Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: verschicke spam mit msn und er stürzt immer ab

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 28.04.2010, 16:37   #1
PrinzBenni
 
verschicke spam mit msn und er stürzt immer ab - Standard

verschicke spam mit msn und er stürzt immer ab



Kann das mal jemand auswerten bitte ?

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:11:35, on 28.04.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Dealio Toolbar\SearchSettings.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Users\Public\infocard.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Smart PC Solutions\1-2-3 Spyware Free\SpywareFree.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\b**ni\Downloads\HiJackThis.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://w*w.postarticles.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll
R3 - URLSearchHook: (no name) -  - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Dealio Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Firewall Administrating] C:\Users\Public\infocard.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 begin_of_the_skype_highlighting**************07-44556-9400-3/4******end_of_the_skype_highlighting begin_of_the_skype_highlighting              07-44556-9400-3/4      end_of_the_skype_highlighting begin_of_the_skype_highlighting**************07-44556-9400-3/4 begin_of_the_skype_highlighting              07-44556-9400-3/4      end_of_the_skype_highlighting******end_of_the_skype_highlighting (file missing)
O9 - Extra button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Desktop Manager 5.9.909.30391 (GoogleDesktopManager-093009-130223) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1ca4e5615b55cf3) (gupdate1ca4e5615b55cf3) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Notebook Performance Tuning Service  (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 13584 bytes
         

Alt 29.04.2010, 13:12   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
verschicke spam mit msn und er stürzt immer ab - Standard

verschicke spam mit msn und er stürzt immer ab



Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 29.04.2010, 14:58   #3
PrinzBenni
 
verschicke spam mit msn und er stürzt immer ab - Standard

verschicke spam mit msn und er stürzt immer ab



So Danke. Hier die drei Files.


Code:
ATTFilter
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 4050

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

29.04.2010 14:43:43
mbam-log-2010-04-29 (14-43-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 255589
Laufzeit: 1 Stunde(n), 7 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firewall administrating (Backdoor.IRCBot) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (hxxp://www.postarticles.net) Good: (hxxp://www.Google.com/) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Public\infocard.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
         
Code:
ATTFilter
OTL Extras logfile created on: 29.04.2010 14:52:34 - Run 1
OTL by OldTimer - Version 3.2.3.0     Folder = C:\Users\benni\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,21 Gb Total Space | 60,80 Gb Free Space | 52,32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 970,13 Mb Total Space | 928,67 Mb Free Space | 95,73% Space Free | Partition Type: FAT
Drive F: | 115,21 Gb Total Space | 40,57 Gb Free Space | 35,22% Space Free | Partition Type: NTFS
Drive G: | 4,20 Gb Total Space | 0,37 Gb Free Space | 8,69% Space Free | Partition Type: UDF
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BENNI-PC
Current User Name: benni
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5A4AFAC7-1773-4CCD-AA6C-95232E595A3C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CAFDA367-FABD-4233-8AC7-A0006A443629}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{EF26EFFF-2EC5-4E34-9C02-2E6929CE504C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A52642B-B47B-431D-9AD8-7A8B261B962D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{0EB709C1-B1F7-488D-8629-D967F4AE76DA}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 
"{119A9484-683B-4332-B087-94E001DEB77D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{1C1BAB48-E2B1-4B61-9E3B-E83866178CF9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{1EC10C27-A96F-4768-8E7D-9180FD334080}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{1F1C7FBD-BCF4-440E-88C6-E4292419DC0C}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{3BBB343A-0655-4DD5-9A88-CF67B58F154F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{5AD25F8B-D08D-4BAA-8397-8593AE9755BC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{60C26EB7-8482-4C5F-B8F1-0AB6A1D879DB}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{8800D6E6-9698-43B3-8989-CC503A4773FB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{8D1B13CD-F7F3-4505-A191-CD0E98EABFA9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B7C9F0DE-C2F6-4A00-B1C3-48809F16B52A}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{C4D41CFC-66AF-46B2-8FAE-6718C8746427}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E8614323-3657-440B-9D35-E108899A9205}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{EC544A99-7DBB-4C51-9C56-76C0B8BFC1DD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{04AD4EBD-C7ED-49C7-24F3-5687423696F3}" = CCC Help English
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05636DCD-2F70-B7E1-AF83-EE7AE23837DE}" = Catalyst Control Center Localization French
"{05E323E6-5FC5-C5A2-CAF7-B280383C0637}" = CCC Help Finnish
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{0ADA9149-D76D-D1E4-19E8-5186B6BBCB41}" = Catalyst Control Center Localization Portuguese
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1E5E2F9A-17D3-45CA-8FF0-B0C2927D4B03}" = MobileMe Control Panel
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{28A8FF71-182B-28D2-0C6D-FC2C6FFB451C}" = ccc-utility
"{2CE3B0A7-717D-ADA2-0AF4-DFB074592755}" = CCC Help Korean
"{2D57FB4E-6277-4A6D-8739-304C38051B89}" = Jitbit Macro Recorder
"{312372AC-CB58-525F-638B-9EFED1377A46}" = Catalyst Control Center Localization Danish
"{318CE77C-A5EB-4076-A00B-1883F49DCF72}" = CCC Help Turkish
"{31BBF145-EBC7-0150-7B47-FA818D84BEE8}" = Catalyst Control Center Core Implementation
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{325C200A-3F0F-96AF-377B-288B4EF98EC0}" = CCC Help Spanish
"{36D2AE08-4A9D-1899-9B7D-A3EB1AC291AD}" = CCC Help German
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{425960AB-8C55-2F6A-E6D4-A407C8284EEE}" = CCC Help Swedish
"{442CD700-D0F5-D0F8-F80B-6F5823BFE6B8}" = CCC Help Czech
"{46A5D1D1-8956-497C-92FB-59C44EFA6214}" = Safari
"{4D070C59-3AB5-4FEC-8DC6-58159095DED0}" = Catalyst Control Center Localization Chinese Standard
"{4D2A20FD-0803-E381-9957-A18F1EC6C470}" = Catalyst Control Center Graphics Full Existing
"{4EEFD489-C4B3-E9FC-28F7-5C183D09B7C6}" = CCC Help Thai
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{535B6C54-1D89-B796-BB38-FE977A7F560C}" = Catalyst Control Center Localization Korean
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F6A7745-1DBA-B28F-74EA-19204D74ED89}" = CCC Help Greek
"{5F92D927-8D54-57BC-459B-A67030D34ED4}" = CCC Help Chinese Traditional
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60609A7D-DF94-61D4-206C-D4B61C5D3D87}" = CCC Help Italian
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5E277C-F43A-E7E7-6FBC-C48CFCE1F3E0}" = CCC Help French
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6DAE6C40-8D6D-A792-1488-107A5BEF3D72}" = CCC Help Portuguese
"{6E5DAC6F-4735-754E-E56E-3FE027662F10}" = Catalyst Control Center Localization Swedish
"{706F446F-44F9-438E-9D67-F0BDF9313E43}" = Catalyst Control Center Localization German
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73F73AE5-D88E-1F39-A89A-5B65039D918D}" = Catalyst Control Center Localization Thai
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{77B7CE03-AEC6-8F6B-A476-20B4D7E3A126}" = Catalyst Control Center Graphics Previews Common
"{788741FE-8F03-4DB2-A76C-43D748E81B67}" = Catalyst Control Center - Branding
"{78FFA639-2724-1EA9-192E-6BF853F28B9E}" = Catalyst Control Center Localization Russian
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DE35E85-072F-724B-1A01-AC4CDCEFDF53}" = Catalyst Control Center Graphics Previews Vista
"{808771C5-5BB2-0DDE-6A25-00EFAB37F984}" = CCC Help Dutch
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{87725CEF-1BC6-47C5-B2CD-96DD6D392EE3}" = Dolby Control Center
"{87AFB2E3-59C5-4B26-D431-73D66256ECF0}" = Catalyst Control Center Localization Chinese Traditional
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C151E54-94A8-4D18-9580-C2190F7FD3A8}" = Hello Engines! 7
"{8C1A50D9-CF32-38C1-EAED-43FB9C4F6329}" = Catalyst Control Center Localization Italian
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{93E142B4-4327-7B65-C7AE-1FC6DBAE360F}" = Catalyst Control Center Localization Hungarian
"{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}" = Dealio Toolbar v4.0.1
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A72ACD2A-7624-3B81-D133-8BEA67CA0C80}" = CCC Help Hungarian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AEEC32F7-21E3-346E-C825-11B60614C84A}" = Catalyst Control Center Localization Japanese
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B972538D-E30D-FC52-A4AB-AAD4B521D306}" = Catalyst Control Center Graphics Full New
"{BB4F8C46-6F88-25BA-F066-0543AB9FCBAE}" = Catalyst Control Center Localization Turkish
"{BB51414E-224A-CCBF-0D3A-317CC5AF14A4}" = Catalyst Control Center Localization Dutch
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C9B981F2-4798-B112-8E0E-1BC721615067}" = Catalyst Control Center Localization Greek
"{CB2E5B9C-B19A-AE60-CBD5-F5AA4F674636}" = Catalyst Control Center Graphics Light
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF9075AE-0913-AC68-B7B8-3425010B4DFF}" = Catalyst Control Center InstallProxy
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D109F340-6355-BF98-128A-1562D727082A}" = CCC Help Norwegian
"{DD4EA23A-AD69-9F2D-E643-D5867A6B9A1F}" = ccc-core-static
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.14
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E920EB31-2B70-5582-433B-C5006578725E}" = Catalyst Control Center Localization Czech
"{E9A1563C-D5B3-849B-3631-90D36E18750C}" = Catalyst Control Center Localization Polish
"{EA537635-B490-5EC1-6A2E-00BD6A127E67}" = CCC Help Polish
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED62E973-9306-B524-77BF-86C0DE82F9EC}" = CCC Help Danish
"{EDB0F69C-5049-E45C-6E6A-1EF9803F2D16}" = CCC Help Russian
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F277C86B-04F4-1030-6236-4EC3EAAD65AC}" = ATI Catalyst Install Manager
"{F68AD4CC-9DB9-FDA2-8F46-93F4944D5503}" = Catalyst Control Center Localization Finnish
"{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}" = HDMI Control Manager
"{F879B5D5-0887-8D49-0930-00D19188081B}" = Catalyst Control Center Localization Norwegian
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9022FFB-D558-F856-83F7-732A400F9789}" = Catalyst Control Center Localization Spanish
"{F9D8A253-3FC0-C63B-9DAB-870608DB4505}" = Skins
"{FBA93A48-2417-E26B-AFEA-9133BC32372E}" = CCC Help Japanese
"{FCD4B6F6-18F0-7EC1-42C2-E621A2CEAC93}" = CCC Help Chinese Standard
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"1-2-3 Spyware Free_is1" = 1-2-3 Spyware Free v4.8
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVAFX" = AVAFX (remove only)
"BayCalculator_is1" = BayCalculator - Deinstallation
"bwin Poker_is1" = bwin Poker
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Excel Fibu" = Excel Fibu
"Fibu3" = Fibu3
"FileZilla Client" = FileZilla Client 3.3.2.1
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IsoBuster_is1" = IsoBuster 2.6
"KigoVideoConverter_is1" = KigoVideoConverter 1.1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MS-Buchhalter Start" = MS-Buchhalter Start 3.0
"MSC" = McAfee SecurityCenter
"myphotobook" = myphotobook 3.6
"NetView3D_is1" = NetView3D Professional 2.0
"Picasa2" = Picasa 2
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"8f3d5f316bf9c08f" = OffiSync
"DFÜ-Reconnecter 1.70" = DFÜ-Reconnecter 1.70
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 19.04.2010 05:35:39 | Computer Name = benni-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.04.2010 08:53:17 | Computer Name = benni-PC | Source = Application Hang | ID = 1002
Description = Programm AcroRd32.exe, Version 8.1.0.137 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 1078  Anfangszeit: 01cadfbe3b3b78b0  Zeitpunkt der Beendigung:
 11
 
