiba\CEC_MAIN.exe () PRC - C:\Programme\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Camera Assistant Software for Toshiba\traybar.exe (Chicony) PRC - C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) PRC - C:\Programme\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH) PRC - C:\Programme\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH) PRC - C:\Programme\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba) PRC - C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) PRC - C:\Programme\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\Toshiba\HDMICtrlMan\HCMSoundChanger.exe (TOSHIBA Corporation.) PRC - C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) PRC - C:\Programme\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) PRC - C:\Programme\Google\Google EULA\GoogleEULALauncher.exe ( ) PRC - C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.) PRC - c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Toshiba\Registration\ToshibaRegistration.exe (Toshiba) PRC - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\MSK\msksrver.exe (McAfee, Inc.) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - c:\Programme\McAfee\MSC\mcuimgr.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\MPF\MpfSrv.exe (McAfee, Inc.) PRC - C:\Programme\Toshiba\Toshiba Online Product Information\TOPI.exe (TOSHIBA) PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) PRC - C:\Programme\Toshiba\Utilities\KeNotify.exe () PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\benni\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\McAfee\SiteAdvisor\sahook.dll () ========== Win32 Services (SafeList) ========== SRV - (TOSHIBA Bluetooth Service) -- File not found SRV - (GoogleDesktopManager-093009-130223) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe () SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (TempoMonitoringService) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH) SRV - (SmartFaceVWatchSrv) -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba) SRV - (TNaviSrv) -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) SRV - (McNASvc) -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (mcmscsvc) -- C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (McProxy) -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) SRV - (McSysmon) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Driver Services (SafeList) ========== DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation) DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.) DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.) DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA; IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.Google.com/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=966134" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "hxxp://www.daemon-search.com/startpage|hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;" FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.18 FF - prefs.js..extensions.enabledItems: {561A5FBE-9761-4eb3-9182-892D82532414}:1.0.3.30 FF - prefs.js..extensions.enabledItems: {5546F97E-11A5-46b0-9082-32AD74AAA920}:0.5.5.8 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p=" FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010.04.29 12:09:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.29 12:01:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.29 12:03:00 | 000,000,000 | ---D | M] [2009.10.16 13:41:56 | 000,000,000 | ---D | M] -- C:\Users\benni\AppData\Roaming\mozilla\Extensions [2010.04.29 12:26:10 | 000,000,000 | ---D | M] -- C:\Users\benni\AppData\Roaming\mozilla\Firefox\Profiles\z7053s7l.default\extensions [2010.04.29 11:46:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\benni\AppData\Roaming\mozilla\Firefox\Profiles\z7053s7l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(219) [2010.03.25 14:53:42 | 000,000,000 | ---D | M] (InFormEnter) -- C:\Users\benni\AppData\Roaming\mozilla\Firefox\Profiles\z7053s7l.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920} [2010.04.29 12:26:00 | 000,000,000 | ---D | M] (Comodo AV Scanner) -- C:\Users\benni\AppData\Roaming\mozilla\Firefox\Profiles\z7053s7l.default\extensions\{561A5FBE-9761-4eb3-9182-892D82532414} [2010.04.29 12:26:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\benni\AppData\Roaming\mozilla\Firefox\Profiles\z7053s7l.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.04.28 15:21:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\benni\AppData\Roaming\mozilla\Firefox\Profiles\z7053s7l.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2010.04.29 12:01:42 | 000,000,000 | ---D | M] -- C:\Users\benni\AppData\Roaming\mozilla\Firefox\Profiles\z7053s7l.default\extensions\DTToolbar@toolbarnet.com [2009.11.24 01:16:50 | 000,002,059 | ---- | M] () -- C:\Users\benni\AppData\Roaming\Mozilla\FireFox\Profiles\z7053s7l.default\searchplugins\daemon-search.xml [2010.04.23 09:36:24 | 000,000,955 | ---- | M] () -- C:\Users\benni\AppData\Roaming\Mozilla\FireFox\Profiles\z7053s7l.default\searchplugins\icqplugin.xml [2010.04.29 12:01:25 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.04.29 12:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} [2010.04.29 12:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.04.28 23:27:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.29 12:01:25 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com [2009.12.18 20:24:20 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.12.18 20:24:20 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.12.18 20:24:20 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.12.18 20:24:20 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.12.18 20:24:20 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Programme\McAfee\MSK\mcapbho.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll () O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [00TCrdMain] C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) O4 - HKLM..\Run: [cfFncEnabler.exe] File not found O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( ) O4 - HKLM..\Run: [HDMICtrlMan] C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.) O4 - HKLM..\Run: [HSON] C:\Programme\Toshiba\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe File not found O4 - HKLM..\Run: [KeNotify] C:\Programme\Toshiba\Utilities\KeNotify.exe () O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NDSTray.exe] File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SearchSettings] C:\Programme\Dealio Toolbar\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\Toshiba\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [Toshiba TEMPO] C:\Programme\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH) O4 - HKLM..\Run: [TPwrMain] C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe File not found O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.185.33 192.168.0.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll () O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Toshiba\WALLPAPERS\Wallpaper3.jpg O24 - Desktop BackupWallPaper: C:\Toshiba\WALLPAPERS\Wallpaper3.