WIE WERDE ICH (ganz einfach) VIRENFREI?
 

Einen schönen guten Tag,

vornweg - ich bin KEIN Experte bezüglich Viren, Trojaner, etc..

Was muss ich tun um die Viren weg zu kriegen von meinem Laptop. Habe 29 (entsprechend VISTA INTERNET SECURITY 2010).


Grossen Dank für eine EINFACHE Antwort.

Wie gesagt, ich bin KEIN Experte.

EINE EINFACHE STEP BY STEP ERKLÄRUNG WIE ICH DIE VIREN BEREINIGEN KANN WÄRE SUPER!


John Marcos

PS: Hab' ein Beispiel angeführt bezüglich der Viren (siehe die 3 Fotos).

:hallo:

Das sieht aber nicht gut aus, da hast dir einiges eingefangen.
- Hast du die Viren per "Remove All" entfernt?
- Hast du Zugriff auf einen sauberen Rechner? Es kann sein, dass deine Passwörter mitgelesen wurden. Bitte von einem sauberen Rechner alle deine Passwörter ändern (e-Mail, Online-Banking, eBay, ...)

Würde dich mal bitten, weiters folgendes zu unternehmen:

1.) Malwarebytes Anti-Malware
Anleitung abarbeiten: http://www.trojaner-board.de/51187-a...i-malware.html

2.) Randoms System Information Tool
Anleitung abarbeiten: http://www.trojaner-board.de/74910-a...tion-tool.html

Die Logfiles (3 Stück) dann bitte hier posten.

Wenn dein System zu sehr verseucht ist, müssen wir dein System komplett neu aufsetzen - aber mal sehen was die Logfiles sagen...

Wenn du Fragen hast, einfach fragen ;)

mfg,TXL

Hi


Also erstmal:
WARNUNG
Vista Internet Security 2010 ist selber ein Virus. Es ist ein Fake ANtivirenprogramme. Diese Programme geben vor ein echtes zu sein und wollen erreichen, dass du die Vollversion kaufst. Meistens enthalten sie auch selber Viren.
Von daher isnd die Meldungen von Vista Internet Security unbrauchbar, da sie nicht stimmen. Sie sollen lediglich zum Kauf helfen.
Der Erste Schritt wird sein: Entfernung von "Vista Internet Security 2010".
Dies stellt vor allem für einen Leihen schon eine Herausforderung dar.

Also alle Meldungen von Vista Internet Security sind wertlos und man muss sich auf die Entfernung von Vista Intenet Security konzentrieren.

MfG
pattiwilli

Hallo Pattiwilli,

ich vertraue dir.

Was muss ich anstellen um Vista Internet Security 2010 vollständig zu entfernen?

Gruss,

John Marcos

Hi
Ich werde dir selbstverständlich helfen.
Ich bin nur gerade bei der Arbeit und kann dir zurzeit schlecht helfen.
Wenn ich zuhause bin helfe ich dir gerne und werde den Virus mal bei mir installieren um dan zu schauen, wie mann ihn (ob überhaupt) entfernen kann. Da ich es beriets mit einen ähnliche VIrus zu tun hatte kann es sein, dass wir dein System neu aufsetzen müssen.

Ich hoffe du kannst bis heute abend warten.
Aber du kannst (wenn möglich) hier bitte ein hijackthis Logfile posten.
Außerdem solltest du dir mal diese Seite anschauen:
http://www.trojaner-board.de/69886-a...-beachten.html

MfG
pattiwilli

Hallo TXL,

mach gerade Komplett-Scan.

Hallo Pattiwilli,

ich denke ich bin auf dem richtigen Weg.

Momentan läuft "Malwarebytes' Anti-Malware" und führt einen Komplett Scan durch.

Dann werde ich...
1. alles Gefundene löschen
2. und den "Scan Bericht" posten


Tolles Forum.

Kompetente Hilfe:dankeschoen:

John Marcos

Hallo TXL + Patwilli,

hier vorab schon einmal von RSIT - Randoms System Information Tool:

C:\rsit\log.txt und C:\rsit\info.txt


Dieser log + info Text ist erstellt worden während Malwarebytes' Anti-Malware den vollständigen Scan durchführt.