Error - 19.04.2010 11:25:06 | Computer Name = benni-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.04.2010 17:59:51 | Computer Name = benni-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.04.2010 03:34:29 | Computer Name = benni-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.04.2010 08:40:05 | Computer Name = benni-PC | Source = Google Update | ID = 20
Description = 
 
Error - 21.04.2010 09:40:05 | Computer Name = benni-PC | Source = Google Update | ID = 20
Description = 
 
Error - 21.04.2010 19:30:24 | Computer Name = benni-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.04.2010 10:48:36 | Computer Name = benni-PC | Source = VSS | ID = 8194
Description = 
 
Error - 23.04.2010 03:24:28 | Computer Name = benni-PC | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 17.02.2010 09:26:11 | Computer Name = benni-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 10.01.2010 05:30:20 | Computer Name = benni-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.01.2010 05:30:20 | Computer Name = benni-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.01.2010 05:34:23 | Computer Name = benni-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "OHCI-konformer IEEE 1394-Hostcontroller" (PCI\VEN_197B&DEV_2380&SUBSYS_FF001179&REV_00\4&2bcebcdb&0&00E5)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 10.01.2010 05:34:23 | Computer Name = benni-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD/MMC Host Controller" (PCI\VEN_197B&DEV_2382&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&01E5)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 10.01.2010 05:34:23 | Computer Name = benni-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD Host Controller" (PCI\VEN_197B&DEV_2381&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&02E5)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 10.01.2010 05:34:23 | Computer Name = benni-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X MS Host Controller" (PCI\VEN_197B&DEV_2383&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&03E5)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 10.01.2010 05:34:24 | Computer Name = benni-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X xD Host Controller" (PCI\VEN_197B&DEV_2384&SUBSYS_FF021179&REV_00\4&2bcebcdb&0&04E5)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 10.01.2010 18:14:45 | Computer Name = benni-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "OHCI-konformer IEEE 1394-Hostcontroller" (PCI\VEN_197B&DEV_2380&SUBSYS_FF001179&REV_00\4&2bcebcdb&0&00E5)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 11.01.2010 05:22:01 | Computer Name = benni-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "OHCI-konformer IEEE 1394-Hostcontroller" (PCI\VEN_197B&DEV_2380&SUBSYS_FF001179&REV_00\4&2bcebcdb&0&00E5)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 11.01.2010 10:01:09 | Computer Name = benni-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "OHCI-konformer IEEE 1394-Hostcontroller" (PCI\VEN_197B&DEV_2380&SUBSYS_FF001179&REV_00\4&2bcebcdb&0&00E5)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
 
< End of report >
         
__________________

Alt 29.04.2010, 14:59   #4
PrinzBenni
 
verschicke spam mit msn und er stürzt immer ab - Standard

verschicke spam mit msn und er stürzt immer ab



Waren zuviele Zeichen deswegen musste ich den dritten extra posten


Code:
ATTFilter
OTL logfile created on: 29.04.2010 14:52:33 - Run 1
OTL by OldTimer - Version 3.2.3.0     Folder = C:\Users\benni\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,21 Gb Total Space | 60,80 Gb Free Space | 52,32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 970,13 Mb Total Space | 928,67 Mb Free Space | 95,73% Space Free | Partition Type: FAT
Drive F: | 115,21 Gb Total Space | 40,57 Gb Free Space | 35,22% Space Free | Partition Type: NTFS
Drive G: | 4,20 Gb Total Space | 0,37 Gb Free Space | 8,69% Space Free | Partition Type: UDF
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BENNI-PC
Current User Name: benni
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\benni\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Dealio Toolbar\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\PresentationHost.exe (Microsoft Corporation)
PRC - C:\Programme\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Programme\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
PRC - C:\Programme\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH)
PRC - C:\Programme\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
PRC - C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Toshiba\HDMICtrlMan\HCMSoundChanger.exe (TOSHIBA Corporation.)
PRC - C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Programme\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Programme\Google\Google EULA\GoogleEULALauncher.exe ( )
PRC - C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
PRC - c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Toshiba\Registration\ToshibaRegistration.exe (Toshiba)
PRC - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - c:\Programme\McAfee\MSC\mcuimgr.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Programme\Toshiba\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Programme\Toshiba\Utilities\KeNotify.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\benni\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\McAfee\SiteAdvisor\sahook.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TOSHIBA Bluetooth Service) --  File not found
SRV - (GoogleDesktopManager-093009-130223) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TempoMonitoringService) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH)
SRV - (SmartFaceVWatchSrv) -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
SRV - (TNaviSrv) -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (McNASvc) -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (mcmscsvc) -- C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.Google.com/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=966134"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "hxxp://www.daemon-search.com/startpage|hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;"
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.18
FF - prefs.js..extensions.enabledItems: {561A5FBE-9761-4eb3-9182-892D82532414}:1.0.3.30
FF - prefs.js..extensions.enabledItems: {5546F97E-11A5-46b0-9082-32AD74AAA920}:0.5.5.8
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010.04.29 12:09:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.29 12:01:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.29 12:03:00 | 000,000,000 | ---D | M]
 