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{7518c7c8-d887-11de-b755-00235a01b3b6}\Shell - "" = AutoRun O33 - MountPoints2\{7518c7c8-d887-11de-b755-00235a01b3b6}\Shell\AutoRun\command - "" = D:\Autorun.exe -- File not found O33 - MountPoints2\{913a2665-42ef-11df-99b6-00235a01b3b6}\Shell - "" = AutoRun O33 - MountPoints2\{913a2665-42ef-11df-99b6-00235a01b3b6}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{913a267c-42ef-11df-99b6-00235a01b3b6}\Shell - "" = AutoRun O33 - MountPoints2\{913a267c-42ef-11df-99b6-00235a01b3b6}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.04.29 14:52:01 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Users\benni\Desktop\OTL.exe [2010.04.29 14:48:58 | 000,000,000 | ---D | C] -- C:\Users\benni\AppData\Roaming\EA [2010.04.29 13:28:46 | 000,000,000 | ---D | C] -- C:\Users\benni\AppData\Local\Unity [2010.04.29 11:06:34 | 000,000,000 | ---D | C] -- C:\Programme\ReviverSoft [2010.04.29 11:06:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ReviverSoft [2010.04.29 00:17:01 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2010.04.29 00:06:18 | 000,000,000 | ---D | C] -- C:\Programme\xp-AntiSpy [2010.04.28 23:57:54 | 000,000,000 | ---D | C] -- C:\Users\benni\Documents\ForceField Shared Files [2010.04.28 23:57:54 | 000,000,000 | ---D | C] -- C:\Users\benni\AppData\Roaming\CheckPoint [2010.04.28 23:57:43 | 000,000,000 | ---D | C] -- C:\Programme\CheckPoint [2010.04.28 23:57:19 | 000,000,000 | ---D | C] -- C:\Programme\Zone Labs [2010.04.28 23:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint [2010.04.28 23:56:50 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2010.04.28 23:56:07 | 000,000,000 | ---D | C] -- C:\Users\benni\AppData\Roaming\Avira [2010.04.28 23:54:15 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.04.28 23:54:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.04.28 23:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo [2010.04.28 23:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010.04.28 22:14:12 | 000,000,000 | ---D | C] -- C:\Users\benni\AppData\Roaming\Malwarebytes [2010.04.28 22:14:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.28 22:14:02 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.28 22:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.04.28 22:14:01 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.04.28 15:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure [2010.04.28 15:21:21 | 000,000,000 | ---D | C] -- C:\Users\benni\AppData\Roaming\QuickScan [2010.04.28 13:15:56 | 000,000,000 | ---D | C] -- C:\Programme\Smart PC Solutions [2010.04.22 16:49:56 | 000,000,000 | ---D | C] -- C:\Users\benni\Documents\Hello Engines! 7 [2010.04.22 16:49:56 | 000,000,000 | ---D | C] -- C:\Users\benni\AppData\Roaming\AceBIT [2010.04.22 16:48:59 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll [2010.04.22 16:48:57 | 000,000,000 | ---D | C] -- C:\Programme\AceBIT [2010.04.14 19:00:13 | 000,000,000 | ---D | C] -- C:\Users\benni\Documents\Meine empfangenen Dateien [2010.04.14 11:37:06 | 000,000,000 | ---D | C] -- C:\Users\benni\AppData\Roaming\BayCalculator [2010.04.14 11:37:03 | 000,000,000 | ---D | C] -- C:\Programme\BayCalculator [2010.04.14 00:29:04 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.04.14 00:29:03 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.04.14 00:28:59 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010.04.14 00:28:56 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm [2010.04.14 00:28:56 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm [2010.04.12 14:57:51 | 000,000,000 | ---D | C] -- C:\Users\benni\AppData\Roaming\AVAFX [2010.04.12 14:57:19 | 000,000,000 | ---D | C] -- C:\Programme\AVAFX [2010.04.08 13:13:47 | 000,000,000 | ---D | C] -- C:\Users\benni\Desktop\Viamondia_Downloadshop [2010.04.08 13:09:59 | 000,000,000 | ---D | C] -- C:\Users\benni\AppData\Roaming\FileZilla [2010.04.08 13:09:08 | 000,000,000 | ---D | C] -- C:\Programme\FileZilla FTP Client [2010.04.08 12:16:36 | 000,621,056 | R--- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys [2010.04.08 12:16:36 | 000,113,152 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys [2010.04.08 12:16:36 | 000,101,760 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys [2010.04.08 12:16:36 | 000,023,424 | R--- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys [2010.04.08 12:14:13 | 000,000,000 | ---D | C] -- C:\Programme\Surf & E-Mail-Stick [2010.04.01 01:48:59 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.04.01 01:48:59 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.04.01 01:48:59 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.04.01 01:48:56 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.04.01 01:48:56 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.04.01 01:48:56 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.04.01 01:48:56 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.04.01 01:48:56 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.04.01 01:48:56 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.04.01 01:48:56 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.04.01 01:48:56 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.04.01 01:48:53 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.04.01 01:48:53 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.04.01 01:48:53 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.04.01 01:48:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.04.29 14:54:32 | 003,932,160 | -HS- | M] () -- C:\Users\benni\ntuser.dat [2010.04.29 14:52:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DE9CF3B9-1DFB-42CF-B22D-A5E6E487526C}.job [2010.04.29 14:51:16 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\benni\Desktop\OTL.exe [2010.04.29 14:44:04 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\tprxcs.sys [2010.04.29 14:40:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.04.29 14:34:34 | 000,014,774 | ---- | M] () -- C:\Users\benni\Desktop\Snapshot of me 1.jpg [2010.04.29 14:31:10 | 000,083,452 | ---- | M] () -- C:\Users\benni\Desktop\x6kb9wtaih2fm5ch5nqe7cfxjw4.jpg [2010.04.29 14:30:35 | 000,025,243 | ---- | M] () -- C:\Users\benni\Desktop\r81b43p7j176ovyylel4facs2is.jpg [2010.04.29 14:30:06 | 000,052,628 | ---- | M] () -- C:\Users\benni\Desktop\459uoxpjndao413vk7y77im8nwc.jpg [2010.04.29 14:22:27 | 000,174,382 | ---- | M] () -- C:\Users\benni\Desktop\Snapshot of me 1.png [2010.04.29 14:03:41 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.04.29 14:03:41 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.04.29 13:17:58 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.29 12:14:54 | 000,001,833 | ---- | M] () -- C:\Users\benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010.04.29 12:11:10 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.04.29 12:11:10 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.04.29 12:11:10 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.04.29 12:11:10 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.04.29 12:11:10 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.04.29 12:04:08 | 000,024,539 | ---- | M] () -- C:\Windows\System32\Config.MPF [2010.04.29 12:04:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.04.29 12:04:00 | 000,405,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.04.29 12:03:58 | 000,524,288 | -HS- | M] () -- C:\Users\benni\ntuser.dat{83903f49-5374-11df-b498-cc64413520e7}.TMContainer00000000000000000002.regtrans-ms [2010.04.29 12:03:58 | 000,524,288 | -HS- | M] () -- C:\Users\benni\ntuser.dat{83903f49-5374-11df-b498-cc64413520e7}.TMContainer00000000000000000001.regtrans-ms [2010.04.29 12:03:58 | 000,065,536 | -HS- | M] () -- C:\Users\benni\ntuser.dat{83903f49-5374-11df-b498-cc64413520e7}.TM.blf [2010.04.29 12:03:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.04.29 12:03:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.04.29 12:02:59 | 3184,406,528 | -HS- | M] () -- C:\hiberfil.sys [2010.04.29 11:52:59 | 000,524,288 | -HS- | M] () -- C:\Users\benni\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.04.29 11:52:59 | 000,065,536 | -HS- | M] () -- C:\Users\benni\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.04.29 11:00:32 | 000,007,052 | ---- | M] () -- C:\Users\benni\AppData\Local\d3d9caps.dat [2010.04.29 01:44:09 | 000,169,316 | ---- | M] () -- C:\Users\benni\Desktop\bookmarks.html [2010.04.29 01:41:54 | 000,089,722 | ---- | M] () -- C:\Users\benni\Desktop\bookmarks-2010-04-29.json [2010.04.28 14:21:21 | 000,189,440 | ---- | M] () -- C:\Users\benni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.28 13:16:06 | 000,001,890 | ---- | M] () -- C:\Users\benni\Desktop\Klicken Sie hier, um PC-Fehler zu finden und zu reparieren.lnk [2010.04.28 13:16:06 | 000,001,091 | ---- | M] () -- C:\Users\benni\Desktop\1-2-3 Spyware Free.lnk [2010.04.17 13:14:32 | 000,000,224 | ---- | M] () -- C:\Users\benni\Desktop\Spielezentrum.url [2010.04.16 14:13:44 | 000,000,590 | ---- | M] () -- C:\Users\benni\Desktop\XAMPP