Trojaner Backdoor, Suurch und Adware

aisthesis · 01.05.2010, 11:53

Hallo Zusammen,

seit zwei Tagen habe ich gemerkt, dass mit meinem Rechner etwas nicht stimmt. Er lief langsamer als zuvor und mein Internet-Explorer begann eigenständig mir unbekannte Seiten im Internet zu öffnen.

Da ich bis zu diesem Zeitpunkt noch den vorinstallierten Virenscanner und die entsprechende Firewall von Microsoft hatte, habe ich den ersten durch Avira AntiVir und etwas später die Firewall durch ZoneAlarm ersetzt.
Antivir hat mir dann einige Funde gemeldet, ein kleiner Auszug:

[FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen
[FUND] Ist das Trojanische Pferd TR/Dropper.Gen
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen2
[FUND] Ist das Trojanische Pferd TR/Dldr.Agent.dmqo
[FUND] Ist das Trojanische Pferd TR/Click.Hatigh.C.30
[FUND] Ist das Trojanische Pferd TR/Ertfor.B.31

Ich habe dann den Spyware Doctor installiert, der mir folgende Funde gemeldet hat:

Backdoor.Hackdor (3 Infizierungen) [Bei der Board- und Google-Suche bin ich immer nur auf Backdoor.Haxxdoor gestoßen, ist das das gleiche Trojanische Pferd?]
Trojan-Downloader.Suurch (1 Infizierung)
Backdoor.Agent.CFC (1 Infizierung)
Application.TrackingCookies (3 Infizierung)
Adware.Advertising (1 Infizierung)
Trojan-Spy.Zbot.YETH (6 Infizierungen)

Dann habe ich Malwarebytes angewendet, das mir folgende Ergebnisse geliefert hat:

Backdoor.Bot
Rootkit.Agent
Trojan.Agent
Malware.Trace (2 X)
Worm.P2P

Für das Entfernen durch Malware musste ich dann meinen PC neustarten. Das hat allerdings Probleme gegeben und mein Rechner wollte zu einem Widerherstellungspunkt zurückkehren, das ich aber abgebrochen habe, weil ich nicht wollte, dass er die neuinstallierte Firewall und Virenscan löscht (was vorher nämlich passiert ist, aber unabhängig von Gebrauch eines Programmes).
In der Quarantäne von Malwarebytes sind nun:

Backdoor.Bot
Trojan.Agent
Malware.Trace (2 X)
Worm.P2P

Dieses „Rootkit.Agent“ fehlt dort also. Ich weiß nun nicht, ob das dem Programm durch die Finger gegangen ist, oder ob es Rootkit.Agent einfach gelöscht und nicht in Quarantäne verlegt hat.

Nachdem ich Malwarebytes dann angewendet habe, habe ich nochmal den Spyware Doctor benutzt, der mir dann nur noch folgendes Ergebnis geliefert hat:

Application.TrackingCookies (1 Infizierung)

Jetzt habe ich von Antivir länger keine Fundinformationen mehr erhalten, allerdings meldet sich der Spyware Doctor recht oft mit Meldungen, dass er den Zugriff auf (von mir nicht gestartete) Websites blockiert hat. Ein Auszug:

Zugriff auf mx.interfree.it blockiert
Zugriff auf mortar.isprime.com blockiert
Zugriff auf mail3.mail.flowgo.com blockiert
Zugriff auf nullmx.cachamail.com blockiert
Zugriff auf nullmx.bordermai.com blockiert

Im Folgenden nun der Report von Malwarebytes und die log.txt und info.txt von RSIT (den CCleaner habe ich entsprechend den Board-Hinweisen vorher auch ausgeführt).

Malwarebytes Report:

Zitat:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4054

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

30.04.2010 16:57:12
mbam-log-2010-04-30 (16-57-12).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 119808
Laufzeit: 11 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\desktop sms (Worm.P2P) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\system32\Drivers\kuemg.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Users\***\csrss.exe (Trojan.Agent) -> Delete on reboot.

RSIT-log:

Zitat:

Logfile of random's system information tool 1.06 (written by random/random)
Run by *** at 2010-04-30 19:05:27
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 29 GB (24%) free of 119 GB
Total RAM: 2037 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:06:12, on 30.04.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18444)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\TODDSrv.exe
c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Users\***\Zubehör\Zonealarm\zlclient.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Users\***\Zubehör\DAEMON Tools\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\***\Zubehör\MagicISO\MagicDISC\MagicDisc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\***\Desktop\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\***.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.google.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.google.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Users\***\Zubehör\Quick Time\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Users\***\Zubehör\Zonealarm\zlclient.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Users\***\Zubehör\DAEMON Tools\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Users\***\Zubehör\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = ?
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - h**p://rover.ebay.com/rover/1/707-44556-9400-3/4 (file missing)
O9 - Extra button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - h**p://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Users\***\Zubehör\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Users\***\Zubehör\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11543 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-30 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-01-30 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-30 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-05 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-05 154136]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-05 129560]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-29 4911104]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1029416]
"NDSTray.exe"=NDSTray.exe []
"topi"=C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2007-07-10 581632]
"Camera Assistant Software"=C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2007-10-25 413696]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2008-01-17 431456]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2007-10-31 54608]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2008-01-25 509816]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2008-01-22 712704]
"Toshiba Registration"=C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [2007-05-04 571024]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"QuickTime Task"=C:\Users\***\Zubehör\Quick Time\QTTask.exe [2009-05-26 413696]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"ZoneAlarm Client"=C:\Users\***\Zubehör\Zonealarm\zlclient.exe [2009-11-22 1037192]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2010-01-18 1286608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"TOSCDSPD"=TOSCDSPD.EXE []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"DAEMON Tools Lite"=C:\Users\***\Zubehör\DAEMON Tools\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-22 39408]
"ICQ"=C:\Users\***\Zubehör\ICQ6.5\ICQ.exe [2009-11-16 172792]

C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MagicDisc.lnk - C:\Users\***\Zubehör\MagicISO\MagicDISC\MagicDisc.exe
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
TRDCReminder.lnk - C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-09-13 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c53012d-9a1f-11dd-a4ab-001644e493b8}]
shell\AutoRun\command - H:\Menu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4eaf46b4-908e-11dd-96f4-001e33484ec6}]
shell\AutoRun\command - G:\autorun.exe
shell\setup\command - G:\setup.exe