[2009.10.16 13:41:56 | 000,000,000 | ---D | M] -- C:\Users\benni\AppData\Roaming\mozilla\Extensions
[2010.04.29 12:26:10 | 000,000,000 | ---D | M] -- C:\Users\benni\AppData\Roaming\mozilla\Firefox\Profiles\z7053s7l.default\extensions
[2010.04.29 11:46:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\benni\AppData\Roaming\mozilla\Firefox\Profiles\z7053s7l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(219)
[2010.03.25 14:53:42 | 000,000,000 | ---D | M] (InFormEnter) -- C:\Users\benni\AppData\Roaming\mozilla\Firefox\Profiles\z7053s7l.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
[2010.04.29 12:26:00 | 000,000,000 | ---D | M] (Comodo AV Scanner) -- C:\Users\benni\AppData\Roaming\mozilla\Firefox\Profiles\z7053s7l.default\extensions\{561A5FBE-9761-4eb3-9182-892D82532414}
[2010.04.29 12:26:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\benni\AppData\Roaming\mozilla\Firefox\Profiles\z7053s7l.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.04.28 15:21:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\benni\AppData\Roaming\mozilla\Firefox\Profiles\z7053s7l.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.04.29 12:01:42 | 000,000,000 | ---D | M] -- C:\Users\benni\AppData\Roaming\mozilla\Firefox\Profiles\z7053s7l.default\extensions\DTToolbar@toolbarnet.com
[2009.11.24 01:16:50 | 000,002,059 | ---- | M] () -- C:\Users\benni\AppData\Roaming\Mozilla\FireFox\Profiles\z7053s7l.default\searchplugins\daemon-search.xml
[2010.04.23 09:36:24 | 000,000,955 | ---- | M] () -- C:\Users\benni\AppData\Roaming\Mozilla\FireFox\Profiles\z7053s7l.default\searchplugins\icqplugin.xml
[2010.04.29 12:01:25 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.29 12:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
[2010.04.29 12:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.04.28 23:27:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.29 12:01:25 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com
[2009.12.18 20:24:20 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.12.18 20:24:20 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.12.18 20:24:20 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.12.18 20:24:20 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.12.18 20:24:20 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Programme\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe]  File not found
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [HDMICtrlMan] C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HSON] C:\Programme\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe File not found
O4 - HKLM..\Run: [KeNotify] C:\Programme\Toshiba\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe]  File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Programme\Dealio Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\Toshiba\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Toshiba TEMPO] C:\Programme\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe File not found
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -  File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.185.33 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Toshiba\WALLPAPERS\Wallpaper3.jpg
O24 - Desktop BackupWallPaper: C:\Toshiba\WALLPAPERS\Wallpaper3.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7518c7c8-d887-11de-b755-00235a01b3b6}\Shell - "" = AutoRun
O33 - MountPoints2\{7518c7c8-d887-11de-b755-00235a01b3b6}\Shell\AutoRun\command - "" = D:\Autorun.exe -- File not found
O33 - MountPoints2\{913a2665-42ef-11df-99b6-00235a01b3b6}\Shell - "" = AutoRun
O33 - MountPoints2\{913a2665-42ef-11df-99b6-00235a01b3b6}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{913a267c-42ef-11df-99b6-00235a01b3b6}\Shell - "" = AutoRun
O33 - MountPoints2\{913a267c-42ef-11df-99b6-00235a01b3b6}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.04.29 14:52:01 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Users\benni\Desktop\OTL.exe
[2010.04.29 14:48:58 | 000,000,000 | ---D | C] -- C:\Users\benni\AppData\Roaming\EA
[2010.04.29 13:28:46 | 000,000,000 | ---D | C] -- C:\Users\benni\AppData\Local\Unity
[2010.04.29 11:06:34 | 000,000,000 | ---D | C] -- C:\Programme\ReviverSoft
[2010.04.29 11:06:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ReviverSoft
[2010.04.29 00:17:01 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010.04.29 00:06:18 | 000,000,000 | ---D | C] -- C:\Programme\xp-AntiSpy
[2010.04.28 23:57:54 | 000,000,000 | ---D | C] -- C:\Users\benni\Documents\ForceField Shared Files
[2010.04.28 23:57:54 | 000,000,000 | ---D | C] -- C:\Users\benni\AppData\Roaming\CheckPoint
[2010.04.28 23:57:43 | 000,000,000 | ---D | C] -- C:\Programme\CheckPoint
[2010.04.28 23:57:19 | 000,000,000 | ---D | C] -- C:\Programme\Zone Labs
[2010.04.28 23:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2010.04.28 23:56:50 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010.04.28 23:56:07 | 000,000,000 | ---D | C] -- C:\Users\benni\AppData\Roaming\Avira
[2010.04.28 23:54:15 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.04.28 23:54:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.04.28 23:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2010.04.28 23:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.04.28 22:14:12 | 000,000,000 | ---D | C] -- C:\Users\benni\AppData\Roaming\Malwarebytes
[2010.04.28 22:14:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.28 22:14:02 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.28 22:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.28 22:14:01 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.28 15:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2010.04.28 15:21:21 | 000,000,000 | ---D | C] -- C:\Users\benni\AppData\Roaming\QuickScan
[2010.04.28 13:15:56 | 000,000,000 | ---D | C] -- C:\Programme\Smart PC Solutions
[2010.04.22 16:49:56 | 000,000,000 | ---D | C] -- C:\Users\benni\Documents\Hello Engines! 7
[2010.04.22 16:49:56 | 000,000,000 | ---D | C] -- C:\Users\benni\AppData\Roaming\AceBIT
[2010.04.22 16:48:59 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2010.04.22 16:48:57 | 000,000,000 | ---D | C] -- C:\Programme\AceBIT
[2010.04.14 19:00:13 | 000,000,000 | ---D | C] -- C:\Users\benni\Documents\Meine empfangenen Dateien
[2010.04.14 11:37:06 | 000,000,000 | ---D | C] -- C:\Users\benni\AppData\Roaming\BayCalculator
[2010.04.14 11:37:03 | 000,000,000 | ---D | C] -- C:\Programme\BayCalculator
[2010.04.14 00:29:04 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.14 00:29:03 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.14 00:28:59 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.14 00:28:56 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010.04.14 00:28:56 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010.04.12 14:57:51 | 000,000,000 | ---D | C] -- C:\Users\benni\AppData\Roaming\AVAFX
[2010.04.12 14:57:19 | 000,000,000 | ---D | C] -- C:\Programme\AVAFX
[2010.04.08 13:13:47 | 000,000,000 | ---D | C] -- C:\Users\benni\Desktop\Viamondia_Downloadshop
[2010.04.08 13:09:59 | 000,000,000 | ---D | C] -- C:\Users\benni\AppData\Roaming\FileZilla
[2010.04.08 13:09:08 | 000,000,000 | ---D | C] -- C:\Programme\FileZilla FTP Client
[2010.04.08 12:16:36 | 000,621,056 | R--- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys
[2010.04.08 12:16:36 | 000,113,152 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2010.04.08 12:16:36 | 000,101,760 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2010.04.08 12:16:36 | 000,023,424 | R--- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2010.04.08 12:14:13 | 000,000,000 | ---D | C] -- C:\Programme\Surf & E-Mail-Stick
[2010.04.01 01:48:59 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.04.01 01:48:59 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.04.01 01:48:59 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.04.01 01:48:56 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.04.01 01:48:56 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.04.01 01:48:56 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.04.01 01:48:56 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.04.01 01:48:56 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.04.01 01:48:56 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.04.01 01:48:56 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.04.01 01:48:56 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.04.01 01:48:53 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.04.01 01:48:53 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.04.01 01:48:53 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.04.01 01:48:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.04.29 14:54:32 | 003,932,160 | -HS- | M] () -- C:\Users\benni\ntuser.dat
[2010.04.29 14:52:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DE9CF3B9-1DFB-42CF-B22D-A5E6E487526C}.job
[2010.04.29 14:51:16 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\benni\Desktop\OTL.exe
[2010.04.29 14:44:04 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\tprxcs.sys
[2010.04.29 14:40:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.29 14:34:34 | 000,014,774 | ---- | M] () -- C:\Users\benni\Desktop\Snapshot of me 1.jpg
[2010.04.29 14:31:10 | 000,083,452 | ---- | M] () -- C:\Users\benni\Desktop\x6kb9wtaih2fm5ch5nqe7cfxjw4.jpg
[2010.04.29 14:30:35 | 000,025,243 | ---- | M] () -- C:\Users\benni\Desktop\r81b43p7j176ovyylel4facs2is.jpg
[2010.04.29 14:30:06 | 000,052,628 | ---- | M] () -- C:\Users\benni\Desktop\459uoxpjndao413vk7y77im8nwc.jpg
[2010.04.29 14:22:27 | 000,174,382 | ---- | M] () -- C:\Users\benni\Desktop\Snapshot of me 1.png
[2010.04.29 14:03:41 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.29 14:03:41 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.29 13:17:58 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.29 12:14:54 | 000,001,833 | ---- | M] () -- C:\Users\benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
[2010.04.29 12:11:10 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.29 12:11:10 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.29 12:11:10 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.29 12:11:10 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.29 12:11:10 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.29 12:04:08 | 000,024,539 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010.04.29 12:04:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.29 12:04:00 | 000,405,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.04.29 12:03:58 | 000,524,288 | -HS- | M] () -- C:\Users\benni\ntuser.dat{83903f49-5374-11df-b498-cc64413520e7}.TMContainer00000000000000000002.regtrans-ms
[2010.04.29 12:03:58 | 000,524,288 | -HS- | M] () -- C:\Users\benni\ntuser.dat{83903f49-5374-11df-b498-cc64413520e7}.TMContainer00000000000000000001.regtrans-ms
[2010.04.29 12:03:58 | 000,065,536 | -HS- | M] () -- C:\Users\benni\ntuser.dat{83903f49-5374-11df-b498-cc64413520e7}.TM.blf
[2010.04.29 12:03:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.29 12:03:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.29 12:02:59 | 3184,406,528 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.29 11:52:59 | 000,524,288 | -HS- | M] () -- C:\Users\benni\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.04.29 11:52:59 | 000,065,536 | -HS- | M] () -- C:\Users\benni\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.04.29 11:00:32 | 000,007,052 | ---- | M] () -- C:\Users\benni\AppData\Local\d3d9caps.dat
[2010.04.29 01:44:09 | 000,169,316 | ---- | M] () -- C:\Users\benni\Desktop\bookmarks.html
[2010.04.29 01:41:54 | 000,089,722 | ---- | M] () -- C:\Users\benni\Desktop\bookmarks-2010-04-29.json
[2010.04.28 14:21:21 | 000,189,440 | ---- | M] () -- C:\Users\benni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.28 13:16:06 | 000,001,890 | ---- | M] () -- C:\Users\benni\Desktop\Klicken Sie hier, um PC-Fehler zu finden und zu reparieren.lnk
[2010.04.28 13:16:06 | 000,001,091 | ---- | M] () -- C:\Users\benni\Desktop\1-2-3 Spyware Free.lnk
[2010.04.17 13:14:32 | 000,000,224 | ---- | M] () -- C:\Users\benni\Desktop\Spielezentrum.url
[2010.04.16 14:13:44 | 000,000,590 | ---- | M] () -- C:\Users\benni\Desktop\XAMPP Control Panel.lnk
[2010.04.15 12:28:03 | 000,006,969 | ---- | M] () -- C:\Users\benni\Desktop\bestprice_button.gif
[2010.04.15 11:22:31 | 000,103,897 | ---- | M] () -- C:\Users\benni\Desktop\bestprice_banner.png
[2010.04.15 09:33:03 | 000,011,007 | ---- | M] () -- C:\Users\benni\Desktop\foto_allincl_oben.jpg
[2010.04.15 08:52:25 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2010.04.14 19:01:33 | 000,010,580 | ---- | M] () -- C:\Users\benni\Documents\Guten Tag.docx
[2010.04.14 12:01:58 | 000,010,914 | ---- | M] () -- C:\Users\benni\Documents\Sehr geehrte Damen und Herren.2.docx
[2010.04.14 11:37:04 | 000,001,777 | ---- | M] () -- C:\Users\benni\Desktop\BaySearch.de - Tippfehlersuche.lnk
[2010.04.13 21:53:26 | 000,010,691 | ---- | M] () -- C:\Users\benni\Desktop\Guten Tag.docx
[2010.04.13 11:09:46 | 000,010,987 | ---- | M] () -- C:\Users\benni\Desktop\Sehr geehrtes open holiday guide Team.docx
[2010.04.12 20:02:58 | 000,002,078 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.04.12 14:57:20 | 000,001,651 | ---- | M] () -- C:\Users\benni\Desktop\AVAFX.lnk
[2010.04.08 17:14:06 | 000,000,149 | ---- | M] () -- C:\Users\benni\Desktop\_config.php
[2010.04.08 15:30:11 | 000,007,756 | ---- | M] () -- C:\Users\benni\Desktop\partnerlogo.jpg
[2010.04.08 15:22:34 | 000,007,678 | ---- | M] () -- C:\Users\benni\Desktop\Unbenannt.jpg
[2010.04.08 15:02:33 | 000,023,240 | ---- | M] () -- C:\Users\benni\Desktop\Logo.jpg
[2010.04.08 15:01:02 | 000,015,160 | ---- | M] () -- C:\Users\benni\Desktop\Unbenannt.gif
[2010.04.08 12:17:10 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Surf & E-Mail-Stick.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.04.29 14:44:03 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\tprxcs.sys
[2010.04.29 14:34:34 | 000,014,774 | ---- | C] () -- C:\Users\benni\Desktop\Snapshot of me 1.jpg
[2010.04.29 14:31:10 | 000,083,452 | ---- | C] () -- C:\Users\benni\Desktop\x6kb9wtaih2fm5ch5nqe7cfxjw4.jpg
[2010.04.29 14:30:34 | 000,025,243 | ---- | C] () -- C:\Users\benni\Desktop\r81b43p7j176ovyylel4facs2is.jpg
[2010.04.29 14:30:06 | 000,052,628 | ---- | C] () -- C:\Users\benni\Desktop\459uoxpjndao413vk7y77im8nwc.jpg
[2010.04.29 14:22:27 | 000,174,382 | ---- | C] () -- C:\Users\benni\Desktop\Snapshot of me 1.png
[2010.04.29 12:03:58 | 000,524,288 | -HS- | C] () -- C:\Users\benni\ntuser.dat{83903f49-5374-11df-b498-cc64413520e7}.TMContainer00000000000000000002.regtrans-ms
[2010.04.29 12:03:58 | 000,524,288 | -HS- | C] () -- C:\Users\benni\ntuser.dat{83903f49-5374-11df-b498-cc64413520e7}.TMContainer00000000000000000001.regtrans-ms
[2010.04.29 12:03:58 | 000,065,536 | -HS- | C] () -- C:\Users\benni\ntuser.dat{83903f49-5374-11df-b498-cc64413520e7}.TM.blf
[2010.04.29 12:02:59 | 3184,406,528 | -HS- | C] () -- C:\hiberfil.sys
[2010.04.29 01:44:09 | 000,169,316 | ---- | C] () -- C:\Users\benni\Desktop\bookmarks.html
[2010.04.29 01:41:54 | 000,089,722 | ---- | C] () -- C:\Users\benni\Desktop\bookmarks-2010-04-29.json
[2010.04.28 22:14:06 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.28 13:16:06 | 000,001,890 | ---- | C] () -- C:\Users\benni\Desktop\Klicken Sie hier, um PC-Fehler zu finden und zu reparieren.lnk
[2010.04.28 13:16:06 | 000,001,091 | ---- | C] () -- C:\Users\benni\Desktop\1-2-3 Spyware Free.lnk
[2010.04.17 13:14:32 | 000,000,224 | ---- | C] () -- C:\Users\benni\Desktop\Spielezentrum.url
[2010.04.16 14:13:31 | 000,000,590 | ---- | C] () -- C:\Users\benni\Desktop\XAMPP Control Panel.lnk
[2010.04.15 12:28:02 | 000,006,969 | ---- | C] () -- C:\Users\benni\Desktop\bestprice_button.gif
[2010.04.15 11:22:31 | 000,103,897 | ---- | C] () -- C:\Users\benni\Desktop\bestprice_banner.png
[2010.04.15 09:33:02 | 000,011,007 | ---- | C] () -- C:\Users\benni\Desktop\foto_allincl_oben.jpg
[2010.04.14 19:01:33 | 000,010,580 | ---- | C] () -- C:\Users\benni\Documents\Guten Tag.docx
[2010.04.14 12:01:58 | 000,010,914 | ---- | C] () -- C:\Users\benni\Documents\Sehr geehrte Damen und Herren.2.docx
[2010.04.14 11:37:04 | 000,001,777 | ---- | C] () -- C:\Users\benni\Desktop\BaySearch.de - Tippfehlersuche.lnk
[2010.04.13 21:53:26 | 000,010,691 | ---- | C] () -- C:\Users\benni\Desktop\Guten Tag.docx
[2010.04.13 11:09:46 | 000,010,987 | ---- | C] () -- C:\Users\benni\Desktop\Sehr geehrtes open holiday guide Team.docx
[2010.04.12 20:02:58 | 000,002,078 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.04.12 14:57:20 | 000,001,651 | ---- | C] () -- C:\Users\benni\Desktop\AVAFX.lnk
[2010.04.08 17:14:06 | 000,000,149 | ---- | C] () -- C:\Users\benni\Desktop\_config.php
[2010.04.08 15:30:11 | 000,007,756 | ---- | C] () -- C:\Users\benni\Desktop\partnerlogo.jpg
[2010.04.08 15:22:34 | 000,007,678 | ---- | C] () -- C:\Users\benni\Desktop\Unbenannt.jpg
[2010.04.08 15:03:53 | 000,023,240 | ---- | C] () -- C:\Users\benni\Desktop\Logo.jpg
[2010.04.08 15:00:58 | 000,015,160 | ---- | C] () -- C:\Users\benni\Desktop\Unbenannt.gif
[2010.04.08 12:17:10 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Surf & E-Mail-Stick.lnk
[2010.02.10 22:24:18 | 000,000,082 | ---- | C] () -- C:\Windows\odbc_merge.INI
[2009.11.23 14:10:14 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2009.11.18 23:36:21 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.10.21 21:23:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.16 05:46:58 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009.10.16 05:46:58 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009.10.16 05:46:58 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009.10.16 05:46:58 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008.11.20 12:04:04 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.11.20 12:04:04 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.11.20 12:04:04 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.11.20 12:04:04 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.11.20 12:04:04 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.11.20 12:04:04 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008.11.20 11:55:36 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008.11.20 11:46:51 | 000,040,960 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2008.11.20 11:37:58 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.04.24 10:08:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2007.12.21 17:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.07.22 22:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
< End of report >
         