Control Panel.lnk [2010.04.15 12:28:03 | 000,006,969 | ---- | M] () -- C:\Users\benni\Desktop\bestprice_button.gif [2010.04.15 11:22:31 | 000,103,897 | ---- | M] () -- C:\Users\benni\Desktop\bestprice_banner.png [2010.04.15 09:33:03 | 000,011,007 | ---- | M] () -- C:\Users\benni\Desktop\foto_allincl_oben.jpg [2010.04.15 08:52:25 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job [2010.04.14 19:01:33 | 000,010,580 | ---- | M] () -- C:\Users\benni\Documents\Guten Tag.docx [2010.04.14 12:01:58 | 000,010,914 | ---- | M] () -- C:\Users\benni\Documents\Sehr geehrte Damen und Herren.2.docx [2010.04.14 11:37:04 | 000,001,777 | ---- | M] () -- C:\Users\benni\Desktop\BaySearch.de - Tippfehlersuche.lnk [2010.04.13 21:53:26 | 000,010,691 | ---- | M] () -- C:\Users\benni\Desktop\Guten Tag.docx [2010.04.13 11:09:46 | 000,010,987 | ---- | M] () -- C:\Users\benni\Desktop\Sehr geehrtes open holiday guide Team.docx [2010.04.12 20:02:58 | 000,002,078 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.04.12 14:57:20 | 000,001,651 | ---- | M] () -- C:\Users\benni\Desktop\AVAFX.lnk [2010.04.08 17:14:06 | 000,000,149 | ---- | M] () -- C:\Users\benni\Desktop\_config.php [2010.04.08 15:30:11 | 000,007,756 | ---- | M] () -- C:\Users\benni\Desktop\partnerlogo.jpg [2010.04.08 15:22:34 | 000,007,678 | ---- | M] () -- C:\Users\benni\Desktop\Unbenannt.jpg [2010.04.08 15:02:33 | 000,023,240 | ---- | M] () -- C:\Users\benni\Desktop\Logo.jpg [2010.04.08 15:01:02 | 000,015,160 | ---- | M] () -- C:\Users\benni\Desktop\Unbenannt.gif [2010.04.08 12:17:10 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Surf & E-Mail-Stick.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.04.29 14:44:03 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\tprxcs.sys [2010.04.29 14:34:34 | 000,014,774 | ---- | C] () -- C:\Users\benni\Desktop\Snapshot of me 1.jpg [2010.04.29 14:31:10 | 000,083,452 | ---- | C] () -- C:\Users\benni\Desktop\x6kb9wtaih2fm5ch5nqe7cfxjw4.jpg [2010.04.29 14:30:34 | 000,025,243 | ---- | C] () -- C:\Users\benni\Desktop\r81b43p7j176ovyylel4facs2is.jpg [2010.04.29 14:30:06 | 000,052,628 | ---- | C] () -- C:\Users\benni\Desktop\459uoxpjndao413vk7y77im8nwc.jpg [2010.04.29 14:22:27 | 000,174,382 | ---- | C] () -- C:\Users\benni\Desktop\Snapshot of me 1.png [2010.04.29 12:03:58 | 000,524,288 | -HS- | C] () -- C:\Users\benni\ntuser.dat{83903f49-5374-11df-b498-cc64413520e7}.TMContainer00000000000000000002.regtrans-ms [2010.04.29 12:03:58 | 000,524,288 | -HS- | C] () -- C:\Users\benni\ntuser.dat{83903f49-5374-11df-b498-cc64413520e7}.TMContainer00000000000000000001.regtrans-ms [2010.04.29 12:03:58 | 000,065,536 | -HS- | C] () -- C:\Users\benni\ntuser.dat{83903f49-5374-11df-b498-cc64413520e7}.TM.blf [2010.04.29 12:02:59 | 3184,406,528 | -HS- | C] () -- C:\hiberfil.sys [2010.04.29 01:44:09 | 000,169,316 | ---- | C] () -- C:\Users\benni\Desktop\bookmarks.html [2010.04.29 01:41:54 | 000,089,722 | ---- | C] () -- C:\Users\benni\Desktop\bookmarks-2010-04-29.json [2010.04.28 22:14:06 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.28 13:16:06 | 000,001,890 | ---- | C] () -- C:\Users\benni\Desktop\Klicken Sie hier, um PC-Fehler zu finden und zu reparieren.lnk [2010.04.28 13:16:06 | 000,001,091 | ---- | C] () -- C:\Users\benni\Desktop\1-2-3 Spyware Free.lnk [2010.04.17 13:14:32 | 000,000,224 | ---- | C] () -- C:\Users\benni\Desktop\Spielezentrum.url [2010.04.16 14:13:31 | 000,000,590 | ---- | C] () -- C:\Users\benni\Desktop\XAMPP Control Panel.lnk [2010.04.15 12:28:02 | 000,006,969 | ---- | C] () -- C:\Users\benni\Desktop\bestprice_button.gif [2010.04.15 11:22:31 | 000,103,897 | ---- | C] () -- C:\Users\benni\Desktop\bestprice_banner.png [2010.04.15 09:33:02 | 000,011,007 | ---- | C] () -- C:\Users\benni\Desktop\foto_allincl_oben.jpg [2010.04.14 19:01:33 | 000,010,580 | ---- | C] () -- C:\Users\benni\Documents\Guten Tag.docx [2010.04.14 12:01:58 | 000,010,914 | ---- | C] () -- C:\Users\benni\Documents\Sehr geehrte Damen und Herren.2.docx [2010.04.14 11:37:04 | 000,001,777 | ---- | C] () -- C:\Users\benni\Desktop\BaySearch.de - Tippfehlersuche.lnk [2010.04.13 21:53:26 | 000,010,691 | ---- | C] () -- C:\Users\benni\Desktop\Guten Tag.docx [2010.04.13 11:09:46 | 000,010,987 | ---- | C] () -- C:\Users\benni\Desktop\Sehr geehrtes open holiday guide Team.docx [2010.04.12 20:02:58 | 000,002,078 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.04.12 14:57:20 | 000,001,651 | ---- | C] () -- C:\Users\benni\Desktop\AVAFX.lnk [2010.04.08 17:14:06 | 000,000,149 | ---- | C] () -- C:\Users\benni\Desktop\_config.php [2010.04.08 15:30:11 | 000,007,756 | ---- | C] () -- C:\Users\benni\Desktop\partnerlogo.jpg [2010.04.08 15:22:34 | 000,007,678 | ---- | C] () -- C:\Users\benni\Desktop\Unbenannt.jpg [2010.04.08 15:03:53 | 000,023,240 | ---- | C] () -- C:\Users\benni\Desktop\Logo.jpg [2010.04.08 15:00:58 | 000,015,160 | ---- | C] () -- C:\Users\benni\Desktop\Unbenannt.gif [2010.04.08 12:17:10 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Surf & E-Mail-Stick.lnk [2010.02.10 22:24:18 | 000,000,082 | ---- | C] () -- C:\Windows\odbc_merge.INI [2009.11.23 14:10:14 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI [2009.11.18 23:36:21 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.10.21 21:23:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.16 05:46:58 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2009.10.16 05:46:58 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2009.10.16 05:46:58 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2009.10.16 05:46:58 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2008.11.20 12:04:04 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2008.11.20 12:04:04 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2008.11.20 12:04:04 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2008.11.20 12:04:04 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2008.11.20 12:04:04 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2008.11.20 12:04:04 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2008.11.20 11:55:36 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2008.11.20 11:46:51 | 000,040,960 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll [2008.11.20 11:37:58 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.04.24 10:08:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\SPCtl.dll [2007.12.21 17:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.07.22 22:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll < End of report > |
|
29.04.2010, 15:17
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | verschicke spam mit msn und er stürzt immer ab Hallo und Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O33 - MountPoints2\{7518c7c8-d887-11de-b755-00235a01b3b6}\Shell - "" = AutoRun
O33 - MountPoints2\{7518c7c8-d887-11de-b755-00235a01b3b6}\Shell\AutoRun\command - "" = D:\Autorun.exe -- File not found
O33 - MountPoints2\{913a2665-42ef-11df-99b6-00235a01b3b6}\Shell - "" = AutoRun
O33 - MountPoints2\{913a2665-42ef-11df-99b6-00235a01b3b6}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{913a267c-42ef-11df-99b6-00235a01b3b6}\Shell - "" = AutoRun
O33 - MountPoints2\{913a267c-42ef-11df-99b6-00235a01b3b6}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
[2010.04.29 14:44:03 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\tprxcs.sys
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.04.2010, 16:37
| #6 |
| | verschicke spam mit msn und er stürzt immer ab Hallo, hab ich gemacht. In meiner email Benachrichtigung stand noch etwas von wegen ich müsste das ausgesterne in meinen richtigen Benutzernamen verwandeln... Das versteh ich nicht. Hoffe habe alles richtig gemacht Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7518c7c8-d887-11de-b755-00235a01b3b6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7518c7c8-d887-11de-b755-00235a01b3b6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7518c7c8-d887-11de-b755-00235a01b3b6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7518c7c8-d887-11de-b755-00235a01b3b6}\ not found.