======List of files/folders created in the last 1 months======

2010-04-30 19:05:35 ----D---- C:\Program Files\trend micro
2010-04-30 19:05:27 ----D---- C:\rsit
2010-04-30 16:05:33 ----D---- C:\Users\***\AppData\Roaming\Malwarebytes
2010-04-30 16:05:01 ----D---- C:\ProgramData\Malwarebytes
2010-04-30 14:38:03 ----D---- C:\Users\***\AppData\Roaming\PC Tools
2010-04-30 14:38:03 ----D---- C:\ProgramData\PC Tools
2010-04-30 14:38:03 ----D---- C:\Program Files\Spyware Doctor
2010-04-30 14:38:03 ----D---- C:\Program Files\Common Files\PC Tools
2010-04-30 14:37:04 ----AD---- C:\ProgramData\TEMP
2010-04-30 14:21:10 ----D---- C:\Users\***\AppData\Roaming\GetRightToGo
2010-04-30 14:06:29 ----A---- C:\Windows\system32\tcpipcfg.dll
2010-04-30 14:06:29 ----A---- C:\Windows\system32\netiougc.exe
2010-04-30 14:06:20 ----A---- C:\Windows\system32\vsregexp.dll
2010-04-30 14:06:13 ----A---- C:\Windows\system32\zlcommdb.dll
2010-04-30 14:06:13 ----A---- C:\Windows\system32\zlcomm.dll
2010-04-30 14:06:10 ----A---- C:\Windows\system32\vswmi.dll
2010-04-30 14:06:06 ----A---- C:\Windows\system32\zpeng25.dll
2010-04-30 14:06:06 ----A---- C:\Windows\system32\vsxml.dll
2010-04-30 14:06:05 ----A---- C:\Windows\system32\vspubapi.dll
2010-04-30 14:06:05 ----A---- C:\Windows\system32\vsmonapi.dll
2010-04-30 14:06:04 ----A---- C:\Windows\system32\vsdata.dll
2010-04-30 14:05:45 ----D---- C:\Windows\system32\ZoneLabs
2010-04-30 14:03:19 ----D---- C:\ProgramData\CheckPoint
2010-04-30 14:03:17 ----A---- C:\Windows\system32\vsutil.dll
2010-04-30 14:03:17 ----A---- C:\Windows\system32\vsinit.dll
2010-04-30 13:46:21 ----D---- C:\Windows\Internet Logs
2010-04-27 22:48:02 ----D---- C:\Users\***\AppData\Roaming\Avira
2010-04-27 22:46:15 ----D---- C:\ProgramData\Avira
2010-04-27 22:46:15 ----D---- C:\Program Files\Avira
2010-04-27 10:28:35 ----SHD---- C:\Users\***\AppData\Roaming\lowsec
2010-04-17 17:08:45 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-04-17 17:08:44 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-04-17 17:08:39 ----A---- C:\Windows\system32\vbscript.dll
2010-04-17 17:08:22 ----A---- C:\Windows\system32\IKEEXT.DLL
2010-04-17 17:08:21 ----A---- C:\Windows\system32\iphlpsvc.dll
2010-04-17 17:08:21 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2010-04-17 17:08:21 ----A---- C:\Windows\system32\BFE.DLL
2010-04-14 07:59:50 ----A---- C:\Windows\system32\cabview.dll
2010-04-14 07:59:41 ----A---- C:\Windows\system32\wintrust.dll
2010-03-31 11:35:09 ----A---- C:\Windows\system32\mshtml.dll
2010-03-31 11:35:08 ----A---- C:\Windows\system32\wininet.dll
2010-03-31 11:35:08 ----A---- C:\Windows\system32\occache.dll
2010-03-31 11:35:07 ----A---- C:\Windows\system32\urlmon.dll
2010-03-31 11:35:06 ----A---- C:\Windows\system32\ieframe.dll
2010-03-31 11:35:05 ----A---- C:\Windows\system32\ieapfltr.dll
2010-03-31 11:35:03 ----A---- C:\Windows\system32\mshtmled.dll
2010-03-31 11:35:03 ----A---- C:\Windows\system32\iertutil.dll
2010-03-31 11:35:02 ----A---- C:\Windows\system32\iedkcs32.dll
2010-03-31 11:35:00 ----A---- C:\Windows\system32\msfeeds.dll
2010-03-31 11:35:00 ----A---- C:\Windows\system32\iepeers.dll
2010-03-31 11:35:00 ----A---- C:\Windows\system32\ieaksie.dll
2010-03-31 11:34:57 ----A---- C:\Windows\system32\ieUnatt.exe
2010-03-31 11:34:57 ----A---- C:\Windows\system32\ieencode.dll
2010-03-31 11:34:55 ----A---- C:\Windows\system32\mstime.dll
2010-03-31 11:34:54 ----A---- C:\Windows\system32\jsproxy.dll

======List of files/folders modified in the last 1 months======

2010-04-30 19:05:56 ----D---- C:\Windows\Temp
2010-04-30 19:05:35 ----RD---- C:\Program Files
2010-04-30 18:04:09 ----SHD---- C:\System Volume Information
2010-04-30 17:34:17 ----AD---- C:\Windows\System32
2010-04-30 17:34:16 ----D---- C:\Windows\inf
2010-04-30 17:34:16 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-04-30 17:29:15 ----D---- C:\Windows\tracing
2010-04-30 17:28:15 ----D---- C:\Windows\Minidump
2010-04-30 17:28:15 ----D---- C:\Windows
2010-04-30 17:27:22 ----D---- C:\Windows\system32\drivers
2010-04-30 17:27:22 ----D---- C:\Windows\Panther
2010-04-30 16:05:01 ----HD---- C:\ProgramData
2010-04-30 15:42:47 ----D---- C:\Windows\Debug
2010-04-30 14:39:20 ----SHD---- C:\Windows\Installer
2010-04-30 14:39:20 ----D---- C:\Windows\winsxs
2010-04-30 14:38:03 ----D---- C:\Program Files\Common Files
2010-04-30 14:21:50 ----D---- C:\Windows\system32\Tasks
2010-04-30 14:07:55 ----D---- C:\Windows\system32\migration
2010-04-30 14:06:40 ----D---- C:\Windows\system32\catroot
2010-04-30 14:06:14 ----D---- C:\Windows\SoftwareDistribution
2010-04-30 13:56:37 ----D---- C:\Windows\Tasks
2010-04-30 13:52:55 ----SD---- C:\Windows\system32\Microsoft
2010-04-30 13:29:45 ----RSD---- C:\Windows\Fonts
2010-04-29 19:24:41 ----D---- C:\Windows\system32\config
2010-04-29 19:24:11 ----D---- C:\Windows\system32\spool
2010-04-29 19:24:11 ----D---- C:\Windows\system32\Msdtc
2010-04-29 19:24:11 ----D---- C:\Windows\system32\CodeIntegrity
2010-04-29 19:24:10 ----D---- C:\Users\***\AppData\Roaming\DAEMON Tools
2010-04-29 19:24:01 ----D---- C:\Windows\system32\wbem
2010-04-29 19:24:01 ----D---- C:\Windows\registration
2010-04-29 19:07:13 ----SD---- C:\ProgramData\Microsoft
2010-04-29 18:31:21 ----D---- C:\Users\***\AppData\Roaming\Kuity
2010-04-29 18:27:11 ----D---- C:\Users\***\AppData\Roaming\Aksat
2010-04-29 18:13:00 ----D---- C:\Windows\system32\catroot2
2010-04-28 17:12:52 ----D---- C:\Users\***\AppData\Roaming\ICQ
2010-04-28 16:32:52 ----D---- C:\Users\***\AppData\Roaming\Skype
2010-04-27 10:28:49 ----D---- C:\temp
2010-04-25 18:01:28 ----D---- C:\Windows\Prefetch
2010-04-18 12:55:13 ----D---- C:\Program Files\Windows Mail
2010-04-10 23:34:16 ----D---- C:\Users\***\AppData\Roaming\dvdcss
2010-04-07 23:16:35 ----D---- C:\Users\***\AppData\Roaming\uTorrent
2010-04-07 23:02:07 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-06 19:52:54 ----A---- C:\Windows\system32\mrt.exe
2010-04-01 16:12:56 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 pctgntdi;pctgntdi; \??\C:\Windows\System32\drivers\pctgntdi.sys [2010-02-05 233136]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver; C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2008-10-14 226496]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2009-11-22 446664]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-01-27 278984]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-01-27 25416]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-17 8704]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-11-01 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-11-01 208896]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-09-13 1925632]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-30 2058528]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 MxlW2k;MxlW2k; C:\Windows\system32\drivers\MxlW2k.sys [2008-08-05 28164]
R3 pctplsg;pctplsg; \??\C:\Windows\System32\drivers\pctplsg.sys [2010-02-05 70408]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-12-28 104448]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54 MBit/s USB 2.0 Netzwerkadapter; C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-12-06 196400]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 TfNetMon;TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [2010-02-02 33552]
R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-12-17 18432]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-11-01 661504]
S3 a4yfdq0c;a4yfdq0c; C:\Windows\system32\drivers\a4yfdq0c.sys []
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 GarenaPEngine;GarenaPEngine; \??\C:\Users\***\AppData\Local\Temp\JDD73E8.tmp []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-09-16 25280]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG-Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
S3 vsdatant7;vsdatant7; C:\Windows\System32\drivers\vsdatant.win7.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-12-09 365280]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2010-01-18 1141712]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-01-21 83312]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2007-11-21 129632]
R2 TosCoSrv;TOSHIBA Power Saver; c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2008-01-17 431456]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service; c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2009-11-22 2384240]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-17 386560]
R3 ThreatFire;ThreatFire; C:\Program Files\Spyware Doctor\TFEngine\TFService.exe [2010-02-02 70928]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-25 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

RSIT-info:

Zitat:

info.txt logfile of random's system information tool 1.06 2010-04-30 19:06:23

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
-->C:\Users\***\Zubehör\DivX\DivXConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x7
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003}
Age of Empires III - The WarChiefs-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710}
Age of Empires III-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Broken Sword 2.5-->"C:\Users\***\Saved Games\Broken Sword 2.5\unins000.exe"
Call of Duty(R) 2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374}
Camera Assistant Software for Toshiba-->C:\Program Files\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\Setup.exe -runfromtemp -l0x0007
CCleaner-->"C:\Users\***\Zubehör\CCCrapCleaner\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer-->C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe -runfromtemp -l0x0007 -removeonly
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
Counter-Strike 1.6-->C:\Users\***\Saved Games\Counter Strike 1.6\Counter-Strike 1.6\Uninstal.exe
Desktop SMS-->MsiExec.exe /I{5980B928-1C95-4B3E-957B-B02D8147FF9E}
DivX Codec-->C:\Users\***\Zubehör\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Users\***\Zubehör\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Users\***\Zubehör\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Users\***\Zubehör\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Users\***\Zubehör\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD MovieFactory for TOSHIBA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x7
Fable - The Lost Chapters-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)-->C:\Program Files\MAGIX\Common\Database\uninstall.exe
Free Studio version 4.2-->"C:\Users\***\Zubehör\YouTube-Converter\Converter\unins000.exe"
Free YouTube to Mp3 Converter version 3.1-->"C:\Users\***\Zubehör\YouTube-Converter\Free YouTube to Mp3 Converter\unins000.exe"
Garena 2010-->C:\Users\***\Zubehör\Garena\uninst.exe
Geheimakte2 - Puritas Cordis Demo-->C:\Program Files\InstallShield Installation Information\{09EEFE47-E6C7-4096-B358-92C9FAE81AD7}\setup.exe -runfromtemp -l0x0007 -removeonly
GNU Privacy Guard-->"H:\GnuPG\uninst-gnupg.exe"
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x7 -removeonly
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000\UIU32m.exe -U -IPDZONCMzK.INF
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Magic ISO Maker v5.5 (build 0272)-->C:\Users\***\ZUBEHR~1\MagicISO\MagicISO\UNWISE.EXE C:\Users\***\ZUBEHR~1\MagicISO\MagicISO\INSTALL.LOG
MagicDisc 2.7.105-->C:\Users\***\ZUBEHR~1\MagicISO\MAGICD~1\UNWISE.EXE C:\Users\***\ZUBEHR~1\MagicISO\MAGICD~1\INSTALL.LOG
MAGIX Digital Foto Maker SE 4.1.0.835 (D)-->C:\Program Files\MAGIX\DigitalFotoMaker2007_SE\instslct.exe
MAGIX Foto Suite 1.12.0.89 (D)-->C:\Program Files\MAGIX\Foto_Suite\instslct.exe
MAGIX Online Druck Service 2.3.2.0 (D)-->C:\Program Files\MAGIX\Online_Druck_Service\instslct.exe
Malwarebytes' Anti-Malware-->"C:\Users\***\Zubehör\ Malwarebytes Anti-Malware \unins000.exe"
Max Payne 2 Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{012A835C-6937-44D0-8A04-6F40728538D4}\Setup.exe" -l0x9
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{39D0E034-1042-4905-BECB-5502909FCB7C}
Mozilla Firefox (3.0.7)-->C:\Users\***\Zubehör\Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.17)-->H:\Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MUSICMATCH Jukebox-->C:\Windows\IsUn0407.exe -f"C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\Uninst.isu" -cC:\Programme\MUSICMATCH\MUSICMATCH Jukebox\unmatch.dll
myphotobook 3.5-->C:\Program Files\myphotobook\uninst.exe
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0007 -removeonly
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
PDFCreator-->C:\Users\***\Zubehör\PDF Converter\unins000.exe
Philips Firmware Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FC2DFF2-D86A-4775-8940-4081D60B4E1C}\setup.exe" -l0x9 -removeonly
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly
REALTEK RTL8187B Wireless LAN Driver-->C:\Program Files\InstallShield Installation Information\{895722FE-25FE-4854-95AC-B0C42F9DBEDA}\Install.exe -uninst -l0x7
Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly
Realtek WiFi Protected Setup Library-->C:\Program Files\InstallShield Installation Information\{02CA24DD-C8B0-4280-BE53-7862869C2EB1}\Install.exe -uninst -l0x7
Red Faction-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{47E6B460-04BA-4215-9F5D-3858BF920D07}\setup.exe" anything
Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spyware Doctor 7.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TOSHIBA Assist-->C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe -runfromtemp -l0x0007 -removeonly
TOSHIBA Benutzerhandbücher-->C:\Program Files\InstallShield Installation Information\{56995235-B76E-44A6-BA17-8FF13D3F907A}\setup.exe -runfromtemp -l0x0007 -removeonly
TOSHIBA ConfigFree-->MsiExec.exe /X{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}
TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA DVD PLAYER-->C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0007 -ADDREMOVE -removeonly
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0407
TOSHIBA Face Recognition-->"C:\Program Files\InstallShield Installation Information\{C730E42C-935A-45BB-A0C5-37E5234D111B}\setup.exe" -runfromtemp -l0x0407 -removeonly
TOSHIBA Face Recognition-->MsiExec.exe /I{C730E42C-935A-45BB-A0C5-37E5234D111B}
TOSHIBA Hardware Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2883F6F5-0509-43F3-868C-D50330DD9DD3}\setup.exe" -l0x7
Toshiba Online Product Information-->C:\Program Files\InstallShield Installation Information\{2290A680-4083-410A-ADCC-7092C67FC052}\setup.exe -runfromtemp -l0x0007 -removeonly
TOSHIBA Recovery Disc Creator-->MsiExec.exe /X{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}
TOSHIBA Supervisor Password-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}\setup.exe" -l0x7
TOSHIBA Value Added Package-->C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0407
TRDCReminder-->C:\Program Files\InstallShield Installation Information\{773970F1-5EBA-4474-ADEE-1EA3B0A59492}\setup.exe -runfromtemp -l0x0407
TRORDCLauncher-->C:\Program Files\InstallShield Installation Information\{E65C7D8E-186D-484B-BEA8-DEF0331CE600}\setup.exe -runfromtemp -l0x0407
TrueCrypt-->"C:\Program Files\TrueCrypt\TrueCrypt Setup.exe" /u
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Office 2007 (KB934528)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}
Update for Office System 2007 Setup (KB929722)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VLC media player 0.9.8a-->C:\Users\***\Zubehör\VLC Player\uninstall.exe
Windows Media Encoder 9-Reihe-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9-Reihe-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR-->C:\Users\***\Zubehör\Win Rar\uninstall.exe
ZoneAlarm-->C:\Users\***\Zubehör\Zonealarm\zauninst.exe

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: ***-PC
Event Code: 267
Message: Client 800018b0:1 has recovered from the previous time-out.
Record Number: 255894
Source Name: PCTCore
Time Written: 20100430165456.050000-000
Event Type: Informationen
User:

Computer Name: ***-PC
Event Code: 267
Message: Client 800018b0:1 has recovered from the previous time-out.
Record Number: 255895
Source Name: PCTCore
Time Written: 20100430165539.475000-000
Event Type: Informationen
User:

Computer Name: ***-PC
Event Code: 267
Message: Client 800018b0:1 has recovered from the previous time-out.
Record Number: 255896
Source Name: PCTCore
Time Written: 20100430165545.625000-000
Event Type: Informationen
User:

Computer Name: ***-PC
Event Code: 267
Message: Client 800018b0:1 has recovered from the previous time-out.
Record Number: 255897
Source Name: PCTCore
Time Written: 20100430165635.496000-000
Event Type: Informationen
User:

Computer Name: ***-PC
Event Code: 267
Message: Client 800018b0:1 has recovered from the previous time-out.
Record Number: 255898
Source Name: PCTCore
Time Written: 20100430165804.840000-000
Event Type: Informationen
User:

=====Application event log=====

Computer Name: ***-PC
Event Code: 1001
Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden entfernt. Die Daten enthalten die neuen Werte der Registrierungseinträge "Last Counter" und "Last Help".
Record Number: 49293
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20100430153416.000000-000
Event Type: Informationen
User:

Computer Name: ***-PC
Event Code: 1000
Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden erfolgreich geladen. Die Eintragsdaten im Datenbereich enthalten die neuen Indexwerte, die diesem Dienst zugeordnet sind.
Record Number: 49294
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20100430153417.000000-000
Event Type: Informationen
User:

Computer Name: ***-PC
Event Code: 4113
Message: AntiVir erkannte in der Datei C:\Program Files\Spyware Doctor\avdb\temp\UPDATE.EXE0\sym.sdupk verdächtigen Code mit der Bezeichnung 'TR/Crypt.XPACK.Gen2'!
Record Number: 49295
Source Name: Avira AntiVir
Time Written: 20100430155129.000000-000
Event Type: Warnung
User: NT-AUTORITÄT\SYSTEM

Computer Name: ***-PC
Event Code: 4113
Message: AntiVir erkannte in der Datei C:\Program Files\Spyware Doctor\avdb\temp\UPDATE.EXE0\sym.sdupk verdächtigen Code mit der Bezeichnung 'TR/Crypt.XPACK.Gen2'!
Record Number: 49296
Source Name: Avira AntiVir
Time Written: 20100430155129.000000-000
Event Type: Warnung
User: NT-AUTORITÄT\SYSTEM

Computer Name: ***-PC
Event Code: 8224
Message: Der VSS-Dienst wird aufgrund eines Leerlaufzeitlimits heruntergefahren.
Record Number: 49297
Source Name: VSS
Time Written: 20100430160414.000000-000
Event Type: Informationen
User:

=====Security event log=====

Computer Name: ***-PC
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
Sicherheits-ID: S-1-5-19
Kontoname: LOKALER DIENST
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e5

Berechtigungen: SeAssignPrimaryTokenPrivilege
SeAuditPrivilege
SeImpersonatePrivilege
Record Number: 79994
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100429075900.243938-000
Event Type: Überwachung erfolgreich
User:

Computer Name: ***-PC
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: ***-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7

Anmeldetyp: 5

Neue Anmeldung:
Sicherheits-ID: S-1-5-20
Kontoname: NETZWERKDIENST
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e4
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Prozessinformationen:
Prozess-ID: 0x2bc
Prozessname: C:\Windows\System32\services.exe

Netzwerkinformationen:
Arbeitsstationsname:
Quellnetzwerkadresse: -
Quellport: -

Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: Advapi
Authentifizierungspaket: Negotiate
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 79995
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100429075900.789941-000
Event Type: Überwachung erfolgreich
User:

Computer Name: ***-PC
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
Sicherheits-ID: S-1-5-20
Kontoname: NETZWERKDIENST
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e4

Berechtigungen: SeAssignPrimaryTokenPrivilege
SeAuditPrivilege
SeImpersonatePrivilege
Record Number: 79996
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100429075900.789941-000
Event Type: Überwachung erfolgreich
User:

Computer Name: ***-PC
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: ***-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Zielserver:
Zielservername: localhost
Weitere Informationen: localhost

Prozessinformationen:
Prozess-ID: 0x2bc
Prozessname: C:\Windows\System32\services.exe

Netzwerkinformationen:
Netzwerkadresse: -
Port: -

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 79997
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100429075900.867942-000
Event Type: Überwachung erfolgreich
User:

Computer Name: ***-PC
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: ***-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7

Anmeldetyp: 5

Neue Anmeldung:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Prozessinformationen:
Prozess-ID: 0x2bc
Prozessname: C:\Windows\System32\services.exe

Netzwerkinformationen:
Arbeitsstationsname:
Quellnetzwerkadresse: -
Quellport: -

Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: Advapi
Authentifizierungspaket: Negotiate
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 79998
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100429075900.867942-000
Event Type: Überwachung erfolgreich
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Users\***\Zubehör\Quick Time\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"tvdumpflags"=8

-----------------EOF-----------------

Schonmal vielen Dank und viele Grüße,

aisthesis

cosinus · 01.05.2010, 19:28

Hallo und

bitte einen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

aisthesis · 02.05.2010, 15:02

Hallo,

vielen Dank für deine Antwort!
Soeben habe ich den Vollscan mit Malwarebytes beendet. Ich wollte ein Word Dokument öffnen, während Malwarebytes noch aktiv war. Das Dokument hat sich nicht geöffnet und nachdem ich die gefundenen Ergebnisse bei Malwarebytes löschen wollte, schien mir das Programm auch hängen geblieben zu sein. Mit Strg+Alt+Entf wollte ich dann wenigstens die Word-Datei schließen, allerdings wurde mir nachdem ich den Task-Manager öffnen wollte ein Bluescreen angezeigt und mitgeteilt, dass es ein Problem gibt und der PC vorsorglich neugestartet würde. Leider gab es diese Anzeige nur einige Sekunden lang, daher konnte ich nicht alles lesen - und mir ist diese Anzeige gestern zwischendurch - bevor ich die im Forum empfohlenen Scans durchgeführt habe - auch schon erschienen.

Jedenfalls habe ich den Log von Malwarebytes nicht, jedoch folgende Suchergebnisse:

Trojan.Downloader
Trojan.Small
Rootkit.Agent

Ich werde jetzt einfach nochmal den Vollscan mit Malwarebytes machen und danach den OTL Scan durchführen und die Ergebnisse von beiden hier posten.

Viele Grüße,

aisthesis

aisthesis · 02.05.2010, 18:45

Hallo,

ich habe jetzt den Vollscan mit Malwarebytes nochmal durchgeführt und es wurden keine Infizierungen entdeckt - anscheinend hat die Löschung beim vorhergenenden Versuch doch noch funktioniert. Zwischendurch hat sich allerdings der Spyware Doctor mit Folgenden Ergebnissen gemeldet:

Adware.Advertising (7 Infizierungen)
Application.TrackingCookies (11 Infizierungen)

Hier das Ergebnis von Malwarebytes:

Zitat:

Malwarebytes' Anti-Malware 1.46
w*w.malwarebytes.org

Datenbank Version: 4058

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

02.05.2010 17:52:38
mbam-log-2010-05-02 (17-52-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 274780
Laufzeit: 1 Stunde(n), 48 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

OTL Logfile 1:

Zitat:

OTL Extras logfile created on: 02.05.2010 18:13:12 - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 56,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,37 Gb Total Space | 27,74 Gb Free Space | 23,84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 115,05 Gb Total Space | 96,20 Gb Free Space | 83,61% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Users\***\Zubehör\Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Users\***\Zubehör\VLC Player\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Users\***\Zubehör\VLC Player\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2B4EA563-F553-4DDD-99D2-A0A3D06ED488}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{42D36EC1-51EB-443B-8FEB-423762E113DB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6375213D-08D7-4C79-94AC-E0F9A1A7024B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6EC48668-0899-4B21-9AEF-FE2B8E85464C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8664C9BD-00E2-4162-9717-F6B88BF9F3E7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{89F46F4E-A33E-481D-BFFB-480236427637}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C4BA4746-9157-42F4-B547-C9CE6DE32740}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D006C3F1-3115-42AB-B4A1-0B7838851733}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E62F36C-9DC9-4F73-BBF7-DB0D9247D74B}" = dir=in | app=c:\users\***\zubehör\skype\phone\skype.exe |
"{15C6FAC2-10D7-4001-B378-61E73EF94DFC}" = protocol=17 | dir=in | app=c:\users\***\saved games\aoeiii\age of empires 3 - age of empires 3 - warchief\age3x.exe |
"{1BA4411E-A662-43DD-AE4D-B8BCFF689971}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{29AC747C-4326-4A78-A2EA-31BE5F3595D8}" = protocol=17 | dir=in | app=f:\alicesetup.exe |
"{2A20EF40-4806-48CD-99A7-EDDD4CD2AE90}" = protocol=17 | dir=in | app=c:\users\***\zubehör\utorrent\utorrent.exe |
"{30A583A7-44DA-4FF4-9AFC-B431A53CA787}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{59F49811-7441-4F54-A559-A5266A4DB465}" = protocol=6 | dir=in | app=c:\users\***\saved games\aoeiii\age of empires 3 - age of empires 3 - warchief\age3x.exe |
"{94C6B860-ECC0-4488-B73B-812D7817D8B4}" = protocol=6 | dir=in | app=c:\users\***\zubehör\utorrent\utorrent.exe |
"{BDDF6C2C-9B9F-4E4F-8E6B-EC6DE2A58C1C}" = protocol=6 | dir=in | app=f:\alicesetup.exe |
"TCP Query User{015CFCA7-AC83-492D-BFB5-059810AC9431}C:\users\***\saved games\red faction\pf.exe" = protocol=6 | dir=in | app=c:\users\***\saved games\red faction\pf.exe |
"TCP Query User{1062FDEE-6015-4891-B943-B06641BA8E34}C:\users\***\zubehör\utorrent\utorrent18.exe" = protocol=6 | dir=in | app=c:\users\***\zubehör\utorrent\utorrent18.exe |
"TCP Query User{177D1DFE-0DB1-4230-91CE-A5A5A67B4AB3}C:\users\***\zubehör\icq6\icq.exe" = protocol=6 | dir=in | app=c:\users\***\zubehör\icq6\icq.exe |
"TCP Query User{1D303940-17E3-4E7F-B399-C04C292F861C}C:\users\***\saved games\aoeii\[ pc games ] - age of empires ii(full)(3)\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\***\saved games\aoeii\[ pc games ] - age of empires ii(full)(3)\age2_x1.exe |
"TCP Query User{2641F124-499F-4F49-B0DF-FC052DA9D944}C:\users\***\saved games\mohaa\moh_spearhead.exe" = protocol=6 | dir=in | app=c:\users\***\saved games\mohaa\moh_spearhead.exe |
"TCP Query User{3F821C0B-9A1A-49DB-8FAA-E3EAD5489E87}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{3F9BC8CC-1987-487B-B811-D81AE248256F}C:\users\***\saved games\cod2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\users\***\saved games\cod2\cod2mp_s.exe |
"TCP Query User{44F61282-C544-41E0-9210-7F7659A45339}C:\users\***\saved games\red faction\rf.exe" = protocol=6 | dir=in | app=c:\users\***\saved games\red faction\rf.exe |
"TCP Query User{46D6F21C-2985-4EDC-8467-DFDF29284ED9}C:\users\***\zubehör\utorrent\utorrent18.exe" = protocol=6 | dir=in | app=c:\users\***\zubehör\utorrent\utorrent18.exe |
"TCP Query User{4A548D7F-1129-4AB6-A90F-6FD3C4A8DB0D}H:\alter pc\laufwerk d\spiele\mohaa\moh_spearhead.exe" = protocol=6 | dir=in | app=h:\alter pc\laufwerk d\spiele\mohaa\moh_spearhead.exe |
"TCP Query User{598A813F-4F0F-49F5-B546-B5286BC621A4}C:\users\***\saved games\red faction\pf.exe" = protocol=6 | dir=in | app=c:\users\***\saved games\red faction\pf.exe |
"TCP Query User{5B0F989A-E518-44E0-858B-03FEE585894A}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{640297EF-A5A8-46FE-B2DB-AF6D75D466C9}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{650AE50C-9A99-458A-994A-C017D44654A4}C:\users\***\saved games\red faction\rf.exe" = protocol=6 | dir=in | app=c:\users\***\saved games\red faction\rf.exe |
"TCP Query User{7AD6B4E8-8142-4A74-8C5B-E73557FF6C43}H:\alter pc\laufwerk d\spiele\mohaa\mohaa.exe" = protocol=6 | dir=in | app=h:\alter pc\laufwerk d\spiele\mohaa\mohaa.exe |
"TCP Query User{81694E2A-FEB4-411C-B044-E66B5458DB05}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{86312FB6-152F-4DA8-8321-BF45C3268103}C:\users\***\saved games\aoeii\[ pc games ] - age of empires ii(full)(3)\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\***\saved games\aoeii\[ pc games ] - age of empires ii(full)(3)\age2_x1.exe |
"TCP Query User{9DA75EB6-7E9F-459D-863F-70DF75380842}C:\users\***\zubehör\garena\garena.exe" = protocol=6 | dir=in | app=c:\users\***\zubehör\garena\garena.exe |
"TCP Query User{AA21BA51-8502-445A-84DD-9866C334F10C}C:\users\***\saved games\mohaa\mohaa.exe" = protocol=6 | dir=in | app=c:\users\***\saved games\mohaa\mohaa.exe |
"TCP Query User{B1A38A16-9016-41B8-83A1-E530EBB9B5C2}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{B5EA31B3-78E9-40AD-990C-4ED7BFCC1161}C:\users\***\zubehör\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\users\***\zubehör\icq6.5\icq.exe |
"TCP Query User{CF958569-AFE8-454D-AC1B-BD31BD693702}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{D93C62B0-26AB-431C-A8C4-B0CCD8A3C3BC}C:\users\***\zubehör\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\users\***\zubehör\icq6.5\icq.exe |
"TCP Query User{DDC20990-0119-4DB3-A1EA-8C9F8CC962F2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{DF1FB392-F9C3-4E63-978B-8B2A621669D0}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{E9706FC4-A67C-4E4F-A5E4-E16FF3BF1CE4}C:\users\***\saved games\counter strike 1.6\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\users\***\saved games\counter strike 1.6\counter-strike 1.6\hl.exe |
"TCP Query User{EE58BC93-CBAE-4DAE-ACB9-B12437962ED2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F8E84A0E-339C-4F89-B38F-029699A68F6D}C:\users\***\zubehör\icq6\icq.exe" = protocol=6 | dir=in | app=c:\users\***\zubehör\icq6\icq.exe |
"TCP Query User{FEDFFF30-0857-4928-983C-04B5C26146D4}C:\users\***\saved games\aoeii\real\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\***\saved games\aoeii\real\age2_x1.exe |
"UDP Query User{034C4FB4-ED1D-4E2D-951E-0B2A86534534}C:\users\***\saved games\red faction\rf.exe" = protocol=17 | dir=in | app=c:\users\***\saved games\red faction\rf.exe |
"UDP Query User{1775BB43-E1D2-4352-A3DE-703419BB4EAA}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{1C9844A0-72B8-4BD1-808B-4A093E2BFDA1}C:\users\***\saved games\aoeii\[ pc games ] - age of empires ii(full)(3)\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\***\saved games\aoeii\[ pc games ] - age of empires ii(full)(3)\age2_x1.exe |
"UDP Query User{1CCC27D4-C2A2-432A-AEE0-B38777B78910}C:\users\***\saved games\mohaa\moh_spearhead.exe" = protocol=17 | dir=in | app=c:\users\***\saved games\mohaa\moh_spearhead.exe |
"UDP Query User{233955D7-B240-47EF-AEAD-FEF4E33E3AB5}C:\users\***\saved games\aoeii\[ pc games ] - age of empires ii(full)(3)\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\***\saved games\aoeii\[ pc games ] - age of empires ii(full)(3)\age2_x1.exe |
"UDP Query User{25B21154-D8C0-4BEF-A24F-CC9F970D2472}C:\users\***\zubehör\icq6\icq.exe" = protocol=17 | dir=in | app=c:\users\***\zubehör\icq6\icq.exe |
"UDP Query User{307F2212-209F-4589-86D0-993CF0AE2C00}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{315BC86C-7043-49AD-BC90-099DD2AE6165}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{31A77D89-C31F-4F73-87FE-96F5693AE936}C:\users\***\zubehör\utorrent\utorrent18.exe" = protocol=17 | dir=in | app=c:\users\***\zubehör\utorrent\utorrent18.exe |
"UDP Query User{4EC65637-B799-4EC7-84BF-520347FF7D9A}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{538D6ECA-0C5D-4B88-81C0-ED7A37573F3C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{58772CAA-A9D3-4C8A-8672-1892F95D4F9D}C:\users\***\saved games\mohaa\mohaa.exe" = protocol=17 | dir=in | app=c:\users\***\saved games\mohaa\mohaa.exe |
"UDP Query User{588657B9-C211-4688-8FE9-3A61154A6BB6}C:\users\***\zubehör\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\users\***\zubehör\icq6.5\icq.exe |
"UDP Query User{62B19D19-67BE-4F2D-BE31-FEA2ACA13387}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{707E23DF-471B-442B-A43B-33634988DC56}H:\alter pc\laufwerk d\spiele\mohaa\mohaa.exe" = protocol=17 | dir=in | app=h:\alter pc\laufwerk d\spiele\mohaa\mohaa.exe |
"UDP Query User{7615521C-ECF1-4074-8C32-50DF4B095462}C:\users\***\zubehör\icq6\icq.exe" = protocol=17 | dir=in | app=c:\users\***\zubehör\icq6\icq.exe |
"UDP Query User{81161936-7E11-43C7-AA8D-0D892C2EA8D6}C:\users\***\zubehör\garena\garena.exe" = protocol=17 | dir=in | app=c:\users\***\zubehör\garena\garena.exe |
"UDP Query User{837E8A6C-EC87-4400-817E-64BA1D267546}C:\users\***\saved games\cod2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\users\***\saved games\cod2\cod2mp_s.exe |
"UDP Query User{8964B4CE-99D1-47D2-91FA-19B9A8DD905C}C:\users\***\saved games\counter strike 1.6\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\users\***\saved games\counter strike 1.6\counter-strike 1.6\hl.exe |
"UDP Query User{8B0D45F6-C2C4-46DB-B9F7-096EF4E76A10}C:\users\***\zubehör\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\users\***\zubehör\icq6.5\icq.exe |
"UDP Query User{8CC81E83-A4C4-4657-BFCD-FF74975683A2}C:\users\***\saved games\red faction\pf.exe" = protocol=17 | dir=in | app=c:\users\***\saved games\red faction\pf.exe |
"UDP Query User{A1762EFD-B5DA-4890-8560-66553C754894}H:\alter pc\laufwerk d\spiele\mohaa\moh_spearhead.exe" = protocol=17 | dir=in | app=h:\alter pc\laufwerk d\spiele\mohaa\moh_spearhead.exe |
"UDP Query User{A83675F6-B097-4CB0-9F40-A422754760B8}C:\users\***\saved games\red faction\pf.exe" = protocol=17 | dir=in | app=c:\users\***\saved games\red faction\pf.exe |
"UDP Query User{A83F3DE6-BCFC-4EEC-81F8-D51F1219EA64}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{AE5AA429-1937-477F-948F-2F98975B3121}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{D17AC7E3-BE63-402C-8625-2D70B7E350BB}C:\users\***\zubehör\utorrent\utorrent18.exe" = protocol=17 | dir=in | app=c:\users\***\zubehör\utorrent\utorrent18.exe |
"UDP Query User{D1F443FB-3C78-4EE1-A3D6-4CD1BE44C03C}C:\users\***\saved games\red faction\rf.exe" = protocol=17 | dir=in | app=c:\users\***\saved games\red faction\rf.exe |
"UDP Query User{E4D57187-D6E5-4FCE-85F5-7C413BD810D2}C:\users\***\saved games\aoeii\real\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\***\saved games\aoeii\real\age2_x1.exe |
"UDP Query User{E8F14BAD-B85D-4E17-A318-3102F02895A4}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{012A835C-6937-44D0-8A04-6F40728538D4}" = Max Payne 2 Demo
"{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{09EEFE47-E6C7-4096-B358-92C9FAE81AD7}" = Geheimakte2 - Puritas Cordis Demo
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FC2DFF2-D86A-4775-8940-4081D60B4E1C}" = Philips Firmware Manager
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{47E6B460-04BA-4215-9F5D-3858BF920D07}" = Red Faction
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broken Sword 2.5_is1" = Broken Sword 2.5
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP
"Counter-Strike 1.6" = Counter-Strike 1.6
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Free Studio_is1" = Free Studio version 4.2
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Garena" = Garena 2010
"GnuPG" = GNU Privacy Guard
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Magic ISO Maker v5.5 (build 0272)" = Magic ISO Maker v5.5 (build 0272)
"MagicDisc 2.7.105" = MagicDisc 2.7.105
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"Mozilla Thunderbird (2.0.0.17)" = Mozilla Thunderbird (2.0.0.17)
"MUSICMATCH Jukebox" = MUSICMATCH Jukebox
"myphotobook" = myphotobook 3.5
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"Spyware Doctor" = Spyware Doctor 7.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TrueCrypt" = TrueCrypt
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.8a
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinRAR archiver" = WinRAR
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05.04.2010 11:06:06 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 05.04.2010 13:32:19 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =

Error - 05.04.2010 18:21:14 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =

Error - 06.04.2010 07:04:33 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =

Error - 06.04.2010 09:12:23 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =

Error - 06.04.2010 18:39:49 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =

Error - 07.04.2010 07:05:30 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =

Error - 07.04.2010 13:38:02 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =

Error - 07.04.2010 14:48:42 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =

Error - 07.04.2010 15:24:20 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6001.18444, Zeitstempel
0x4b9654d8, fehlerhaftes Modul GoogleToolbarDynamic_32_78F32466E61F1EEC.dll, Version
6.4.1321.1732, Zeitstempel 0x4b59083f, Ausnahmecode 0x40000015, Fehleroffset 0x0005484f,
Prozess-ID
0x106c, Anwendungsstartzeit 01cad6832471caa6.

[ System Events ]
Error - 30.04.2010 13:31:19 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =

Error - 01.05.2010 05:06:21 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =

Error - 01.05.2010 07:03:31 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7043
Description =

Error - 01.05.2010 08:12:01 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =

Error - 01.05.2010 08:12:37 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 01.05.2010 08:33:18 | Computer Name = ***-PC | Source = BROWSER | ID = 8032
Description =

Error - 02.05.2010 06:20:30 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =

Error - 02.05.2010 06:20:57 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 02.05.2010 09:43:30 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 02.05.2010 um 15:41:45 unerwartet heruntergefahren.

Error - 02.05.2010 09:44:03 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =

< End of report >

OTL Report 2:

Zitat:

OTL logfile created on: 02.05.2010 18:13:12 - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 56,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,37 Gb Total Space | 27,74 Gb Free Space | 23,84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 115,05 Gb Total Space | 96,20 Gb Free Space | 83,61% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Spyware Doctor\TFEngine\TFService.exe (PC Tools)
PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Programme\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Users\***\Zubehör\Zonealarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
PRC - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Spyware Doctor\TFEngine\TFWAH.dll (PC Tools)
MOD - C:\Programme\Spyware Doctor\PCTGMhk.dll (PC Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ThreatFire) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe (PC Tools)
SRV - (sdCoreService) -- C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA SMART Log Service) -- c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)

========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (pctplsg) -- C:\Windows\System32\drivers\pctplsg.sys (PC Tools)
DRV - (pctgntdi) -- C:\Windows\System32\drivers\pctgntdi.sys (PC Tools)
DRV - (TfSysMon) -- C:\Windows\system32\drivers\TfSysMon.sys (PC Tools)
DRV - (TfFsMon) -- C:\Windows\system32\drivers\TfFsMon.sys (PC Tools)
DRV - (TfNetMon) -- C:\Windows\System32\drivers\TfNetMon.sys (PC Tools)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (MxlW2k) -- C:\Windows\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation )
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.google.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.google.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\Users\***\Zubehör\Firefox\components [2010.04.23 00:35:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\Users\***\Zubehör\Firefox\plugins [2010.04.23 00:35:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Components: H:\Thunderbird\components
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Plugins: H:\Thunderbird\plugins