Gruss,

John Marcos

Hallo TXL + Patwilli,

hier nun:
1. Der Logfile von Malwarebytes' Anti-Malware nach vollständigem Scan
2. C:\rsit\log.txt nach vollständigem Scan
3. C:\rsit\info.txt nach vollständigem Scan


Gruss,

John Marcos

Hallo!

Das Logfile von Malwarebytes fehlt noch.
Du hast eines "log.txt" doppelt eingestellt ;)

mfg,TXL

Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3818
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

03.03.2010 19:30:45
mbam-log-2010-03-03 (19-30-45).txt

Scan-Methode: Vollständiger Scan (C:\|E:\|)
Durchsuchte Objekte: 335468
Laufzeit: 1 hour(s), 49 minute(s), 41 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Hallo John Marcos,

bitte führe folgendes Tool aus:

http://www.trojaner-board.de/74908-a...t-scanner.html

Poste bitte das Logfile in Tags.

Bei Fragen, einfach schreiben ;)

Noch so neben bei:
Das gefällt mir schon nicht:
Naja, mal sehn, was sich ergibt :)

Gruß
Handball10

Oha...Bifrost...alias BiFrose Backdoor Trojaner...nicht gut!

Aber warum hat das MBAM nicht gefunden?

Seltsam!

Scheint meiner Meinung nach aber keine Active Infektion zu sein, oder?

Mal abwarten, was der Helfer sagt...

Hallo Handball,

Das Programm stürzt am Ende von einem Moment zum anderen ab.

Ich konnte beim zweiten Scanvorgang 3 Sekunden vorher noch kurz auf COPY drücken.
Hier das Resultat:



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-04 00:19:07
Windows 6.0.6002 Service Pack 2
Running: b6jf5zlp.exe; Driver: C:\Users\Johannes\AppData\Local\Temp\pgtyrkow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8A952480, 0x3C939, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8A993900, 0x3CA, 0x48000040]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8EC08000, 0x1FB0FA, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[3512] ntdll.dll!DbgBreakPoint 77618B2E 1 Byte [90]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [737E7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7383A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [737EBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [737DF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [737E75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [737DE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73818395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [737EDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [737DFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [737DFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [737D71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7386CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7380C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [737DD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [737D6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [737D687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [737E2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

Sieht nicht gut aus.
Aber das ist definitiv nicht alles!
Ich hatte schon mehrmals infizierte Rechner mit solchen Fake-AV Programmen hier stehen.

Jupp
Vista Internet Security blockt mehr oder weniger Antivirenprogramme (Bypass oder ähnliches). Deswegen finden die Scanner teilweise nicht alle Viren. Deswegen sind die Scanns während Vista Internet Security läuft teilweise nutzlos bzw. unvollständig. Auch die Programmabstürze erzeugt Vista Internet Security. Du kannst froh sein überhaupt noch .exe Dateien zu öffnen.


Deswegen musst du Vista Internet Security beenden. Somit wird anscheinend auch der "Schutz" der Viren beendet. Gehe dafür wie folgt vor:
1. Lad dir mit einem anderen Computer den process explorer von Microsoft runter
2. benenne ihn in "explorer.exe" um
3. öffne ihn auf dem infizierten Rechner von USB Stick, CD, etc...
4. Kille den Prozess Vista Internet Security (am besten ganze Struktur)
5. Erneuten Scann mit Malwarebytes etc...

Es kann funktionieren, muss aber nicht!

MfG
pattiwilli

Hallo Pattiwilli,

hab' PROCESS EXPLORER runtergeladen und in "explorer.exe" umgewandelt und geöffnet.
SO FAR SO GOOD.

Was mach ich jetzt GENAU?

Will keinen Fehler machen.

Nebenbei: Wie sehen meine Daten der Logfiles aus. Gut oder schlecht?

Mfg

John Marcos

PS: Was heisst: 4. Kille den Prozess Vista Internet Security (am besten ganze Struktur)

Kein Problem, Ich helfe dir.

Wenn du process Explorer geöffnet hast stehen links die ganzen Prozesse. Einer sollte Vista Internet Security oder ähnlich heißen. Wenn du irgeindeinen Prozess isehst der so heißt oder das Logo von dem Programm hat mache ein rechtsklick darauf und klicke auf kill Process Tree. Jetzt kannst du mit Punkt 5
fortfahren und noch einmal melden, Was Malewarebytes an Virenwarnungen ausgibt bzw. das Log posten.

MfG
pattiwilli

hier das genaue bild, pattiwilli!