File D:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{913a2665-42ef-11df-99b6-00235a01b3b6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{913a2665-42ef-11df-99b6-00235a01b3b6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{913a2665-42ef-11df-99b6-00235a01b3b6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{913a2665-42ef-11df-99b6-00235a01b3b6}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{913a267c-42ef-11df-99b6-00235a01b3b6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{913a267c-42ef-11df-99b6-00235a01b3b6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{913a267c-42ef-11df-99b6-00235a01b3b6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{913a267c-42ef-11df-99b6-00235a01b3b6}\ not found.
File E:\AutoRun.exe not found.
C:\Windows\System32\drivers\tprxcs.sys moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: benni
->Temp folder emptied: 1030308467 bytes
->Temporary Internet Files folder emptied: 28859936 bytes
->Java cache emptied: 45241122 bytes
->FireFox cache emptied: 64134330 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 12589417 bytes
->Flash cache emptied: 8590 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1145860 bytes
RecycleBin emptied: 415620735 bytes
Total Files Cleaned = 1.524,00 mb
OTL by OldTimer - Version 3.2.3.0 log created on 04292010_172610
Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\mcmsc_5B9ucLwHIQfj0Sh not found!
File\Folder C:\Windows\temp\mcmsc_i7vyRKg7GBNvGcM not found!
C:\Windows\temp\sqlite_1BH6csAGo2AfNcO moved successfully.
C:\Windows\temp\sqlite_A9MTIH5Y3pqh6cn moved successfully.
C:\Windows\temp\sqlite_bGhPeXbRb5lpiPy moved successfully.
C:\Windows\temp\sqlite_lGgng9X1E8sFa2y moved successfully.
C:\Windows\temp\sqlite_LJjxGEzUw3f4E9K moved successfully.
Registry entries deleted on Reboot...
|
|
29.04.2010, 18:51
| #7 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | verschicke spam mit msn und er stürzt immer abZitat:
Mach bitte nun einen Durchgang mit CF: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.04.2010, 22:13
| #8 |
| | verschicke spam mit msn und er stürzt immer ab So alles so gemacht wie es da gestanden hat. Code:
ATTFilter ComboFix 10-04-29.01 - benni 29.04.2010 23:00:35.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3036.2091 [GMT 2:00]
ausgeführt von:: c:\users\benni\Desktop\Cofi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((( Dateien erstellt von 2010-03-28 bis 2010-04-29 ))))))))))))))))))))))))))))))
.
2010-04-29 21:08 . 2010-04-29 21:08 -------- d-----w- c:\users\benni\AppData\Local\temp
2010-04-29 21:08 . 2010-04-29 21:08 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-29 21:08 . 2010-04-29 21:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-29 20:27 . 2010-04-29 20:43 -------- d-----w- C:\Cofi
2010-04-29 20:19 . 2010-04-29 20:19 -------- d-----w- c:\program files\CCleaner
2010-04-29 15:26 . 2010-04-29 15:26 -------- d-----w- C:\_OTL
2010-04-29 12:52 . 2009-10-08 08:30 13312 ----a-w- c:\users\benni\AppData\Roaming\EA\EASW\GameFace\PhotoFaceConsole.exe
2010-04-29 12:52 . 2009-09-30 08:41 361472 ----a-w- c:\users\benni\AppData\Roaming\EA\EASW\GameFace\FgPhotofitDll.dll
2010-04-29 12:52 . 2009-09-29 18:29 6144 ----a-w- c:\users\benni\AppData\Roaming\EA\EASW\GameFace\DetectOpenGLConsole.exe
2010-04-29 12:52 . 2009-09-29 18:29 5120 ----a-w- c:\users\benni\AppData\Roaming\EA\EASW\GameFace\DownloadSourcePhotoConsole.exe
2010-04-29 12:52 . 2009-09-29 18:29 9216 ----a-w- c:\users\benni\AppData\Roaming\EA\EASW\GameFace\UploadPhotofitConsole.exe
2010-04-29 12:52 . 2009-09-21 09:14 8192 ----a-w- c:\users\benni\AppData\Roaming\EA\EASW\GameFace\OpenGLCheck.dll
2010-04-29 12:52 . 2009-08-19 09:40 655872 ----a-w- c:\users\benni\AppData\Roaming\EA\EASW\GameFace\msvcr90.dll
2010-04-29 12:52 . 2009-08-19 09:40 572928 ----a-w- c:\users\benni\AppData\Roaming\EA\EASW\GameFace\msvcp90.dll
2010-04-29 12:52 . 2009-08-19 09:40 4178264 ----a-w- c:\users\benni\AppData\Roaming\EA\EASW\GameFace\D3DX9_41.dll
2010-04-29 12:52 . 2009-09-30 17:14 15872 ----a-w- c:\users\benni\AppData\Roaming\EA\EASW\GameFace\PhotoFaceConsole.XmlSerializers.dll
2010-04-29 12:49 . 2010-04-29 12:49 175616 ----a-w- c:\users\benni\AppData\Roaming\EA\EASW\GameFace\unrar64_nocrypt.dll
2010-04-29 12:48 . 2010-04-29 12:49 150528 ----a-w- c:\users\benni\AppData\Roaming\EA\EASW\GameFace\unrar_nocrypt.dll
2010-04-29 12:48 . 2010-04-29 12:48 30208 ----a-w- c:\users\benni\AppData\Roaming\EA\EASW\GameFace\FileDownloadConsole.exe
2010-04-29 12:48 . 2010-04-29 12:48 -------- d-----w- c:\users\benni\AppData\Roaming\EA
2010-04-29 11:28 . 2010-04-29 11:28 -------- d-----w- c:\users\benni\AppData\Local\Unity
2010-04-29 09:06 . 2010-04-29 09:06 -------- d-----w- c:\program files\ReviverSoft
2010-04-29 09:06 . 2010-04-29 09:06 -------- d-----w- c:\programdata\ReviverSoft
2010-04-28 22:17 . 2010-04-28 22:17 -------- d-----w- c:\programdata\WindowsSearch
2010-04-28 22:06 . 2010-04-28 22:06 -------- d-----w- c:\program files\xp-AntiSpy
2010-04-28 21:57 . 2010-04-28 21:57 -------- d-----w- c:\users\benni\AppData\Roaming\CheckPoint
2010-04-28 21:57 . 2010-04-28 21:57 -------- d-----w- c:\program files\CheckPoint
2010-04-28 21:57 . 2010-04-28 21:57 -------- d-----w- c:\program files\Zone Labs
2010-04-28 21:56 . 2010-04-28 21:56 -------- d-----w- c:\programdata\CheckPoint
2010-04-28 21:56 . 2010-04-29 09:08 -------- d-----w- c:\windows\Internet Logs
2010-04-28 21:56 . 2010-04-28 21:56 -------- d-----w- c:\users\benni\AppData\Roaming\Avira
2010-04-28 21:54 . 2010-04-28 21:54 -------- d-----w- c:\programdata\Avira
2010-04-28 21:54 . 2010-04-28 21:54 -------- d-----w- c:\program files\Avira
2010-04-28 21:31 . 2010-04-28 21:31 -------- d-----w- c:\programdata\Comodo
2010-04-28 20:14 . 2010-04-28 20:14 -------- d-----w- c:\users\benni\AppData\Roaming\Malwarebytes