Alt 29.04.2010, 16:17   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
verschicke spam mit msn und er stürzt immer ab - Standard

verschicke spam mit msn und er stürzt immer ab



Hallo und

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O33 - MountPoints2\{7518c7c8-d887-11de-b755-00235a01b3b6}\Shell - "" = AutoRun
O33 - MountPoints2\{7518c7c8-d887-11de-b755-00235a01b3b6}\Shell\AutoRun\command - "" = D:\Autorun.exe -- File not found
O33 - MountPoints2\{913a2665-42ef-11df-99b6-00235a01b3b6}\Shell - "" = AutoRun
O33 - MountPoints2\{913a2665-42ef-11df-99b6-00235a01b3b6}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{913a267c-42ef-11df-99b6-00235a01b3b6}\Shell - "" = AutoRun
O33 - MountPoints2\{913a267c-42ef-11df-99b6-00235a01b3b6}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
[2010.04.29 14:44:03 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\tprxcs.sys
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.04.2010, 17:37   #6
PrinzBenni
 
verschicke spam mit msn und er stürzt immer ab - Standard

verschicke spam mit msn und er stürzt immer ab



Hallo,
hab ich gemacht.
In meiner email Benachrichtigung stand noch etwas von wegen ich müsste das ausgesterne in meinen richtigen Benutzernamen verwandeln... Das versteh ich nicht.
Hoffe habe alles richtig gemacht


Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7518c7c8-d887-11de-b755-00235a01b3b6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7518c7c8-d887-11de-b755-00235a01b3b6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7518c7c8-d887-11de-b755-00235a01b3b6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7518c7c8-d887-11de-b755-00235a01b3b6}\ not found.
File D:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{913a2665-42ef-11df-99b6-00235a01b3b6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{913a2665-42ef-11df-99b6-00235a01b3b6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{913a2665-42ef-11df-99b6-00235a01b3b6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{913a2665-42ef-11df-99b6-00235a01b3b6}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{913a267c-42ef-11df-99b6-00235a01b3b6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{913a267c-42ef-11df-99b6-00235a01b3b6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{913a267c-42ef-11df-99b6-00235a01b3b6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{913a267c-42ef-11df-99b6-00235a01b3b6}\ not found.
File E:\AutoRun.exe not found.
C:\Windows\System32\drivers\tprxcs.sys moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: benni
->Temp folder emptied: 1030308467 bytes
->Temporary Internet Files folder emptied: 28859936 bytes
->Java cache emptied: 45241122 bytes
->FireFox cache emptied: 64134330 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 12589417 bytes
->Flash cache emptied: 8590 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1145860 bytes
RecycleBin emptied: 415620735 bytes
 
Total Files Cleaned = 1.524,00 mb
 
 
OTL by OldTimer - Version 3.2.3.0 log created on 04292010_172610

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\mcmsc_5B9ucLwHIQfj0Sh not found!
File\Folder C:\Windows\temp\mcmsc_i7vyRKg7GBNvGcM not found!
C:\Windows\temp\sqlite_1BH6csAGo2AfNcO moved successfully.
C:\Windows\temp\sqlite_A9MTIH5Y3pqh6cn moved successfully.
C:\Windows\temp\sqlite_bGhPeXbRb5lpiPy moved successfully.
C:\Windows\temp\sqlite_lGgng9X1E8sFa2y moved successfully.
C:\Windows\temp\sqlite_LJjxGEzUw3f4E9K moved successfully.