Da gibt es was das heisst: Windows Defender User Interface

Das kann es sein.
Der echte Windows Defender sollte sowieso schon blockiert sein. Kille ihn doch mal. :lach:
Smartprotector Pro kommt mir auch komisch vor, kann mich aber auch irren.

heute abend werde ich den Virus auf nen Test-PC installieren und nachschauen wie es heißt.

MfG
pattiwilli

Windows Defender + Smartprotector Pro gekillt, Pattiwilli.

Das bedeutet JETZT was genau für mein Computer-System?


MfG

John Marcos

PS: Der allerletzte Scan von gestern Abend war doch schon top, oder hab' ich noch irgendwo VIREN?

Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3818
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

03.03.2010 19:30:45
mbam-log-2010-03-03 (19-30-45).txt

Scan-Methode: Vollständiger Scan (C:\|E:\|)
Durchsuchte Objekte: 335468
Laufzeit: 1 hour(s), 49 minute(s), 41 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


MACHE JETZT EINEN NEUEN VOLLSTÄNDIGEN SCAN MIT Malwarebytes' Anti-Malware 1.44

Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3818
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

04.03.2010 18:17:54
mbam-log-2010-03-04 (18-17-54).txt

Scan-Methode: Vollständiger Scan (C:\|E:\|)
Durchsuchte Objekte: 321428
Laufzeit: 1 hour(s), 29 minute(s), 24 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


FRAGE: IST MEIN SYSTEM JETZT CLEAN?

Und nochmals ein GROSSES DANKESCHÖN an alle!

John Marcos

Jupp es könnte sauber sein.

Lasse zur Sicherheit noch einmal nen anderen Scanner laufen.
Gibt es sosnt noch irgendwelche ANzeichen, die auf einen Virus hindeuten könnten?

MfG
pattiwilli

Hallo John Marcos,

sieht bisher eigentlich nicht ganz so schelcht aus ;)

Also bitte folgendes abarbeiten:

http://www.trojaner-board.de/74910-a...tion-tool.html

http://www.trojaner-board.de/51871-a...tispyware.html

Mit SuperAntiSpyware machen wir nochmal einen Versuch.

Beide Logfiles bitte wieder hier posten.

Gruß
Handball10

Und nach 2 X SuperAntiSpyware Reinigung nochmals die LOGFILES (vielleicht hilft's).



IST DAS SYSTEM JETZT WIRKLICH SAUBER?

:dankeschoen:

John Marcos

John Marcos,

Deine Postings wären weitaus angenehmer zu lesen wenn Du genauso posten würdest wie alle anderen auch.
Meinst Du wirklich Du erscheinst so wichtiger? Bei mir tritt eher das Gegenteil ein. ;)

Liebe Heike,

sorry, das für dich da was nicht stimmt.

Meine Idee ist "klar verstanden" zu werden.


Es ist nicht mein Absicht jemanden in irgendeiner Weise zu verletzen.


Friede sei mit dir!:heilig:


John Marcos:applaus:

[QUOTE=John Marcos;507732]RESULTAT:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/06/2010 at 00:39 AM

Application Version : 4.34.1000

Core Rules Database Version : 4644
Trace Rules Database Version: 2456

Scan type : Complete Scan
Total Scan Time : 02:01:00

Memory items scanned : 843
Memory threats detected : 0
Registry items scanned : 7683
Registry threats detected : 11
File items scanned : 192908
File threats detected : 0


MUSS DAS NUN JETZT GELÖSCHT WERDEN?
Adware.DoubleD
HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}
HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0
HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\0
HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\0\win32
HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\FLAGS
HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\HELPDIR
HKCR\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}
HKCR\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}\ProxyStubClsid
HKCR\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}\ProxyStubClsid32
HKCR\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}\TypeLib
HKCR\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}\TypeLib#Version

:dankeschoen:

John Marcos

Und noch mal der letzte GMER (vielleicht hilfts):


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-06 10:33:09
Windows 6.0.6002 Service Pack 2
Running: 5cl742y2.exe; Driver: C:\Users\Johannes\AppData\Local\Temp\pgtyrkow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8F99A320]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 621 822E4D84 4 Bytes [20, A3, 99, 8F]
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8A952480, 0x3C939, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8A993900, 0x3CA, 0x48000040]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E004000, 0x1FB0FA, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[3712] ntdll.dll!DbgBreakPoint 778F8B2E 1 Byte [90]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [71EB7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [71F0A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [71EBBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [71EAF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [71EB75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [71EAE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [71EE8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [71EBDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [71EAFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [71EAFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [71EA71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [71F3CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [71EDC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [71EAD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [71EA6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [71EA687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [71EB2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

:dankeschoen:

John Marcos

moin John Marcos,

meines Erachtens ist der PC wieder sauber :)
Die Funde von SpuerAntiSpyware bitte löschen lassen.
Das war's

Du bist entlassen... ;)

Gruß
Handball10

:dankeschoen: Handball 10.