2010-04-28 20:14 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-28 20:14 . 2010-04-28 20:14 -------- d-----w- c:\programdata\Malwarebytes
2010-04-28 20:14 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 20:14 . 2010-04-29 11:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-28 13:36 . 2010-04-28 13:36 -------- d-----w- c:\programdata\F-Secure
2010-04-28 13:21 . 2010-04-28 23:54 -------- d-----w- c:\users\benni\AppData\Roaming\QuickScan
2010-04-28 11:15 . 2010-04-28 11:15 -------- d-----w- c:\program files\Smart PC Solutions
2010-04-22 14:50 . 2010-04-26 19:53 284160 ----a-w- c:\users\benni\AppData\Roaming\AceBIT\Hello Engines! 7\Temp\tidy_de.exe
2010-04-22 14:50 . 2010-04-26 19:53 282624 ----a-w- c:\users\benni\AppData\Roaming\AceBIT\Hello Engines! 7\Temp\tidy_en.exe
2010-04-22 14:49 . 2010-04-22 14:49 -------- d-----w- c:\users\benni\AppData\Roaming\AceBIT
2010-04-22 14:48 . 2001-09-05 18:00 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-04-22 14:48 . 2010-04-29 10:01 -------- d-----w- c:\program files\AceBIT
2010-04-19 22:32 . 2010-04-13 23:16 3468800 ----a-w- c:\users\benni\AppData\Roaming\AVAFX\APP#4D1DB572\Fx_Client.exe
2010-04-14 09:37 . 2010-04-14 10:15 -------- d-----w- c:\users\benni\AppData\Roaming\BayCalculator
2010-04-14 09:37 . 2010-04-29 10:01 -------- d-----w- c:\program files\BayCalculator
2010-04-13 22:29 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-13 22:29 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-13 22:29 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-13 22:29 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-13 22:29 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-13 22:28 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-13 22:28 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-13 22:28 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-13 22:28 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-13 22:27 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-13 22:27 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-12 12:58 . 2010-04-08 03:31 3227648 ----a-w- c:\users\benni\AppData\Roaming\AVAFX\APP#046CAF35\Fx_Client.exe
2010-04-12 12:57 . 2010-04-29 10:01 -------- d-----w- c:\users\benni\AppData\Roaming\AVAFX
2010-04-12 12:57 . 2010-04-29 10:01 -------- d-----w- c:\program files\AVAFX
2010-04-08 11:09 . 2010-04-19 22:31 -------- d-----w- c:\users\benni\AppData\Roaming\FileZilla
2010-04-08 11:09 . 2010-04-08 11:09 -------- d-----w- c:\program files\FileZilla FTP Client
2010-04-08 10:16 . 2008-11-08 08:55 621056 ----a-r- c:\windows\system32\drivers\mod7700.sys
2010-04-08 10:16 . 2008-11-08 08:55 113152 ----a-r- c:\windows\system32\drivers\ewusbnet.sys
2010-04-08 10:16 . 2008-11-08 08:55 101760 ----a-r- c:\windows\system32\drivers\ewusbmdm.sys
2010-04-08 10:16 . 2008-11-08 08:55 23424 ----a-r- c:\windows\system32\drivers\ewdcsc.sys
2010-04-08 10:14 . 2010-04-29 10:03 -------- d-----w- c:\program files\Surf & E-Mail-Stick
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-29 20:58 . 2009-11-18 14:45 -------- d-----w- c:\users\benni\AppData\Roaming\uTorrent
2010-04-29 20:53 . 2010-02-22 13:02 -------- d-----w- c:\users\benni\AppData\Roaming\Skype
2010-04-29 20:51 . 2008-11-20 10:22 -------- d-----w- c:\program files\Google
2010-04-29 20:47 . 2008-11-20 10:18 -------- d-----w- c:\programdata\McAfee
2010-04-29 16:35 . 2008-01-21 07:15 618442 ----a-w- c:\windows\system32\perfh007.dat
2010-04-29 16:35 . 2008-01-21 07:15 122842 ----a-w- c:\windows\system32\perfc007.dat
2010-04-29 15:34 . 2010-02-22 13:06 -------- d-----w- c:\users\benni\AppData\Roaming\skypePM
2010-04-29 10:03 . 2008-11-20 10:22 -------- d-----w- c:\program files\Picasa2
2010-04-29 10:02 . 2009-11-23 23:15 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-04-29 10:01 . 2009-11-18 21:52 -------- d-----w- c:\users\benni\AppData\Roaming\My ClickOnce Applications
2010-04-29 10:01 . 2009-12-10 23:03 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-04-29 10:01 . 2009-12-10 23:03 -------- d-----w- c:\program files\Windows Live
2010-04-29 10:01 . 2009-12-07 16:49 -------- d-----w- c:\program files\YouTube Downloader
2010-04-29 10:01 . 2009-10-30 02:03 -------- d-----w- c:\program files\Teamspeak2_RC2
2010-04-29 10:01 . 2010-03-24 20:16 -------- d-----w- c:\program files\NetView3D
2010-04-29 10:01 . 2009-11-23 23:28 -------- d-----w- c:\program files\Smart Projects
2010-04-29 10:01 . 2010-02-10 20:26 -------- d-----w- c:\program files\MS-Buchhalter
2010-04-29 10:01 . 2010-02-09 10:30 -------- d-----w- c:\program files\Jitbit
2010-04-29 10:01 . 2009-12-09 17:43 -------- d-----w- c:\program files\ICQ6Toolbar
2010-04-29 10:01 . 2009-12-07 16:59 -------- d-----w- c:\program files\KigoVideoConverter
2010-04-29 10:01 . 2009-12-05 23:45 -------- d-----w- c:\program files\Bonjour
2010-04-29 09:00 . 2009-12-10 02:00 7052 ----a-w- c:\users\benni\AppData\Local\d3d9caps.dat
2010-04-28 21:28 . 2008-11-20 09:32 -------- d-----w- c:\program files\Common Files\Java
2010-04-28 21:27 . 2008-11-20 09:33 -------- d-----w- c:\program files\Java
2010-04-28 20:36 . 2009-12-10 18:55 -------- d-----w- c:\users\benni\AppData\Roaming\ICQ
2010-04-28 20:26 . 2010-02-10 16:38 -------- d-----w- c:\program files\ExcelFibu3_11
2010-04-28 13:02 . 2009-12-12 11:04 -------- d-----w- c:\users\benni\AppData\Roaming\vlc
2010-04-28 11:40 . 2009-12-06 00:28 -------- d-----w- c:\program files\Techlogg.com ToneShop
2010-04-22 14:48 . 2008-11-20 09:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-14 01:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-14 01:06 . 2008-11-20 10:27 -------- d-----w- c:\programdata\Microsoft Help
2010-04-09 21:49 . 2009-11-01 20:05 -------- d-----w- c:\users\benni\AppData\Roaming\dvdcss