[2009.03.06 01:37:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.04.30 13:48:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\61zfbu9o.default\extensions
[2009.09.02 21:07:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\61zfbu9o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Users\***\Zubehör\Quick Time\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Users\***\Zubehör\Zonealarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Users\***\Zubehör\DAEMON Tools\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ICQ] C:\Users\***\Zubehör\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TOSCDSPD] File not found
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Users\***\Zubehör\MagicISO\MagicDISC\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Users\***\Zubehör\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Users\***\Zubehör\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} h**p://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img25.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img25.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1c53012d-9a1f-11dd-a4ab-001644e493b8}\Shell\AutoRun\command - "" = H:\Menu.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.05.02 18:11:57 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.05.01 11:12:03 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2010.04.30 19:05:35 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.04.30 19:05:27 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.30 16:05:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.04.30 16:05:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.30 16:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.30 16:04:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.30 14:43:13 | 000,059,664 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
[2010.04.30 14:43:13 | 000,051,984 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
[2010.04.30 14:43:13 | 000,033,552 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys
[2010.04.30 14:39:37 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010.04.30 14:38:52 | 000,207,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010.04.30 14:38:52 | 000,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010.04.30 14:38:29 | 000,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010.04.30 14:38:03 | 000,000,000 | ---D | C] -- C:\Programme\Spyware Doctor
[2010.04.30 14:38:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PC Tools
[2010.04.30 14:38:03 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PC Tools
[2010.04.30 14:38:03 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.04.30 14:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.04.30 14:21:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2010.04.30 14:06:29 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010.04.30 14:06:29 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2010.04.30 14:06:20 | 000,058,248 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsregexp.dll
[2010.04.30 14:06:13 | 000,103,816 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcommdb.dll
[2010.04.30 14:06:13 | 000,069,000 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcomm.dll
[2010.04.30 14:06:10 | 000,041,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vswmi.dll
[2010.04.30 14:06:06 | 001,238,408 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zpeng25.dll
[2010.04.30 14:06:06 | 000,109,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsxml.dll
[2010.04.30 14:06:05 | 000,299,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vspubapi.dll
[2010.04.30 14:06:05 | 000,107,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsmonapi.dll
[2010.04.30 14:06:04 | 000,112,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsdata.dll
[2010.04.30 14:05:45 | 000,446,664 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\drivers\vsdatant.sys
[2010.04.30 14:05:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\ZoneLabs
[2010.04.30 14:03:19 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2010.04.30 14:03:17 | 000,621,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsutil.dll
[2010.04.30 14:03:17 | 000,227,720 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsinit.dll
[2010.04.30 13:46:21 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010.04.29 18:26:56 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.04.29 18:26:50 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.04.29 18:26:50 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.04.29 18:26:50 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.04.29 18:26:50 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.04.27 22:48:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2010.04.27 22:46:15 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.04.27 22:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.04.27 10:28:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Windows Server
[2010.04.27 10:28:35 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Roaming\lowsec
[2010.04.25 21:33:38 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\***
[2010.04.17 17:08:45 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.17 17:08:44 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.17 17:08:39 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.17 17:08:30 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010.04.17 17:08:23 | 000,220,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2010.04.17 17:08:23 | 000,098,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2010.04.17 17:08:21 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2010.04.13 16:52:51 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Ungarn
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.02 18:34:11 | 003,932,160 | -HS- | M] () -- C:\Users\***\ntuser.dat
[2010.05.02 18:22:39 | 000,823,808 | ---- | M] () -- C:\Windows\System32\drivers\kuemg.sys
[2010.05.02 18:12:02 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.05.02 18:10:46 | 000,038,306 | ---- | M] () -- C:\Users\***\Desktop\***.jpg
[2010.05.02 17:43:35 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.02 17:43:35 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.02 15:50:38 | 000,847,900 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.05.02 15:50:38 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.05.02 15:50:38 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.05.02 15:50:38 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.05.02 15:50:38 | 000,050,800 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.05.02 15:47:25 | 000,001,833 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
[2010.05.02 15:44:11 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010.05.02 15:44:03 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.02 15:43:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.02 15:43:26 | 2136,961,024 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.02 15:43:25 | 396,720,008 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.05.02 02:05:38 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{676b8f87-5360-11df-836f-001644e493b8}.TMContainer00000000000000000001.regtrans-ms
[2010.05.02 02:05:38 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{676b8f87-5360-11df-836f-001644e493b8}.TM.blf
[2010.05.02 02:05:20 | 003,990,322 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.05.01 15:35:36 | 000,016,887 | ---- | M] () -- C:\Users\***\Desktop\***.docx
[2010.05.01 12:51:07 | 000,046,102 | ---- | M] () -- C:\Users\***\Desktop\***.docx
[2010.04.30 19:04:55 | 000,010,296 | ---- | M] () -- C:\Users\***\Desktop\***.docx
[2010.04.30 19:03:43 | 000,233,193 | ---- | M] () -- C:\Users\***\Desktop\***.jpg
[2010.04.30 18:58:27 | 000,781,909 | ---- | M] () -- C:\Users\***\Desktop\RSIT.exe
[2010.04.30 16:56:10 | 000,185,547 | ---- | M] () -- C:\Users\***\Desktop\***.jpg
[2010.04.30 16:05:07 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.30 15:57:52 | 000,089,450 | ---- | M] () -- C:\Users\***\Desktop\cc_20100430_155647.reg
[2010.04.30 15:18:53 | 000,001,869 | ---- | M] () -- C:\Users\***\Desktop\CCleaner.lnk
[2010.04.30 15:06:57 | 000,256,625 | ---- | M] () -- C:\Users\***\Desktop\***.jpg
[2010.04.30 14:38:41 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.04.30 14:21:28 | 000,001,002 | ---- | M] () -- C:\Users\***\Desktop\Resume Spyware Doctor.lnk
[2010.04.30 14:06:46 | 000,422,437 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010.04.30 14:00:30 | 000,338,528 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.04.29 18:28:02 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.04.29 18:25:07 | 044,151,368 | ---- | M] () -- C:\Users\***\Desktop\avira_antivir_personal_de1000567.exe
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.29 10:02:39 | 000,132,024 | ---- | M] () -- C:\Users\***\Desktop\***.jpg
[2010.04.29 09:37:04 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{676b8f87-5360-11df-836f-001644e493b8}.TMContainer00000000000000000002.regtrans-ms
[2010.04.28 17:42:23 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{aa7ee6c6-52c8-11df-abf2-001644e493b8}.TMContainer00000000000000000001.regtrans-ms
[2010.04.28 17:42:23 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{aa7ee6c6-52c8-11df-abf2-001644e493b8}.TM.blf
[2010.04.28 15:47:58 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{aa7ee6c6-52c8-11df-abf2-001644e493b8}.TMContainer00000000000000000002.regtrans-ms
[2010.04.28 01:34:18 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.04.28 01:34:18 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.04.27 17:40:51 | 000,016,265 | ---- | M] () -- C:\Users\***\Desktop\***.docx
[2010.04.26 15:13:33 | 000,007,406 | ---- | M] () -- C:\Users\***\Desktop\***.pdf
[2010.04.25 00:06:12 | 000,023,162 | ---- | M] () -- C:\Users\***\Desktop\***.pdf
[2010.04.23 20:56:42 | 000,010,440 | ---- | M] () -- C:\Users\***\Desktop\***.docx
[2010.04.22 16:56:07 | 000,060,381 | ---- | M] () -- C:\Users\***\Desktop\***.pdf
[2010.04.21 00:23:59 | 000,007,613 | ---- | M] () -- C:\Users\***\Desktop\***.pdf
[2010.04.19 23:20:11 | 000,010,548 | ---- | M] () -- C:\Users\***\Desktop\***.docx
[2010.04.19 23:13:59 | 000,059,684 | ---- | M] () -- C:\Users\***\Desktop\***.pdf
[2010.04.14 00:13:27 | 000,031,297 | ---- | M] () -- C:\Users\***\Desktop\***.docx
[2010.04.12 11:08:35 | 000,019,590 | ---- | M] () -- C:\Users\***\Documents\***.docx
[2010.04.12 09:30:31 | 000,014,373 | ---- | M] () -- C:\Users\***\Documents\***.docx
[2010.04.12 09:30:19 | 000,002,194 | ---- | M] () -- C:\Users\***\Desktop\***.pdf
[2010.04.10 23:33:35 | 000,068,096 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.04 19:23:50 | 000,018,421 | ---- | M] () -- C:\Users\***\Desktop\***.docx
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.02 18:10:45 | 000,038,306 | ---- | C] () -- C:\Users\***\Desktop\***.jpg
[2010.05.01 11:51:20 | 000,046,102 | ---- | C] () -- C:\Users\***\Desktop\***.docx
[2010.04.30 18:58:23 | 000,781,909 | ---- | C] () -- C:\Users\***\Desktop\RSIT.exe
[2010.04.30 18:02:16 | 000,233,193 | ---- | C] () -- C:\Users\***\Desktop\***.jpg
[2010.04.30 18:01:17 | 000,010,296 | ---- | C] () -- C:\Users\***\Desktop\***.docx
[2010.04.30 17:28:02 | 396,720,008 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.04.30 16:56:10 | 000,185,547 | ---- | C] () -- C:\Users\***\Desktop\***.jpg
[2010.04.30 16:05:07 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.30 15:57:00 | 000,089,450 | ---- | C] () -- C:\Users\***\Desktop\cc_20100430_155647.reg
[2010.04.30 15:18:53 | 000,001,869 | ---- | C] () -- C:\Users\***\Desktop\CCleaner.lnk
[2010.04.30 15:06:56 | 000,256,625 | ---- | C] () -- C:\Users\***\Desktop\***.jpg
[2010.04.30 14:39:37 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010.04.30 14:38:53 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010.04.30 14:38:52 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010.04.30 14:38:41 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.04.30 14:38:29 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010.04.30 14:21:28 | 000,001,002 | ---- | C] () -- C:\Users\***\Desktop\Resume Spyware Doctor.lnk
[2010.04.30 14:05:45 | 000,422,437 | -H-- | C] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010.04.29 18:28:02 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.04.29 18:25:00 | 044,151,368 | ---- | C] () -- C:\Users\***\Desktop\avira_antivir_personal_de1000567.exe
[2010.04.29 10:02:39 | 000,132,024 | ---- | C] () -- C:\Users\***\Desktop\***.jpg
[2010.04.29 09:30:37 | 000,524,288 | -HS- | C] () -- C:\Users\***\ntuser.dat{676b8f87-5360-11df-836f-001644e493b8}.TMContainer00000000000000000002.regtrans-ms
[2010.04.29 09:30:37 | 000,524,288 | -HS- | C] () -- C:\Users\***\ntuser.dat{676b8f87-5360-11df-836f-001644e493b8}.TMContainer00000000000000000001.regtrans-ms
[2010.04.29 09:30:37 | 000,065,536 | -HS- | C] () -- C:\Users\***\ntuser.dat{676b8f87-5360-11df-836f-001644e493b8}.TM.blf
[2010.04.28 15:20:18 | 000,524,288 | -HS- | C] () -- C:\Users\***\ntuser.dat{aa7ee6c6-52c8-11df-abf2-001644e493b8}.TMContainer00000000000000000002.regtrans-ms
[2010.04.28 15:20:18 | 000,524,288 | -HS- | C] () -- C:\Users\***\ntuser.dat{aa7ee6c6-52c8-11df-abf2-001644e493b8}.TMContainer00000000000000000001.regtrans-ms
[2010.04.28 15:20:18 | 000,065,536 | -HS- | C] () -- C:\Users\***\ntuser.dat{aa7ee6c6-52c8-11df-abf2-001644e493b8}.TM.blf
[2010.04.27 16:38:06 | 000,016,265 | ---- | C] () -- C:\Users\***\Desktop\***.docx
[2010.04.27 10:31:29 | 000,823,808 | ---- | C] () -- C:\Windows\System32\drivers\kuemg.sys
[2010.04.26 15:13:28 | 000,007,406 | ---- | C] () -- C:\Users\***\Desktop\***.pdf
[2010.04.25 20:30:38 | 000,016,887 | ---- | C] () -- C:\Users\***\Desktop\***.docx
[2010.04.25 00:06:08 | 000,023,162 | ---- | C] () -- C:\Users\***\Desktop\***.pdf
[2010.04.23 20:56:41 | 000,010,440 | ---- | C] () -- C:\Users\***\Desktop\***.docx
[2010.04.22 16:56:03 | 000,060,381 | ---- | C] () -- C:\Users\***\Desktop\***.pdf
[2010.04.21 00:23:58 | 000,007,613 | ---- | C] () -- C:\Users\***\Desktop\***.pdf
[2010.04.19 23:13:59 | 000,059,684 | ---- | C] () -- C:\Users\***\Desktop\***.pdf
[2010.04.19 23:05:45 | 000,010,548 | ---- | C] () -- C:\Users\***\Desktop\***.docx
[2010.04.14 00:13:25 | 000,031,297 | ---- | C] () -- C:\Users\***\Desktop\***.docx
[2010.04.12 10:04:25 | 000,019,590 | ---- | C] () -- C:\Users\***\Documents\***.docx
[2010.04.12 09:30:30 | 000,014,373 | ---- | C] () -- C:\Users\***\Documents\***.docx
[2010.04.12 09:30:19 | 000,002,194 | ---- | C] () -- C:\Users\***\Desktop\***.pdf
[2010.04.04 15:48:55 | 000,018,421 | ---- | C] () -- C:\Users\***\Desktop\***.docx
[2010.01.27 20:46:35 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.01.27 20:46:27 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.01.04 23:44:28 | 000,000,269 | ---- | C] () -- C:\Windows\game.ini
[2009.05.14 17:57:57 | 000,000,197 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.11.06 18:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008.11.06 18:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008.11.06 18:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.10.26 14:43:55 | 000,000,018 | ---- | C] () -- C:\Windows\cnc.ini
[2008.10.19 10:53:04 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2008.10.01 17:12:29 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.08.05 17:13:41 | 000,000,039 | ---- | C] () -- C:\Windows\WININIT.INI
[2008.08.05 12:39:47 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008.08.05 12:39:47 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008.08.05 12:39:47 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008.08.05 12:39:47 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008.08.05 12:37:02 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll
[2008.02.22 11:34:00 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008.02.18 17:58:18 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.02.18 17:44:09 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.02.18 17:44:09 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.02.18 17:44:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.02.18 17:44:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.02.18 17:44:09 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.02.18 17:44:09 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008.02.18 16:57:01 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.02.18 16:55:43 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008.02.18 16:55:43 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008.02.18 16:55:43 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2008.02.18 16:55:43 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008.01.28 18:01:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008.01.28 18:01:06 | 000,471,040 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008.01.28 17:53:02 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008.01.28 17:53:02 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008.01.28 17:53:02 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008.01.28 17:52:28 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