Übrigens, mein System hat sich wieder infiziert (4 Sachen).

Hab' zuerst Malwarebytes' Anti-Malware und dann SUPERAntiSpyware Free Edition benutzt und die Dinger sind weg!

Das habe ich bei euch gelernt!


SUPER!


John Marcos

PS: Würde dennoch ein sogenanntes Anti-Virus Programm installieren. Aber welches?

Super...

Könntest du nochmal die Logfiles posten?

--------------------------------------------------------------------------
Btte folgendes noch abarbeite.

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)

• Doppelklick auf die OTL.exe
• Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte Use SafeList
• Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles hier in den Thread.

-----------------
--------------------

Öffne Hijackthis.exe -> Open The Misc Tool Section -> Open Uninstall manager -> Save List.

--------------------

Alle Logfiles bitte hier rein posten (aber bitte nicht mehr in der großen und farblichen Schrift ;) )


Gruß
Handball10

OTL 1:
OTL Extras logfile created on: 07.03.2010 12:01:00 - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Users\Johannes\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,89 Gb Total Space | 65,77 Gb Free Space | 44,18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 147,73 Gb Total Space | 142,57 Gb Free Space | 96,51% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHANNES-PC
Current User Name: Johannes
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.reg [@ = Regedit.Document] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-56140064-1159931152-2532776722-1000]
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{ECF24EF9-B78A-4328-B1F3-515C7A7C0865}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E125E1-0AD0-444F-ABC1-06815F654DDE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{01F635C2-E864-4DB9-A80F-53CC173F5025}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4510FD25-EBAE-4D10-9429-E19389924374}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{506B3731-590A-434A-A7E8-24440D5D9CA0}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8C774369-96BE-4492-9797-4E0E6142656E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{9B498DD1-4C97-486A-B340-1FE2C07DF822}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9D59BD37-38C5-4315-B7F4-21FF8EE0D41A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9E52A1C6-A6B4-4C10-B9D7-4783696138A4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9F9B638E-5085-4BB0-86B5-93077747E699}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D9991767-7FDF-41F1-A86E-3919E652AC77}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F528DCF7-D5D2-443F-AAED-B4462FAC7DD9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{173F99D9-AD22-4AF8-A8F2-5EE39C72C8B2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{706B76E6-7381-4995-AAFD-D68E7070AB7C}C:\users\johannes\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\johannes\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{FC69CCCD-459D-4919-8DB0-31F71345A3ED}C:\program files\safari\safari.exe" = protocol=6 | dir=in | app=c:\program files\safari\safari.exe |
"UDP Query User{10106C0D-DCDC-4038-9CDA-1546059E0AF6}C:\users\johannes\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\johannes\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{21F28FAC-5B36-4574-BD5C-0BDF17598206}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{BBE05868-009F-4497-8F03-8615C65802F8}C:\program files\safari\safari.exe" = protocol=17 | dir=in | app=c:\program files\safari\safari.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E19402-C0E4-B301-17F6-551EA53F7351}" = Catalyst Control Center Localization Japanese
"{03B39295-B637-9491-9A38-90872F42966A}" = Catalyst Control Center Localization Italian
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0D6D148C-DFE8-C643-C4E7-A7DB84B9031E}" = Catalyst Control Center Localization Swedish
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A7979D5-9AED-2730-A561-AE28CC747B91}" = Catalyst Control Center Localization Chinese Standard
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1EF7109C-CEC0-45A6-3965-C99FAE0B7A4B}" = Catalyst Control Center Core Implementation
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2C0ADDC5-6FF6-60AC-104F-81C1E7DD1E6E}" = CCC Help Swedish
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3513D67C-9B77-6242-D2B4-8C96D4587B51}" = CCC Help German
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{64A2B0D7-2204-298F-F4ED-B386CAFFA694}" = Catalyst Control Center Localization German
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6F04A6FF-7F7B-55E0-C649-C781D27C3515}" = Catalyst Control Center Graphics Full New