2010-03-25 13:00 . 2010-03-25 13:00 -------- d-----w- c:\programdata\RoboForm
2010-03-25 13:00 . 2010-03-25 13:00 -------- d-----w- c:\program files\Siber Systems
2010-03-24 20:49 . 2009-10-21 20:12 286 ----a-w- c:\users\benni\AppData\Roaming\wklnhst.dat
2010-03-04 01:53 . 2009-12-05 23:47 -------- d-----w- c:\users\benni\AppData\Roaming\Apple Computer
2010-03-03 12:24 . 2010-03-03 12:24 -------- d-----w- c:\program files\Safari
2010-03-03 12:23 . 2010-03-03 12:23 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2010-03-03 12:23 . 2010-03-03 12:22 -------- d-----w- c:\program files\iTunes
2010-03-03 12:22 . 2010-03-03 12:22 -------- d-----w- c:\program files\iPod
2010-03-03 12:22 . 2009-12-05 23:42 -------- d-----w- c:\program files\Common Files\Apple
2010-03-03 12:19 . 2010-03-03 12:19 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-26 01:59 . 2009-10-16 03:56 114968 ----a-w- c:\users\benni\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 06:39 . 2010-03-31 23:48 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 23:48 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 23:48 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 23:48 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-22 13:06 . 2010-02-22 13:06 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-02-20 23:06 . 2010-03-13 12:20 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-13 12:20 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-13 12:20 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-12 10:32 . 2010-03-16 09:40 293376 ----a-w- c:\windows\system32\browserchoice.exe
2009-10-29 08:22 . 2009-10-29 08:22 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-07-04 430080]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-11-18 289584]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-24 7719456]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2007-04-16 421888]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2007-09-19 438272]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"NDSTray.exe"="NDSTray.exe" [BU]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-05-20 716800]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-08-18 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-09-24 727608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-29 30192]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-08-26 103824]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-09 149280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-17 177472]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]
c:\users\benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):45,a1,ca,ac,c9,79,ca,01
R0 dskc;dskc;c:\windows\System32\drivers\tprxcs.sys [x]
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-23 691696]
R2 gupdate1ca4e5615b55cf3;Google Update Service (gupdate1ca4e5615b55cf3);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-16 133104]
R3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-10-29 30192]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-09-05 40960]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-08-26 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-07-15 106496]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-09-09 99216]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-08-25 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
2010-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-16 11:44]
2010-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-16 11:44]
2010-04-29 c:\windows\Tasks\User_Feed_Synchronization-{DE9CF3B9-1DFB-42CF-B22D-A5E6E487526C}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.Google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home
FF - ProfilePath - c:\users\benni\AppData\Roaming\Mozilla\Firefox\Profiles\z7053s7l.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage|hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\users\benni\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-04-29 23:08
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i????????? ???X?m???m???m???m?
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-2744725279-3685766666-4055958726-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BC7CE7CF-4A05-E078-5D93-6ABDBB28D6D2}*]
"maadkklpkmbfefgaiongbpomim"=hex:69,61,6e,6c,6c,64,6f,6d,62,6d,67,67,68,70,6d,
64,65,6c,00,64
"nagcammnkibcfdbaihbfdmjcelji"=hex:69,61,6e,6c,6c,64,6f,6d,62,6d,67,67,68,70,
6d,64,65,6c,00,64
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-04-29 23:10:47
ComboFix-quarantined-files.txt 2010-04-29 21:10
ComboFix2.txt 2010-04-29 20:42
Vor Suchlauf: 15 Verzeichnis(se), 66.785.288.192 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 66.558.390.272 Bytes frei
- - End Of File - - 9B170156C79CBFE3498BB8BEC8BDFDB1
|
|
30.04.2010, 12:16
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | verschicke spam mit msn und er stürzt immer ab Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter http://www.trojaner-board.de/85421-verschicke-spam-mit-msn-und-er-stuerzt-immer-ab.html
Collect::
c:\windows\System32\drivers\tprxcs.sys
RegNull::
[HKEY_USERS\S-1-5-21-2744725279-3685766666-4055958726-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BC7CE7CF-4A05-E078-5D93-6ABDBB28D6D2}*]
Driver::
dskc
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.04.2010, 17:40
| #10 |
| | verschicke spam mit msn und er stürzt immer ab Hab alles erledigt Code:
ATTFilter ComboFix 10-04-29.05 - benni 30.04.2010 18:18:55.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3036.2057 [GMT 2:00]
ausgeführt von:: c:\users\benni\Desktop\Cofi.exe
Benutzte Befehlsschalter :: c:\users\benni\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_dskc
((((((((((((((((((((((( Dateien erstellt von 2010-03-28 bis 2010-04-30 ))))))))))))))))))))))))))))))
.