Registry entries deleted on Reboot...
         

Alt 29.04.2010, 19:51   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
verschicke spam mit msn und er stürzt immer ab - Standard

verschicke spam mit msn und er stürzt immer ab



Zitat:
In meiner email Benachrichtigung stand noch etwas von wegen ich müsste das ausgesterne in meinen richtigen Benutzernamen verwandeln... Das versteh ich nicht.
Das kannst Du ignorieren, ich hab im Nachhinein meinen Beitrag ja geändert.
Mach bitte nun einen Durchgang mit CF:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.04.2010, 23:13   #8
PrinzBenni
 
verschicke spam mit msn und er stürzt immer ab - Standard

verschicke spam mit msn und er stürzt immer ab



So alles so gemacht wie es da gestanden hat.

Code:
ATTFilter
ComboFix 10-04-29.01 - benni 29.04.2010  23:00:35.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3036.2091 [GMT 2:00]
ausgeführt von:: c:\users\benni\Desktop\Cofi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((   Dateien erstellt von 2010-03-28 bis 2010-04-29  ))))))))))))))))))))))))))))))
.

2010-04-29 21:08 . 2010-04-29 21:08	--------	d-----w-	c:\users\benni\AppData\Local\temp
2010-04-29 21:08 . 2010-04-29 21:08	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-04-29 21:08 . 2010-04-29 21:08	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-04-29 20:27 . 2010-04-29 20:43	--------	d-----w-	C:\Cofi
2010-04-29 20:19 . 2010-04-29 20:19	--------	d-----w-	c:\program files\CCleaner
2010-04-29 15:26 . 2010-04-29 15:26	--------	d-----w-	C:\_OTL
2010-04-29 12:52 . 2009-10-08 08:30	13312	----a-w-	c:\users\benni\AppData\Roaming\EA\EASW\GameFace\PhotoFaceConsole.exe
2010-04-29 12:52 . 2009-09-30 08:41	361472	----a-w-	c:\users\benni\AppData\Roaming\EA\EASW\GameFace\FgPhotofitDll.dll
2010-04-29 12:52 . 2009-09-29 18:29	6144	----a-w-	c:\users\benni\AppData\Roaming\EA\EASW\GameFace\DetectOpenGLConsole.exe
2010-04-29 12:52 . 2009-09-29 18:29	5120	----a-w-	c:\users\benni\AppData\Roaming\EA\EASW\GameFace\DownloadSourcePhotoConsole.exe
2010-04-29 12:52 . 2009-09-29 18:29	9216	----a-w-	c:\users\benni\AppData\Roaming\EA\EASW\GameFace\UploadPhotofitConsole.exe
2010-04-29 12:52 . 2009-09-21 09:14	8192	----a-w-	c:\users\benni\AppData\Roaming\EA\EASW\GameFace\OpenGLCheck.dll
2010-04-29 12:52 . 2009-08-19 09:40	655872	----a-w-	c:\users\benni\AppData\Roaming\EA\EASW\GameFace\msvcr90.dll
2010-04-29 12:52 . 2009-08-19 09:40	572928	----a-w-	c:\users\benni\AppData\Roaming\EA\EASW\GameFace\msvcp90.dll
2010-04-29 12:52 . 2009-08-19 09:40	4178264	----a-w-	c:\users\benni\AppData\Roaming\EA\EASW\GameFace\D3DX9_41.dll
2010-04-29 12:52 . 2009-09-30 17:14	15872	----a-w-	c:\users\benni\AppData\Roaming\EA\EASW\GameFace\PhotoFaceConsole.XmlSerializers.dll
2010-04-29 12:49 . 2010-04-29 12:49	175616	----a-w-	c:\users\benni\AppData\Roaming\EA\EASW\GameFace\unrar64_nocrypt.dll
2010-04-29 12:48 . 2010-04-29 12:49	150528	----a-w-	c:\users\benni\AppData\Roaming\EA\EASW\GameFace\unrar_nocrypt.dll
2010-04-29 12:48 . 2010-04-29 12:48	30208	----a-w-	c:\users\benni\AppData\Roaming\EA\EASW\GameFace\FileDownloadConsole.exe
2010-04-29 12:48 . 2010-04-29 12:48	--------	d-----w-	c:\users\benni\AppData\Roaming\EA
2010-04-29 11:28 . 2010-04-29 11:28	--------	d-----w-	c:\users\benni\AppData\Local\Unity
2010-04-29 09:06 . 2010-04-29 09:06	--------	d-----w-	c:\program files\ReviverSoft
2010-04-29 09:06 . 2010-04-29 09:06	--------	d-----w-	c:\programdata\ReviverSoft
2010-04-28 22:17 . 2010-04-28 22:17	--------	d-----w-	c:\programdata\WindowsSearch
2010-04-28 22:06 . 2010-04-28 22:06	--------	d-----w-	c:\program files\xp-AntiSpy
2010-04-28 21:57 . 2010-04-28 21:57	--------	d-----w-	c:\users\benni\AppData\Roaming\CheckPoint
2010-04-28 21:57 . 2010-04-28 21:57	--------	d-----w-	c:\program files\CheckPoint
2010-04-28 21:57 . 2010-04-28 21:57	--------	d-----w-	c:\program files\Zone Labs
2010-04-28 21:56 . 2010-04-28 21:56	--------	d-----w-	c:\programdata\CheckPoint
2010-04-28 21:56 . 2010-04-29 09:08	--------	d-----w-	c:\windows\Internet Logs
2010-04-28 21:56 . 2010-04-28 21:56	--------	d-----w-	c:\users\benni\AppData\Roaming\Avira
2010-04-28 21:54 . 2010-04-28 21:54	--------	d-----w-	c:\programdata\Avira
2010-04-28 21:54 . 2010-04-28 21:54	--------	d-----w-	c:\program files\Avira
2010-04-28 21:31 . 2010-04-28 21:31	--------	d-----w-	c:\programdata\Comodo
2010-04-28 20:14 . 2010-04-28 20:14	--------	d-----w-	c:\users\benni\AppData\Roaming\Malwarebytes
2010-04-28 20:14 . 2010-03-29 13:24	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-28 20:14 . 2010-04-28 20:14	--------	d-----w-	c:\programdata\Malwarebytes
2010-04-28 20:14 . 2010-03-29 13:24	20824	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-04-28 20:14 . 2010-04-29 11:17	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-04-28 13:36 . 2010-04-28 13:36	--------	d-----w-	c:\programdata\F-Secure
2010-04-28 13:21 . 2010-04-28 23:54	--------	d-----w-	c:\users\benni\AppData\Roaming\QuickScan
2010-04-28 11:15 . 2010-04-28 11:15	--------	d-----w-	c:\program files\Smart PC Solutions
2010-04-22 14:50 . 2010-04-26 19:53	284160	----a-w-	c:\users\benni\AppData\Roaming\AceBIT\Hello Engines! 7\Temp\tidy_de.exe
2010-04-22 14:50 . 2010-04-26 19:53	282624	----a-w-	c:\users\benni\AppData\Roaming\AceBIT\Hello Engines! 7\Temp\tidy_en.exe
2010-04-22 14:49 . 2010-04-22 14:49	--------	d-----w-	c:\users\benni\AppData\Roaming\AceBIT
2010-04-22 14:48 . 2001-09-05 18:00	1700352	----a-w-	c:\windows\system32\gdiplus.dll
2010-04-22 14:48 . 2010-04-29 10:01	--------	d-----w-	c:\program files\AceBIT
2010-04-19 22:32 . 2010-04-13 23:16	3468800	----a-w-	c:\users\benni\AppData\Roaming\AVAFX\APP#4D1DB572\Fx_Client.exe
2010-04-14 09:37 . 2010-04-14 10:15	--------	d-----w-	c:\users\benni\AppData\Roaming\BayCalculator
2010-04-14 09:37 . 2010-04-29 10:01	--------	d-----w-	c:\program files\BayCalculator
2010-04-13 22:29 . 2010-02-23 11:10	79360	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2010-04-13 22:29 . 2010-02-23 11:10	212992	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2010-04-13 22:29 . 2010-02-23 11:10	106496	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2010-04-13 22:29 . 2010-02-18 14:07	3548040	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-04-13 22:29 . 2010-02-18 14:07	3600776	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-04-13 22:28 . 2010-03-05 14:01	420352	----a-w-	c:\windows\system32\vbscript.dll
2010-04-13 22:28 . 2010-02-18 14:07	904576	----a-w-	c:\windows\system32\drivers\tcpip.sys
2010-04-13 22:28 . 2010-02-18 11:28	25088	----a-w-	c:\windows\system32\drivers\tunnel.sys
2010-04-13 22:28 . 2010-02-18 13:30	200704	----a-w-	c:\windows\system32\iphlpsvc.dll
2010-04-13 22:27 . 2009-12-23 11:33	172032	----a-w-	c:\windows\system32\wintrust.dll
2010-04-13 22:27 . 2010-01-13 17:34	98304	----a-w-	c:\windows\system32\cabview.dll
2010-04-12 12:58 . 2010-04-08 03:31	3227648	----a-w-	c:\users\benni\AppData\Roaming\AVAFX\APP#046CAF35\Fx_Client.exe
2010-04-12 12:57 . 2010-04-29 10:01	--------	d-----w-	c:\users\benni\AppData\Roaming\AVAFX
2010-04-12 12:57 . 2010-04-29 10:01	--------	d-----w-	c:\program files\AVAFX
2010-04-08 11:09 . 2010-04-19 22:31	--------	d-----w-	c:\users\benni\AppData\Roaming\FileZilla
2010-04-08 11:09 . 2010-04-08 11:09	--------	d-----w-	c:\program files\FileZilla FTP Client
2010-04-08 10:16 . 2008-11-08 08:55	621056	----a-r-	c:\windows\system32\drivers\mod7700.sys
2010-04-08 10:16 . 2008-11-08 08:55	113152	----a-r-	c:\windows\system32\drivers\ewusbnet.sys
2010-04-08 10:16 . 2008-11-08 08:55	101760	----a-r-	c:\windows\system32\drivers\ewusbmdm.sys
2010-04-08 10:16 . 2008-11-08 08:55	23424	----a-r-	c:\windows\system32\drivers\ewdcsc.sys
2010-04-08 10:14 . 2010-04-29 10:03	--------	d-----w-	c:\program files\Surf & E-Mail-Stick