Falls es für die Übersicht wichtig ist: Sowie ich im Log an die Stelle vom PC Namen Sternchen gesetzt habe, habe ich auch private Ordner bzw. Dateinamen durch drei Sternchen ersetzt.

Schonmal vielen Dank für die Hilfe und viele Grüße,

aisthesis

cosinus · 03.05.2010, 11:20

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":Files" muss mitkopiert werden!!!)

Code:

ATTFilter

:Files
C:\Windows\System32\drivers\kuemg.sys
C:\Windows\System32\Ikeext.etl
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

aisthesis · 04.05.2010, 09:19

Hallo,

ich habe es wie beschrieben ausgeführt, allerdings ist OTL bei [resethosts] hängen geblieben. Daher musste ich den PC neustarten. Nach dem Neustart wurde mir dann folgender Inhalt im Editor angezeigt:

Zitat:

Files\Folders moved on Reboot...
File\Folder C:\Windows\System32\drivers\kuemg.sys not found!

Registry entries deleted on Reboot...

Soll ich den letzten Schritt einfach nochmal widerholen? Sorry, falls es schiefgelaufen ist.

Falls es bedeutsam ist: Als ich gestern den PC hochgefahren habe, kam wieder dieser Bluscreen und der PC läuft deutlich langsamer als bisher - vielleicht sogar langsamer als die letzten Tage, in denen sich der Trojaner deutlich bemerkbar gemacht hat.

Viele Grüße,

aisthesis

cosinus · 04.05.2010, 09:31

Dann poste mal OSAM Und GMER Logfiles...

aisthesis · 10.05.2010, 22:58

Hallo,

die letzten Tage hatte ich leider keine Zeit, daher kommt meine Antwort so spät. Gestern hat der OSAM Downloadlink nicht funktioniert, daher habe ich nur GMER runtergeladen. Das hat zunächst funktioniert, dann blieb das Programm stehen und in der Anzeige, welche Dateien grade geprüft werden stand nur "Nfts" und der PC hatte sich aufgehangen.

Sobald ich die Tage Zeit habe, werde ich einfach nochmal versuchen - da jetzt der OSAM Link wieder klappt - erst OSAM und dann GMER zum Laufen zu bringen und poste dann die Logfiles.

Vielen Dank und viele Grüße,

Georg

04.05.2010, 09:31	#7
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner Backdoor, Suurch und Adware Dann poste mal OSAM Und GMER Logfiles... __________________ Logfiles bitte immer in CODE-Tags posten

Trojaner Backdoor, Suurch und Adware

Plagegeister aller Art und deren Bekämpfung: Trojaner Backdoor, Suurch und Adware