2010-04-30 16:24 . 2010-04-30 16:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-30 16:24 . 2010-04-30 16:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-29 23:48 . 2010-02-24 08:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-29 21:10 . 2010-04-30 16:26 -------- d-----w- c:\users\benni\AppData\Local\temp
2010-04-29 20:58 . 2010-04-29 21:10 -------- d-----w- C:\Cofi31451C
2010-04-29 20:27 . 2010-04-29 20:43 -------- d-----w- C:\Cofi
2010-04-29 20:19 . 2010-04-29 20:19 -------- d-----w- c:\program files\CCleaner
2010-04-29 15:26 . 2010-04-29 15:26 -------- d-----w- C:\_OTL
2010-04-29 12:48 . 2010-04-29 12:48 -------- d-----w- c:\users\benni\AppData\Roaming\EA
2010-04-29 11:28 . 2010-04-29 11:28 -------- d-----w- c:\users\benni\AppData\Local\Unity
2010-04-29 09:06 . 2010-04-29 09:06 -------- d-----w- c:\program files\ReviverSoft
2010-04-29 09:06 . 2010-04-29 09:06 -------- d-----w- c:\programdata\ReviverSoft
2010-04-28 22:17 . 2010-04-28 22:17 -------- d-----w- c:\programdata\WindowsSearch
2010-04-28 22:06 . 2010-04-28 22:06 -------- d-----w- c:\program files\xp-AntiSpy
2010-04-28 21:57 . 2010-04-28 21:57 -------- d-----w- c:\users\benni\AppData\Roaming\CheckPoint
2010-04-28 21:57 . 2010-04-28 21:57 -------- d-----w- c:\program files\CheckPoint
2010-04-28 21:57 . 2010-04-28 21:57 -------- d-----w- c:\program files\Zone Labs
2010-04-28 21:56 . 2010-04-28 21:56 -------- d-----w- c:\programdata\CheckPoint
2010-04-28 21:56 . 2010-04-29 09:08 -------- d-----w- c:\windows\Internet Logs
2010-04-28 21:56 . 2010-04-28 21:56 -------- d-----w- c:\users\benni\AppData\Roaming\Avira
2010-04-28 21:54 . 2010-04-28 21:54 -------- d-----w- c:\programdata\Avira
2010-04-28 21:54 . 2010-04-28 21:54 -------- d-----w- c:\program files\Avira
2010-04-28 21:31 . 2010-04-28 21:31 -------- d-----w- c:\programdata\Comodo
2010-04-28 20:14 . 2010-04-28 20:14 -------- d-----w- c:\users\benni\AppData\Roaming\Malwarebytes
2010-04-28 20:14 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-28 20:14 . 2010-04-28 20:14 -------- d-----w- c:\programdata\Malwarebytes
2010-04-28 20:14 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 20:14 . 2010-04-29 11:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-28 13:36 . 2010-04-28 13:36 -------- d-----w- c:\programdata\F-Secure
2010-04-28 13:21 . 2010-04-28 23:54 -------- d-----w- c:\users\benni\AppData\Roaming\QuickScan
2010-04-22 14:49 . 2010-04-22 14:49 -------- d-----w- c:\users\benni\AppData\Roaming\AceBIT
2010-04-22 14:48 . 2001-09-05 18:00 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-04-22 14:48 . 2010-04-29 10:01 -------- d-----w- c:\program files\AceBIT
2010-04-14 09:37 . 2010-04-14 10:15 -------- d-----w- c:\users\benni\AppData\Roaming\BayCalculator
2010-04-14 09:37 . 2010-04-29 10:01 -------- d-----w- c:\program files\BayCalculator
2010-04-13 22:29 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-13 22:29 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-13 22:29 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-13 22:29 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-13 22:29 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-13 22:28 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-13 22:28 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-13 22:28 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-13 22:28 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-13 22:27 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-13 22:27 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-08 11:09 . 2010-04-19 22:31 -------- d-----w- c:\users\benni\AppData\Roaming\FileZilla
2010-04-08 11:09 . 2010-04-08 11:09 -------- d-----w- c:\program files\FileZilla FTP Client
2010-04-08 10:14 . 2010-04-29 21:19 -------- d-----w- c:\program files\Surf & E-Mail-Stick
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-30 16:25 . 2009-11-18 14:45 -------- d-----w- c:\users\benni\AppData\Roaming\uTorrent
2010-04-30 10:42 . 2009-12-12 11:04 -------- d-----w- c:\users\benni\AppData\Roaming\vlc
2010-04-29 21:18 . 2010-02-22 13:02 -------- d-----r- c:\program files\Skype
2010-04-29 20:53 . 2010-02-22 13:02 -------- d-----w- c:\users\benni\AppData\Roaming\Skype
2010-04-29 20:51 . 2008-11-20 10:22 -------- d-----w- c:\program files\Google
2010-04-29 20:47 . 2008-11-20 10:18 -------- d-----w- c:\programdata\McAfee
2010-04-29 16:35 . 2008-01-21 07:15 618442 ----a-w- c:\windows\system32\perfh007.dat
2010-04-29 16:35 . 2008-01-21 07:15 122842 ----a-w- c:\windows\system32\perfc007.dat
2010-04-29 15:34 . 2010-02-22 13:06 -------- d-----w- c:\users\benni\AppData\Roaming\skypePM
2010-04-29 12:49 . 2010-04-29 12:49 175616 ----a-w- c:\users\benni\AppData\Roaming\EA\EASW\GameFace\unrar64_nocrypt.dll
2010-04-29 12:49 . 2010-04-29 12:48 150528 ----a-w- c:\users\benni\AppData\Roaming\EA\EASW\GameFace\unrar_nocrypt.dll
2010-04-29 12:48 . 2010-04-29 12:48 30208 ----a-w- c:\users\benni\AppData\Roaming\EA\EASW\GameFace\FileDownloadConsole.exe
2010-04-29 10:02 . 2009-11-23 23:15 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-04-29 10:01 . 2009-11-18 21:52 -------- d-----w- c:\users\benni\AppData\Roaming\My ClickOnce Applications
2010-04-29 10:01 . 2009-12-10 23:03 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-04-29 10:01 . 2009-12-10 23:03 -------- d-----w- c:\program files\Windows Live
2010-04-29 10:01 . 2009-12-07 16:49 -------- d-----w- c:\program files\YouTube Downloader
2010-04-29 10:01 . 2009-10-30 02:03 -------- d-----w- c:\program files\Teamspeak2_RC2
2010-04-29 10:01 . 2010-03-24 20:16 -------- d-----w- c:\program files\NetView3D
2010-04-29 10:01 . 2009-11-23 23:28 -------- d-----w- c:\program files\Smart Projects
2010-04-29 10:01 . 2010-02-09 10:30 -------- d-----w- c:\program files\Jitbit
2010-04-29 10:01 . 2009-12-09 17:43 -------- d-----w- c:\program files\ICQ6Toolbar
2010-04-29 10:01 . 2009-12-07 16:59 -------- d-----w- c:\program files\KigoVideoConverter
2010-04-29 10:01 . 2009-12-05 23:45 -------- d-----w- c:\program files\Bonjour
2010-04-29 09:00 . 2009-12-10 02:00 7052 ----a-w- c:\users\benni\AppData\Local\d3d9caps.dat
2010-04-28 21:28 . 2008-11-20 09:32 -------- d-----w- c:\program files\Common Files\Java
2010-04-28 21:27 . 2008-11-20 09:33 -------- d-----w- c:\program files\Java
2010-04-28 20:36 . 2009-12-10 18:55 -------- d-----w- c:\users\benni\AppData\Roaming\ICQ
2010-04-28 20:26 . 2010-02-10 16:38 -------- d-----w- c:\program files\ExcelFibu3_11
2010-04-28 11:40 . 2009-12-06 00:28 -------- d-----w- c:\program files\Techlogg.com ToneShop
2010-04-26 19:53 . 2010-04-22 14:50 284160 ----a-w- c:\users\benni\AppData\Roaming\AceBIT\Hello Engines! 7\Temp\tidy_de.exe
2010-04-26 19:53 . 2010-04-22 14:50 282624 ----a-w- c:\users\benni\AppData\Roaming\AceBIT\Hello Engines! 7\Temp\tidy_en.exe
2010-04-22 14:48 . 2008-11-20 09:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-14 01:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-14 01:06 . 2008-11-20 10:27 -------- d-----w- c:\programdata\Microsoft Help
2010-04-09 21:49 . 2009-11-01 20:05 -------- d-----w- c:\users\benni\AppData\Roaming\dvdcss
2010-03-25 13:00 . 2010-03-25 13:00 -------- d-----w- c:\programdata\RoboForm
2010-03-25 13:00 . 2010-03-25 13:00 -------- d-----w- c:\program files\Siber Systems