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70455234-B242-88EE-EEC6-5FB8B3C5A68D}" = CCC Help Italian
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73764932-E12C-1F98-15B9-2B4FAB03C521}" = Skins
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{76E72622-885F-7D3D-D74D-ADFC2D054D4E}" = CCC Help Korean
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{78FBDFAF-9463-E30B-C19C-DB78ADF7F894}" = CCC Help French
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E7AD30F-D34E-1DBB-95F4-6A174127A6A6}" = Catalyst Control Center Graphics Full Existing
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8A877662-8051-E928-0CB4-4A6C5FE90EEC}" = CCC Help Dutch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0015-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_ENTERPRISE_{A5B6B786-2D6F-4B75-940F-42B32D01D146}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{669EB263-0AFE-4FCB-A068-DB082CA6273C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-042D-0000-0000000FF1CE}_ENTERPRISE_{042190ED-F17C-4A8D-95D8-87A37B4095BD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0456-0000-0000000FF1CE}_ENTERPRISE_{D3064ADE-5D4C-4AA4-8F71-C63D87D4A263}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2007
"{90120000-0044-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_ENTERPRISE_{35B14BD6-6042-4A55-B326-58309DC8C72A}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2007
"{90120000-00BA-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2CC8520D-6A74-4CCA-9539-8E774E2B50D1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A050CE7-1EF2-A942-4CAB-7C02E99FFDB0}" = Catalyst Control Center Localization Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AE0832C-194D-D1B3-5E93-A45BC14E8D0C}" = Catalyst Control Center Localization Portuguese
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A63769B5-2D2B-518A-55D7-16458D553605}" = CCC Help Portuguese
"{A7965F9D-92AA-5C12-F389-A05339170ACF}" = CCC Help Japanese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB0F54CA-798B-1BF9-AA82-DE78BD3AAE6B}" = Catalyst Control Center Localization Dutch
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2F3087C-10C9-BAA7-0827-7501AA64588A}" = CCC Help Chinese Standard
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B73F949B-839C-9F5A-2E51-40B2AC3BC779}" = Catalyst Control Center Graphics Previews Vista
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 6.3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF98DACA-A3C6-E90C-1FF6-326F7ABF531D}" = ccc-core-static
"{CFE95E33-9B99-9FF5-8051-03E21D955ACF}" = CCC Help English
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D8CF7AE3-1D21-F454-7798-2EA7ED006269}" = CCC Help Chinese Traditional
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E240D2D0-FF54-6B3A-F866-36717C0E068B}" = CCC Help Spanish
"{E257B0A7-3B49-4943-7455-F2E7B09137C8}" = ATI Catalyst Install Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2009
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA983525-B803-F9C8-9E00-4AD187D597C1}" = ccc-utility
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F08CA874-5735-0EFC-0832-68BDD155A2F3}" = Catalyst Control Center Localization Chinese Traditional
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F273BBCA-68BF-76D7-8666-F8A5B40EA83B}" = Catalyst Control Center Localization French
"{F4A256A6-E670-FEAF-A45A-444DB34CBD5F}" = Catalyst Control Center Graphics Light
"{F73DB365-02E3-1E83-6F55-FDF9596038F5}" = Catalyst Control Center Localization Spanish
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Any DWG to PDF Converter_is1" = Any DWG to PDF Converter 2008
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Escritorio movistar" = Escritorio movistar
"ExpressBurn" = Express Burn
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Free Studio_is1" = Free Studio version 4.2
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MP3 Cutter_is1" = MP3 Cutter 1.3
"myphotobook" = myphotobook 3.5
"Picasa2" = Picasa 2
"SimpleOCR 3.1" = SimpleOCR 3.1
"Smart Protector Pro_is1" = Smart Protector Pro
"ST6UNST #1" = Screeny LT 2.3.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"udkyygvd" = Favorit
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.16
"WavePad" = WavePad Uninstall
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinRAR archiver" = WinRAR
"XSManager" = XSManager
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"0ac7d207f51cb75e" = Text2Speech
"Octoshape Streaming Services" = Octoshape Streaming Services
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12.02.2010 23:19:45 | Computer Name = Johannes-PC | Source = WinMgmt | ID = 10
Description =