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-29 20:58 . 2009-11-18 14:45	--------	d-----w-	c:\users\benni\AppData\Roaming\uTorrent
2010-04-29 20:53 . 2010-02-22 13:02	--------	d-----w-	c:\users\benni\AppData\Roaming\Skype
2010-04-29 20:51 . 2008-11-20 10:22	--------	d-----w-	c:\program files\Google
2010-04-29 20:47 . 2008-11-20 10:18	--------	d-----w-	c:\programdata\McAfee
2010-04-29 16:35 . 2008-01-21 07:15	618442	----a-w-	c:\windows\system32\perfh007.dat
2010-04-29 16:35 . 2008-01-21 07:15	122842	----a-w-	c:\windows\system32\perfc007.dat
2010-04-29 15:34 . 2010-02-22 13:06	--------	d-----w-	c:\users\benni\AppData\Roaming\skypePM
2010-04-29 10:03 . 2008-11-20 10:22	--------	d-----w-	c:\program files\Picasa2
2010-04-29 10:02 . 2009-11-23 23:15	--------	d-----w-	c:\program files\DAEMON Tools Lite
2010-04-29 10:01 . 2009-11-18 21:52	--------	d-----w-	c:\users\benni\AppData\Roaming\My ClickOnce Applications
2010-04-29 10:01 . 2009-12-10 23:03	--------	d-----w-	c:\program files\Windows Live SkyDrive
2010-04-29 10:01 . 2009-12-10 23:03	--------	d-----w-	c:\program files\Windows Live
2010-04-29 10:01 . 2009-12-07 16:49	--------	d-----w-	c:\program files\YouTube Downloader
2010-04-29 10:01 . 2009-10-30 02:03	--------	d-----w-	c:\program files\Teamspeak2_RC2
2010-04-29 10:01 . 2010-03-24 20:16	--------	d-----w-	c:\program files\NetView3D
2010-04-29 10:01 . 2009-11-23 23:28	--------	d-----w-	c:\program files\Smart Projects
2010-04-29 10:01 . 2010-02-10 20:26	--------	d-----w-	c:\program files\MS-Buchhalter
2010-04-29 10:01 . 2010-02-09 10:30	--------	d-----w-	c:\program files\Jitbit
2010-04-29 10:01 . 2009-12-09 17:43	--------	d-----w-	c:\program files\ICQ6Toolbar
2010-04-29 10:01 . 2009-12-07 16:59	--------	d-----w-	c:\program files\KigoVideoConverter
2010-04-29 10:01 . 2009-12-05 23:45	--------	d-----w-	c:\program files\Bonjour
2010-04-29 09:00 . 2009-12-10 02:00	7052	----a-w-	c:\users\benni\AppData\Local\d3d9caps.dat
2010-04-28 21:28 . 2008-11-20 09:32	--------	d-----w-	c:\program files\Common Files\Java
2010-04-28 21:27 . 2008-11-20 09:33	--------	d-----w-	c:\program files\Java
2010-04-28 20:36 . 2009-12-10 18:55	--------	d-----w-	c:\users\benni\AppData\Roaming\ICQ
2010-04-28 20:26 . 2010-02-10 16:38	--------	d-----w-	c:\program files\ExcelFibu3_11
2010-04-28 13:02 . 2009-12-12 11:04	--------	d-----w-	c:\users\benni\AppData\Roaming\vlc
2010-04-28 11:40 . 2009-12-06 00:28	--------	d-----w-	c:\program files\Techlogg.com ToneShop
2010-04-22 14:48 . 2008-11-20 09:38	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-04-14 01:22 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-04-14 01:06 . 2008-11-20 10:27	--------	d-----w-	c:\programdata\Microsoft Help
2010-04-09 21:49 . 2009-11-01 20:05	--------	d-----w-	c:\users\benni\AppData\Roaming\dvdcss
2010-03-25 13:00 . 2010-03-25 13:00	--------	d-----w-	c:\programdata\RoboForm
2010-03-25 13:00 . 2010-03-25 13:00	--------	d-----w-	c:\program files\Siber Systems
2010-03-24 20:49 . 2009-10-21 20:12	286	----a-w-	c:\users\benni\AppData\Roaming\wklnhst.dat
2010-03-04 01:53 . 2009-12-05 23:47	--------	d-----w-	c:\users\benni\AppData\Roaming\Apple Computer
2010-03-03 12:24 . 2010-03-03 12:24	--------	d-----w-	c:\program files\Safari
2010-03-03 12:23 . 2010-03-03 12:23	79144	----a-w-	c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2010-03-03 12:23 . 2010-03-03 12:22	--------	d-----w-	c:\program files\iTunes
2010-03-03 12:22 . 2010-03-03 12:22	--------	d-----w-	c:\program files\iPod
2010-03-03 12:22 . 2009-12-05 23:42	--------	d-----w-	c:\program files\Common Files\Apple
2010-03-03 12:19 . 2010-03-03 12:19	72488	----a-w-	c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-26 01:59 . 2009-10-16 03:56	114968	----a-w-	c:\users\benni\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 06:39 . 2010-03-31 23:48	916480	----a-w-	c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 23:48	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 23:48	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 23:48	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-02-22 13:06 . 2010-02-22 13:06	56	---ha-w-	c:\programdata\ezsidmv.dat
2010-02-20 23:06 . 2010-03-13 12:20	24064	----a-w-	c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-13 12:20	30720	----a-w-	c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-13 12:20	411648	----a-w-	c:\windows\system32\drivers\http.sys
2010-02-12 10:32 . 2010-03-16 09:40	293376	----a-w-	c:\windows\system32\browserchoice.exe
2009-10-29 08:22 . 2009-10-29 08:22	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-09-25 16:41 . 2009-09-25 16:41	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-07-04 430080]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-11-18 289584]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-24 7719456]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2007-04-16 421888]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2007-09-19 438272]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"NDSTray.exe"="NDSTray.exe" [BU]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-05-20 716800]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-08-18 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-09-24 727608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-29 30192]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-08-26 103824]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-09 149280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-17 177472]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]

c:\users\benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):45,a1,ca,ac,c9,79,ca,01

R0 dskc;dskc;c:\windows\System32\drivers\tprxcs.sys [x]
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-23 691696]
R2 gupdate1ca4e5615b55cf3;Google Update Service (gupdate1ca4e5615b55cf3);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-16 133104]
R3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-10-29 30192]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-09-05 40960]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-08-26 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-07-15 106496]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-09-09 99216]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-08-25 77824]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-16 11:44]

2010-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-16 11:44]

2010-04-29 c:\windows\Tasks\User_Feed_Synchronization-{DE9CF3B9-1DFB-42CF-B22D-A5E6E487526C}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.Google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home
FF - ProfilePath - c:\users\benni\AppData\Roaming\Mozilla\Firefox\Profiles\z7053s7l.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage|hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\users\benni\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-04-29 23:08
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i????????? ???X?m???m???m???m?   

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-2744725279-3685766666-4055958726-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BC7CE7CF-4A05-E078-5D93-6ABDBB28D6D2}*]
"maadkklpkmbfefgaiongbpomim"=hex:69,61,6e,6c,6c,64,6f,6d,62,6d,67,67,68,70,6d,
   64,65,6c,00,64
"nagcammnkibcfdbaihbfdmjcelji"=hex:69,61,6e,6c,6c,64,6f,6d,62,6d,67,67,68,70,
   6d,64,65,6c,00,64

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-04-29  23:10:47
ComboFix-quarantined-files.txt  2010-04-29 21:10
ComboFix2.txt  2010-04-29 20:42

Vor Suchlauf: 15 Verzeichnis(se), 66.785.288.192 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 66.558.390.272 Bytes frei

- - End Of File - - 9B170156C79CBFE3498BB8BEC8BDFDB1
         

Alt 30.04.2010, 13:16   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
verschicke spam mit msn und er stürzt immer ab - Standard

verschicke spam mit msn und er stürzt immer ab



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
http://www.trojaner-board.de/85421-verschicke-spam-mit-msn-und-er-stuerzt-immer-ab.html

Collect::
c:\windows\System32\drivers\tprxcs.sys

RegNull::
[HKEY_USERS\S-1-5-21-2744725279-3685766666-4055958726-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BC7CE7CF-4A05-E078-5D93-6ABDBB28D6D2}*]

Driver::
dskc
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.04.2010, 18:40   #10
PrinzBenni
 
verschicke spam mit msn und er stürzt immer ab - Standard

verschicke spam mit msn und er stürzt immer ab



Hab alles erledigt

Code:
ATTFilter
ComboFix 10-04-29.05 - benni 30.04.2010  18:18:55.3.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3036.2057 [GMT 2:00]
ausgeführt von:: c:\users\benni\Desktop\Cofi.exe
Benutzte Befehlsschalter :: c:\users\benni\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_dskc


(((((((((((((((((((((((   Dateien erstellt von 2010-03-28 bis 2010-04-30  ))))))))))))))))))))))))))))))
.