2010-03-24 20:49 . 2009-10-21 20:12 286 ----a-w- c:\users\benni\AppData\Roaming\wklnhst.dat
2010-03-04 01:53 . 2009-12-05 23:47 -------- d-----w- c:\users\benni\AppData\Roaming\Apple Computer
2010-03-03 12:24 . 2010-03-03 12:24 -------- d-----w- c:\program files\Safari
2010-03-03 12:23 . 2010-03-03 12:23 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2010-03-03 12:23 . 2010-03-03 12:22 -------- d-----w- c:\program files\iTunes
2010-03-03 12:22 . 2010-03-03 12:22 -------- d-----w- c:\program files\iPod
2010-03-03 12:22 . 2009-12-05 23:42 -------- d-----w- c:\program files\Common Files\Apple
2010-03-03 12:19 . 2010-03-03 12:19 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-26 01:59 . 2009-10-16 03:56 114968 ----a-w- c:\users\benni\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 06:39 . 2010-03-31 23:48 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 23:48 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 23:48 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 23:48 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-22 13:06 . 2010-02-22 13:06 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-02-20 23:06 . 2010-03-13 12:20 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-13 12:20 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-13 12:20 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-12 10:32 . 2010-03-16 09:40 293376 ----a-w- c:\windows\system32\browserchoice.exe
2009-10-29 08:22 . 2009-10-29 08:22 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-07-04 430080]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-11-18 289584]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-24 7719456]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2007-04-16 421888]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2007-09-19 438272]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"NDSTray.exe"="NDSTray.exe" [BU]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-05-20 716800]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-08-18 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-09-24 727608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-29 30192]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-08-26 103824]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-09 149280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-17 177472]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]
c:\users\benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):45,a1,ca,ac,c9,79,ca,01
R2 gupdate1ca4e5615b55cf3;Google Update Service (gupdate1ca4e5615b55cf3);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-16 133104]
R3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-10-29 30192]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-09-09 99216]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-23 691696]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-09-05 40960]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-08-26 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-07-15 106496]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-08-25 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
2010-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-16 11:44]
2010-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-16 11:44]
2010-04-30 c:\windows\Tasks\User_Feed_Synchronization-{DE9CF3B9-1DFB-42CF-B22D-A5E6E487526C}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.Google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home
FF - ProfilePath - c:\users\benni\AppData\Roaming\Mozilla\Firefox\Profiles\z7053s7l.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\users\benni\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-04-30 18:26
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i????????? ???X?m???m???m???m?
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spom.sys hal.dll >>UNKNOWN [0x858A2938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x827dfd24
\Driver\ACPI -> acpi.sys @ 0x807c2d68
\Driver\atapi -> 0x858eb1f8
\Driver\iaStor -> iaStor.sys @ 0x826c9a60
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-04-30 18:33:32 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-04-30 16:33
ComboFix2.txt 2010-04-29 21:10
ComboFix3.txt 2010-04-29 20:42
Vor Suchlauf: 16 Verzeichnis(se), 62.770.753.536 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 62.421.975.040 Bytes frei
- - End Of File - - 86A9C07D3019E8F2F4B27845B191E055
|
|
30.04.2010, 18:02
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | verschicke spam mit msn und er stürzt immer ab Sieht gut aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.04.2010, 22:04
| #12 |
| | verschicke spam mit msn und er stürzt immer ab So bitteeeeeeee Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4055
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904
30.04.2010 20:20:52
mbam-log-2010-04-30 (20-20-52).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|)
Durchsuchte Objekte: 262182
Laufzeit: 59 Minute(n), 59 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 04/30/2010 at 10:45 PM
Application Version : 4.36.1006
Core Rules Database Version : 4872
Trace Rules Database Version: 2684
Scan type : Complete Scan
Total Scan Time : 01:36:31
Memory items scanned : 747
Memory threats detected : 0
Registry items scanned : 7463
Registry threats detected : 0
File items scanned : 143080
File threats detected : 1
Adware.Vundo/Variant-MSFake
C:\WINDOWS\SYSTEM32\MSAD2719.RRA
Geändert von PrinzBenni (30.04.2010 um 22:09 Uhr) |
|
01.05.2010, 12:06
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | verschicke spam mit msn und er stürzt immer ab Ok, den Fund bitte entfernen. Wir sollten da aber noch was überprüfen wg. des möglicherweise infizierten MBR. Von GMER gibt es ein spezielles Tool um den MBR (Master Boot Record) zu prüfen, der MBR wird zB auch vom Sinowal manipuliert. Die MBR.exe sollte aus der Konsole ausgeführt werden, also zB so: Die mbr.exe liegt direkt auf C:, dann öffnest Du über Start, Ausführen cmd.exe (schwarze Konsole öffnet sich) und dort tippst Du ein: c:\mbr.exe -f > c:\mbr.txt Und bestätigst mit Enter. Die Logdatei vom MBR-Tool findest Du im gleichen Pfad, von der die mbr.exe ausgeführt wurde, im obigen Beispiel c:\mbr.txt - das bitte öffnen und den Inhalt hier posten.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.05.2010, 11:55
| #14 |
| | verschicke spam mit msn und er stürzt immer ab irgendwie klappt das nicht. Also die exe. bekomme ich zum starten und dann kommt auch das schwarze fenster dort fürge ich den text ein hinter dem was schon da steht und dann kommt immer in dem fenster eine fehlermeldung. Irgendwas mache ich bestimmt falsch ;-((( |
|
03.05.2010, 08:25
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | verschicke spam mit msn und er stürzt immer ab Wenn Du die Fehlermeldung nicht postest, kann man Dir nicht helfen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu verschicke spam mit msn und er stürzt immer ab |
| agere systems, auswerten, bho, browser, desktop, ebay, firefox, google, gupdate, hijack, hijackthis, internet, internet explorer, logfile, mozilla, object, performance, plug-in, realtek, rundll, saver, senden, siteadvisor, skype.exe, software, spam, spyware, system, uleadburninghelper, vista, windows |
Linear-Darstellung