Error - 13.02.2010 10:45:02 | Computer Name = Johannes-PC | Source = WinMgmt | ID = 10
Description =

Error - 13.02.2010 11:58:55 | Computer Name = Johannes-PC | Source = EventSystem | ID = 4621
Description =

Error - 14.02.2010 06:35:07 | Computer Name = Johannes-PC | Source = WinMgmt | ID = 10
Description =

Error - 17.02.2010 03:40:33 | Computer Name = Johannes-PC | Source = WinMgmt | ID = 10
Description =

Error - 18.02.2010 04:09:45 | Computer Name = Johannes-PC | Source = WinMgmt | ID = 10
Description =

Error - 19.02.2010 03:13:46 | Computer Name = Johannes-PC | Source = WinMgmt | ID = 10
Description =

Error - 21.02.2010 05:28:50 | Computer Name = Johannes-PC | Source = EventSystem | ID = 4621
Description =

Error - 21.02.2010 05:30:00 | Computer Name = Johannes-PC | Source = WinMgmt | ID = 10
Description =

Error - 22.02.2010 05:50:33 | Computer Name = Johannes-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Photoshop.exe, Version 10.0.0.0, Zeitstempel
0x461aabf7, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
Ausnahmecode 0xc0000374, Fehleroffset 0x000afaf8, Prozess-ID 0x1af0, Anwendungsstartzeit
01cab3a45e552fd0.

[ OSession Events ]
Error - 22.06.2009 17:22:10 | Computer Name = Johannes-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1894
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10.07.2009 13:45:37 | Computer Name = Johannes-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7204
seconds with 1080 seconds of active time. This session ended with a crash.

Error - 10.07.2009 13:45:49 | Computer Name = Johannes-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 13.07.2009 16:44:34 | Computer Name = Johannes-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 31450
seconds with 3480 seconds of active time. This session ended with a crash.

Error - 09.09.2009 08:48:40 | Computer Name = Johannes-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4033
seconds with 300 seconds of active time. This session ended with a crash.

Error - 18.09.2009 08:19:54 | Computer Name = Johannes-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 20075
seconds with 14880 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10.09.2009 09:39:44 | Computer Name = Johannes-PC | Source = HTTP | ID = 15016
Description =

Error - 10.09.2009 09:41:15 | Computer Name = Johannes-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10.09.2009 09:42:17 | Computer Name = Johannes-PC | Source = DCOM | ID = 10000
Description =

Error - 11.09.2009 02:29:47 | Computer Name = Johannes-PC | Source = HTTP | ID = 15016
Description =

Error - 11.09.2009 02:31:20 | Computer Name = Johannes-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11.09.2009 02:32:08 | Computer Name = Johannes-PC | Source = DCOM | ID = 10000
Description =

Error - 11.09.2009 09:42:11 | Computer Name = Johannes-PC | Source = DCOM | ID = 10016
Description =

Error - 11.09.2009 09:42:11 | Computer Name = Johannes-PC | Source = DCOM | ID = 10016
Description =

Error - 11.09.2009 20:33:29 | Computer Name = Johannes-PC | Source = HTTP | ID = 15016
Description =

Error - 11.09.2009 20:35:00 | Computer Name = Johannes-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

OTL 2:
OTL logfile created on: 07.03.2010 12:01:00 - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Users\Johannes\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,89 Gb Total Space | 65,77 Gb Free Space | 44,18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 147,73 Gb Total Space | 142,57 Gb Free Space | 96,51% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHANNES-PC
Current User Name: Johannes
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Johannes\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Johannes\AppData\Local\Yahoo!\BrowserPlus\2.5.1\BrowserPlusCore.exe (Yahoo! Inc.)
PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\Programme\Safari\Safari.exe (Apple Inc.)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Users\Johannes\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
PRC - C:\Programme\XSManager\WTGService.exe ()
PRC - C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Programme\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Programme\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Programme\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
PRC - C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Programme\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
PRC - C:\Programme\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH)
PRC - C:\Programme\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Toshiba\Registration\ToshibaRegistration.exe (Toshiba)
PRC - C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Programme\Smart Protector Pro\SmartProtector-Pro.exe (SmartSoft)
PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Johannes\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (TOSHIBA Bluetooth Service) -- File not found
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AV Engine Scanning Service) -- C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe ()
SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (WTGService) -- C:\Programme\XSManager\WTGService.exe ()
SRV - (TNaviSrv) -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (SmartFaceVWatchSrv) -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
SRV - (TempoMonitoringService) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)