2010-04-30 16:24 . 2010-04-30 16:24	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-04-30 16:24 . 2010-04-30 16:24	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-04-29 23:48 . 2010-02-24 08:16	181632	------w-	c:\windows\system32\MpSigStub.exe
2010-04-29 21:10 . 2010-04-30 16:26	--------	d-----w-	c:\users\benni\AppData\Local\temp
2010-04-29 20:58 . 2010-04-29 21:10	--------	d-----w-	C:\Cofi31451C
2010-04-29 20:27 . 2010-04-29 20:43	--------	d-----w-	C:\Cofi
2010-04-29 20:19 . 2010-04-29 20:19	--------	d-----w-	c:\program files\CCleaner
2010-04-29 15:26 . 2010-04-29 15:26	--------	d-----w-	C:\_OTL
2010-04-29 12:48 . 2010-04-29 12:48	--------	d-----w-	c:\users\benni\AppData\Roaming\EA
2010-04-29 11:28 . 2010-04-29 11:28	--------	d-----w-	c:\users\benni\AppData\Local\Unity
2010-04-29 09:06 . 2010-04-29 09:06	--------	d-----w-	c:\program files\ReviverSoft
2010-04-29 09:06 . 2010-04-29 09:06	--------	d-----w-	c:\programdata\ReviverSoft
2010-04-28 22:17 . 2010-04-28 22:17	--------	d-----w-	c:\programdata\WindowsSearch
2010-04-28 22:06 . 2010-04-28 22:06	--------	d-----w-	c:\program files\xp-AntiSpy
2010-04-28 21:57 . 2010-04-28 21:57	--------	d-----w-	c:\users\benni\AppData\Roaming\CheckPoint
2010-04-28 21:57 . 2010-04-28 21:57	--------	d-----w-	c:\program files\CheckPoint
2010-04-28 21:57 . 2010-04-28 21:57	--------	d-----w-	c:\program files\Zone Labs
2010-04-28 21:56 . 2010-04-28 21:56	--------	d-----w-	c:\programdata\CheckPoint
2010-04-28 21:56 . 2010-04-29 09:08	--------	d-----w-	c:\windows\Internet Logs
2010-04-28 21:56 . 2010-04-28 21:56	--------	d-----w-	c:\users\benni\AppData\Roaming\Avira
2010-04-28 21:54 . 2010-04-28 21:54	--------	d-----w-	c:\programdata\Avira
2010-04-28 21:54 . 2010-04-28 21:54	--------	d-----w-	c:\program files\Avira
2010-04-28 21:31 . 2010-04-28 21:31	--------	d-----w-	c:\programdata\Comodo
2010-04-28 20:14 . 2010-04-28 20:14	--------	d-----w-	c:\users\benni\AppData\Roaming\Malwarebytes
2010-04-28 20:14 . 2010-03-29 13:24	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-28 20:14 . 2010-04-28 20:14	--------	d-----w-	c:\programdata\Malwarebytes
2010-04-28 20:14 . 2010-03-29 13:24	20824	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-04-28 20:14 . 2010-04-29 11:17	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-04-28 13:36 . 2010-04-28 13:36	--------	d-----w-	c:\programdata\F-Secure
2010-04-28 13:21 . 2010-04-28 23:54	--------	d-----w-	c:\users\benni\AppData\Roaming\QuickScan
2010-04-22 14:49 . 2010-04-22 14:49	--------	d-----w-	c:\users\benni\AppData\Roaming\AceBIT
2010-04-22 14:48 . 2001-09-05 18:00	1700352	----a-w-	c:\windows\system32\gdiplus.dll
2010-04-22 14:48 . 2010-04-29 10:01	--------	d-----w-	c:\program files\AceBIT
2010-04-14 09:37 . 2010-04-14 10:15	--------	d-----w-	c:\users\benni\AppData\Roaming\BayCalculator
2010-04-14 09:37 . 2010-04-29 10:01	--------	d-----w-	c:\program files\BayCalculator
2010-04-13 22:29 . 2010-02-23 11:10	79360	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2010-04-13 22:29 . 2010-02-23 11:10	212992	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2010-04-13 22:29 . 2010-02-23 11:10	106496	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2010-04-13 22:29 . 2010-02-18 14:07	3548040	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-04-13 22:29 . 2010-02-18 14:07	3600776	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-04-13 22:28 . 2010-03-05 14:01	420352	----a-w-	c:\windows\system32\vbscript.dll
2010-04-13 22:28 . 2010-02-18 14:07	904576	----a-w-	c:\windows\system32\drivers\tcpip.sys
2010-04-13 22:28 . 2010-02-18 11:28	25088	----a-w-	c:\windows\system32\drivers\tunnel.sys
2010-04-13 22:28 . 2010-02-18 13:30	200704	----a-w-	c:\windows\system32\iphlpsvc.dll
2010-04-13 22:27 . 2009-12-23 11:33	172032	----a-w-	c:\windows\system32\wintrust.dll
2010-04-13 22:27 . 2010-01-13 17:34	98304	----a-w-	c:\windows\system32\cabview.dll
2010-04-08 11:09 . 2010-04-19 22:31	--------	d-----w-	c:\users\benni\AppData\Roaming\FileZilla
2010-04-08 11:09 . 2010-04-08 11:09	--------	d-----w-	c:\program files\FileZilla FTP Client
2010-04-08 10:14 . 2010-04-29 21:19	--------	d-----w-	c:\program files\Surf & E-Mail-Stick

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-30 16:25 . 2009-11-18 14:45	--------	d-----w-	c:\users\benni\AppData\Roaming\uTorrent
2010-04-30 10:42 . 2009-12-12 11:04	--------	d-----w-	c:\users\benni\AppData\Roaming\vlc
2010-04-29 21:18 . 2010-02-22 13:02	--------	d-----r-	c:\program files\Skype
2010-04-29 20:53 . 2010-02-22 13:02	--------	d-----w-	c:\users\benni\AppData\Roaming\Skype
2010-04-29 20:51 . 2008-11-20 10:22	--------	d-----w-	c:\program files\Google
2010-04-29 20:47 . 2008-11-20 10:18	--------	d-----w-	c:\programdata\McAfee
2010-04-29 16:35 . 2008-01-21 07:15	618442	----a-w-	c:\windows\system32\perfh007.dat
2010-04-29 16:35 . 2008-01-21 07:15	122842	----a-w-	c:\windows\system32\perfc007.dat
2010-04-29 15:34 . 2010-02-22 13:06	--------	d-----w-	c:\users\benni\AppData\Roaming\skypePM
2010-04-29 12:49 . 2010-04-29 12:49	175616	----a-w-	c:\users\benni\AppData\Roaming\EA\EASW\GameFace\unrar64_nocrypt.dll
2010-04-29 12:49 . 2010-04-29 12:48	150528	----a-w-	c:\users\benni\AppData\Roaming\EA\EASW\GameFace\unrar_nocrypt.dll
2010-04-29 12:48 . 2010-04-29 12:48	30208	----a-w-	c:\users\benni\AppData\Roaming\EA\EASW\GameFace\FileDownloadConsole.exe
2010-04-29 10:02 . 2009-11-23 23:15	--------	d-----w-	c:\program files\DAEMON Tools Lite
2010-04-29 10:01 . 2009-11-18 21:52	--------	d-----w-	c:\users\benni\AppData\Roaming\My ClickOnce Applications
2010-04-29 10:01 . 2009-12-10 23:03	--------	d-----w-	c:\program files\Windows Live SkyDrive
2010-04-29 10:01 . 2009-12-10 23:03	--------	d-----w-	c:\program files\Windows Live
2010-04-29 10:01 . 2009-12-07 16:49	--------	d-----w-	c:\program files\YouTube Downloader
2010-04-29 10:01 . 2009-10-30 02:03	--------	d-----w-	c:\program files\Teamspeak2_RC2
2010-04-29 10:01 . 2010-03-24 20:16	--------	d-----w-	c:\program files\NetView3D
2010-04-29 10:01 . 2009-11-23 23:28	--------	d-----w-	c:\program files\Smart Projects
2010-04-29 10:01 . 2010-02-09 10:30	--------	d-----w-	c:\program files\Jitbit
2010-04-29 10:01 . 2009-12-09 17:43	--------	d-----w-	c:\program files\ICQ6Toolbar
2010-04-29 10:01 . 2009-12-07 16:59	--------	d-----w-	c:\program files\KigoVideoConverter
2010-04-29 10:01 . 2009-12-05 23:45	--------	d-----w-	c:\program files\Bonjour
2010-04-29 09:00 . 2009-12-10 02:00	7052	----a-w-	c:\users\benni\AppData\Local\d3d9caps.dat
2010-04-28 21:28 . 2008-11-20 09:32	--------	d-----w-	c:\program files\Common Files\Java
2010-04-28 21:27 . 2008-11-20 09:33	--------	d-----w-	c:\program files\Java
2010-04-28 20:36 . 2009-12-10 18:55	--------	d-----w-	c:\users\benni\AppData\Roaming\ICQ
2010-04-28 20:26 . 2010-02-10 16:38	--------	d-----w-	c:\program files\ExcelFibu3_11
2010-04-28 11:40 . 2009-12-06 00:28	--------	d-----w-	c:\program files\Techlogg.com ToneShop
2010-04-26 19:53 . 2010-04-22 14:50	284160	----a-w-	c:\users\benni\AppData\Roaming\AceBIT\Hello Engines! 7\Temp\tidy_de.exe
2010-04-26 19:53 . 2010-04-22 14:50	282624	----a-w-	c:\users\benni\AppData\Roaming\AceBIT\Hello Engines! 7\Temp\tidy_en.exe
2010-04-22 14:48 . 2008-11-20 09:38	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-04-14 01:22 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-04-14 01:06 . 2008-11-20 10:27	--------	d-----w-	c:\programdata\Microsoft Help
2010-04-09 21:49 . 2009-11-01 20:05	--------	d-----w-	c:\users\benni\AppData\Roaming\dvdcss
2010-03-25 13:00 . 2010-03-25 13:00	--------	d-----w-	c:\programdata\RoboForm
2010-03-25 13:00 . 2010-03-25 13:00	--------	d-----w-	c:\program files\Siber Systems
2010-03-24 20:49 . 2009-10-21 20:12	286	----a-w-	c:\users\benni\AppData\Roaming\wklnhst.dat
2010-03-04 01:53 . 2009-12-05 23:47	--------	d-----w-	c:\users\benni\AppData\Roaming\Apple Computer
2010-03-03 12:24 . 2010-03-03 12:24	--------	d-----w-	c:\program files\Safari
2010-03-03 12:23 . 2010-03-03 12:23	79144	----a-w-	c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2010-03-03 12:23 . 2010-03-03 12:22	--------	d-----w-	c:\program files\iTunes
2010-03-03 12:22 . 2010-03-03 12:22	--------	d-----w-	c:\program files\iPod
2010-03-03 12:22 . 2009-12-05 23:42	--------	d-----w-	c:\program files\Common Files\Apple
2010-03-03 12:19 . 2010-03-03 12:19	72488	----a-w-	c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-26 01:59 . 2009-10-16 03:56	114968	----a-w-	c:\users\benni\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 06:39 . 2010-03-31 23:48	916480	----a-w-	c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 23:48	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 23:48	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 23:48	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-02-22 13:06 . 2010-02-22 13:06	56	---ha-w-	c:\programdata\ezsidmv.dat
2010-02-20 23:06 . 2010-03-13 12:20	24064	----a-w-	c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-13 12:20	30720	----a-w-	c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-13 12:20	411648	----a-w-	c:\windows\system32\drivers\http.sys
2010-02-12 10:32 . 2010-03-16 09:40	293376	----a-w-	c:\windows\system32\browserchoice.exe
2009-10-29 08:22 . 2009-10-29 08:22	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-09-25 16:41 . 2009-09-25 16:41	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-07-04 430080]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-11-18 289584]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-24 7719456]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2007-04-16 421888]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2007-09-19 438272]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"NDSTray.exe"="NDSTray.exe" [BU]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-05-20 716800]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-08-18 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-09-24 727608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-29 30192]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-08-26 103824]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-09 149280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-17 177472]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]