========== Driver Services (SafeList) ==========

DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Programme\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (cm_ser) -- C:\Windows\System32\drivers\cm_ser.sys (C-motech Co.,Ltd.)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdom...SEA&bmod=TSEA;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdom...TSEA&bmod=TSEA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdom...SEA&bmod=TSEA;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.schnellsucher.com/?t=Q1003063475&s=h
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}:2.0.0.1050
FF - prefs.js..extensions.enabledItems: {2224E955-00E9-4613-A844-CE69FCCAAE91}:3.7.2.4650
FF - prefs.js..extensions.enabledItems: {7AB6D133-2A14-4C11-B3AD-35B1548D38F9}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546



[2009.06.06 22:32:48 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\mozilla\Extensions
[2009.10.10 22:48:05 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\odf72dn1.default\extensions
[2009.09.02 10:13:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\odf72dn1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.06.08 08:12:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\odf72dn1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009.09.27 17:19:12 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\odf72dn1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.10.12 01:54:21 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.09.05 09:00:05 | 000,000,000 | ---D | M] (Sukoku) -- C:\Programme\Mozilla Firefox\extensions\{7AB6D133-2A14-4C11-B3AD-35B1548D38F9}

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\Toshiba\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Toshiba TEMPO] C:\Programme\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Johannes\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [SPSTEALT] C:\Program Files\Smart Protector Pro\SmartProtector-Pro.exe (SmartSoft)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TOSCDSPD] File not found
O4 - Startup: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O24 - Desktop WallPaper: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{19bad49a-addf-11de-9fcd-0022fa35a37c}\Shell - "" = AutoRun
O33 - MountPoints2\{19bad49a-addf-11de-9fcd-0022fa35a37c}\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found
O33 - MountPoints2\{2fb4edaf-ab7f-11de-a068-001e339e59db}\Shell - "" = AutoRun
O33 - MountPoints2\{2fb4edaf-ab7f-11de-a068-001e339e59db}\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found
O33 - MountPoints2\{a6a4990e-051c-11df-b40f-0022fa35a37c}\Shell - "" = AutoRun
O33 - MountPoints2\{a6a4990e-051c-11df-b40f-0022fa35a37c}\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found
O33 - MountPoints2\{d69654e1-7da7-11de-adc8-001e339e59db}\Shell - "" = AutoRun
O33 - MountPoints2\{d69654e1-7da7-11de-adc8-001e339e59db}\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.03.07 11:59:32 | 000,553,984 | ---- | C] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe
[2010.03.05 22:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.03.05 22:34:15 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\SUPERAntiSpyware.com
[2010.03.05 22:34:15 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2010.03.04 01:03:11 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.03.03 14:21:20 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.03.03 14:21:18 | 000,000,000 | ---D | C] -- C:\rsit
[2010.03.03 14:02:16 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Malwarebytes
[2010.03.03 14:02:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.03 14:02:07 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.03.03 14:02:07 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.03.03 14:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.03.03 12:25:49 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\VIREN SÄUBERUNG
[2010.03.02 00:01:03 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Documents\Version Cue
[2010.03.02 00:01:02 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Documents\AdobeStockPhotos
[2010.03.01 15:07:35 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\03 März
[2010.03.01 15:06:15 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\ABRAHAM LOA ÜBERSETZUNGEN
[2010.03.01 14:59:50 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\1800 mt
[2010.02.24 13:19:05 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.02.24 13:19:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.02.24 13:18:49 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010.02.24 13:18:49 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010.02.24 13:18:48 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010.02.24 13:18:48 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010.02.24 13:18:48 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010.02.24 13:18:48 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010.02.24 13:18:48 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010.02.24 13:18:48 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010.02.24 13:18:48 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010.02.24 13:18:46 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010.02.24 13:18:46 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010.02.24 13:18:45 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010.02.23 20:18:14 | 000,000,000 | ---D | C] -- C:\Programme\Veetle