c:\users\benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):45,a1,ca,ac,c9,79,ca,01

R2 gupdate1ca4e5615b55cf3;Google Update Service (gupdate1ca4e5615b55cf3);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-16 133104]
R3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-10-29 30192]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-09-09 99216]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-23 691696]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-09-05 40960]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-08-26 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-07-15 106496]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-08-25 77824]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-16 11:44]

2010-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-16 11:44]

2010-04-30 c:\windows\Tasks\User_Feed_Synchronization-{DE9CF3B9-1DFB-42CF-B22D-A5E6E487526C}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.Google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home
FF - ProfilePath - c:\users\benni\AppData\Roaming\Mozilla\Firefox\Profiles\z7053s7l.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\users\benni\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-04-30 18:26
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i????????? ???X?m???m???m???m?   

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spom.sys hal.dll >>UNKNOWN [0x858A2938]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x827dfd24
\Driver\ACPI -> acpi.sys @ 0x807c2d68
\Driver\atapi -> 0x858eb1f8
\Driver\iaStor -> iaStor.sys @ 0x826c9a60
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK 

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-04-30  18:33:32 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-04-30 16:33
ComboFix2.txt  2010-04-29 21:10
ComboFix3.txt  2010-04-29 20:42

Vor Suchlauf: 16 Verzeichnis(se), 62.770.753.536 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 62.421.975.040 Bytes frei

- - End Of File - - 86A9C07D3019E8F2F4B27845B191E055
         

Alt 30.04.2010, 19:02   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
verschicke spam mit msn und er stürzt immer ab - Standard

verschicke spam mit msn und er stürzt immer ab



Sieht gut aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.04.2010, 23:04   #12
PrinzBenni
 
verschicke spam mit msn und er stürzt immer ab - Standard

verschicke spam mit msn und er stürzt immer ab



So bitteeeeeeee



Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4055

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

30.04.2010 20:20:52
mbam-log-2010-04-30 (20-20-52).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|)
Durchsuchte Objekte: 262182
Laufzeit: 59 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/30/2010 at 10:45 PM

Application Version : 4.36.1006

Core Rules Database Version : 4872
Trace Rules Database Version: 2684

Scan type       : Complete Scan
Total Scan Time : 01:36:31

Memory items scanned      : 747
Memory threats detected   : 0
Registry items scanned    : 7463
Registry threats detected : 0
File items scanned        : 143080
File threats detected     : 1

Adware.Vundo/Variant-MSFake
	C:\WINDOWS\SYSTEM32\MSAD2719.RRA
         

Geändert von PrinzBenni (30.04.2010 um 23:09 Uhr)

Alt 01.05.2010, 13:06   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
verschicke spam mit msn und er stürzt immer ab - Standard

verschicke spam mit msn und er stürzt immer ab



Ok, den Fund bitte entfernen.

Wir sollten da aber noch was überprüfen wg. des möglicherweise infizierten MBR. Von GMER gibt es ein spezielles Tool um den MBR (Master Boot Record) zu prüfen, der MBR wird zB auch vom Sinowal manipuliert.

Die MBR.exe sollte aus der Konsole ausgeführt werden, also zB so: Die mbr.exe liegt direkt auf C:, dann öffnest Du über Start, Ausführen cmd.exe (schwarze Konsole öffnet sich) und dort tippst Du ein:

c:\mbr.exe -f > c:\mbr.txt

Und bestätigst mit Enter. Die Logdatei vom MBR-Tool findest Du im gleichen Pfad, von der die mbr.exe ausgeführt wurde, im obigen Beispiel c:\mbr.txt - das bitte öffnen und den Inhalt hier posten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.05.2010, 12:55   #14
PrinzBenni
 
verschicke spam mit msn und er stürzt immer ab - Standard

verschicke spam mit msn und er stürzt immer ab



irgendwie klappt das nicht.
Also die exe. bekomme ich zum starten und dann kommt auch das schwarze fenster dort fürge ich den text ein hinter dem was schon da steht und dann kommt immer in dem fenster eine fehlermeldung.
Irgendwas mache ich bestimmt falsch ;-(((

Alt 03.05.2010, 09:25   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
verschicke spam mit msn und er stürzt immer ab - Standard

verschicke spam mit msn und er stürzt immer ab



Wenn Du die Fehlermeldung nicht postest, kann man Dir nicht helfen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu verschicke spam mit msn und er stürzt immer ab
agere systems, auswerten, bho, browser, desktop, ebay, firefox, google, gupdate, hijack, hijackthis, internet, internet explorer, logfile, mozilla, object, performance, realtek, rundll, saver, senden, siteadvisor, skype.exe, software, spam, spyware, system, uleadburninghelper, vista, windows



Ähnliche Themen: verschicke spam mit msn und er stürzt immer ab


  1. Windows 7 , PC stürzt immer wieder ab, nach säuberung mit Vipre immer noch viele verdächtig Datein im Autorun
    Log-Analyse und Auswertung - 15.01.2014 (12)
  2. Verschicke Spam Mails
    Log-Analyse und Auswertung - 25.01.2013 (12)
  3. Pc stürzt immer ab,was tun?
    Plagegeister aller Art und deren Bekämpfung - 22.09.2012 (15)
  4. Pc stürzt immer ab
    Antiviren-, Firewall- und andere Schutzprogramme - 07.09.2012 (1)
  5. Verschicke Spam-Emails
    Plagegeister aller Art und deren Bekämpfung - 06.07.2012 (13)
  6. Netzbetreiber sagt ich verschicke Schadware/Spam
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (6)
  7. Verschicke Spam-Mails an meine Kontakte
    Plagegeister aller Art und deren Bekämpfung - 27.02.2011 (6)
  8. Ich verschicke per MSN Email spam Nachrichten
    Log-Analyse und Auswertung - 23.08.2010 (14)
  9. ICQ 6,5 stürzt immer ab
    Plagegeister aller Art und deren Bekämpfung - 28.04.2009 (5)
  10. Pc stürzt immer und immer wieder ab...
    Mülltonne - 30.11.2008 (0)
  11. PC stürzt immer ab
    Mülltonne - 13.08.2008 (0)
  12. PC stürzt immer ab
    Log-Analyse und Auswertung - 23.06.2007 (2)
  13. verschicke ich spam?
    Überwachung, Datenschutz und Spam - 19.06.2007 (7)
  14. win-xp+sp2 stürzt immer ab
    Log-Analyse und Auswertung - 02.04.2007 (3)
  15. PC stürzt immer ab
    Log-Analyse und Auswertung - 01.08.2006 (15)
  16. PC stürzt immer ab!
    Alles rund um Windows - 16.10.2004 (9)
  17. Ärger mit T-Online, weil ich angeblich Spam-Mails verschicke.
    Plagegeister aller Art und deren Bekämpfung - 14.11.2003 (3)

Zum Thema verschicke spam mit msn und er stürzt immer ab - Kann das mal jemand auswerten bitte ? Code: Alles auswählen Aufklappen ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:11:35, on 28.04.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) - verschicke spam mit msn und er stürzt immer ab...
Archiv
Du betrachtest: verschicke spam mit msn und er stürzt immer ab auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.