[2010.02.22 16:32:08 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Deployment
[2010.02.22 16:32:08 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Apps
[2010.02.21 17:00:21 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.02.21 17:00:17 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.02.21 09:50:55 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Octoshape
[2010.02.17 08:49:41 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\GESUNDHEIT FEBRUAR 2010
[2010.02.14 11:55:57 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\HEAVEN FEBRUAR 2010
[2010.02.10 18:48:25 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.02.10 18:48:25 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.02.10 18:48:17 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.02.10 18:48:17 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010.02.10 18:48:17 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010.02.10 18:48:17 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010.02.08 01:36:57 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\bashar xxxxx
[2009.10.24 08:08:17 | 000,385,024 | ---- | C] (inventarlo) -- C:\Users\Johannes\AppData\Local\wxipyzj.exe
[4 C:\Users\Johannes\Desktop\*.tmp files -> C:\Users\Johannes\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.03.07 12:00:21 | 006,815,744 | -HS- | M] () -- C:\Users\Johannes\ntuser.dat
[2010.03.07 11:59:40 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe
[2010.03.07 11:41:36 | 000,020,782 | ---- | M] () -- C:\Users\Johannes\Desktop\Ich halte nach dem Ausschau, was ich am liebsten mag..docx
[2010.03.07 11:15:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.03.07 10:49:50 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.03.07 10:49:50 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.03.07 09:56:45 | 000,013,824 | ---- | M] () -- C:\Users\Johannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.07 09:54:54 | 000,000,162 | -H-- | M] () -- C:\Users\Johannes\Desktop\~$h halte nach dem Ausschau, was ich am liebsten mag..docx
[2010.03.07 09:53:24 | 260,961,708 | ---- | M] () -- C:\Users\Johannes\Desktop\ISOALDEA_1_0001.zip
[2010.03.07 09:26:42 | 000,100,252 | ---- | M] () -- C:\Users\Johannes\Desktop\1-24 Auszüge von Abraham-Workshops.docx
[2010.03.07 08:52:45 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.03.07 08:52:45 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.03.07 08:52:45 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.03.07 08:52:45 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.03.07 08:52:45 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.03.07 08:49:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.03.06 20:36:18 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2010.03.06 20:36:13 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.03.06 20:34:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.03.06 20:34:29 | 3219,120,128 | -HS- | M] () -- C:\hiberfil.sys
[2010.03.06 20:33:37 | 000,524,288 | -HS- | M] () -- C:\Users\Johannes\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.03.06 20:33:37 | 000,065,536 | -HS- | M] () -- C:\Users\Johannes\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.03.06 20:33:36 | 002,977,210 | -H-- | M] () -- C:\Users\Johannes\AppData\Local\IconCache.db
[2010.03.06 20:32:56 | 000,001,377 | ---- | M] () -- C:\Users\Johannes\AppData\Local\udkyygvd_navps.dat
[2010.03.06 20:32:52 | 000,003,496 | ---- | M] () -- C:\Users\Johannes\AppData\Local\udkyygvd.dat
[2010.03.06 18:20:53 | 000,270,999 | ---- | M] () -- C:\Users\Johannes\AppData\Local\udkyygvd_nav.dat
[2010.03.06 18:20:49 | 000,000,094 | ---- | M] () -- C:\Users\Johannes\AppData\Local\udkyygvd.bat
[2010.03.06 13:53:07 | 000,000,162 | -H-- | M] () -- C:\Users\Johannes\Desktop\~$24 Auszüge von Abraham-Workshops.docx
[2010.03.04 01:14:07 | 000,000,680 | ---- | M] () -- C:\Users\Johannes\AppData\Local\d3d9caps.dat
[2010.03.04 00:19:52 | 000,000,162 | -H-- | M] () -- C:\Users\Johannes\Desktop\~$eeeee.docx
[2010.03.03 15:24:59 | 000,011,332 | -HS- | M] () -- C:\Users\Johannes\AppData\Local\1H41
[2010.02.28 21:00:22 | 000,015,941 | ---- | M] () -- C:\Users\Johannes\Desktop\GENEVA - 800M.docx
[2010.02.26 16:52:29 | 000,000,162 | -H-- | M] () -- C:\Users\Johannes\Desktop\~$NDA+IMFPA_AU_Blank.doc
[2010.02.25 09:18:04 | 000,119,536 | ---- | M] () -- C:\Users\Johannes\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.02.25 09:15:11 | 001,765,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.02.24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.02.20 14:51:07 | 000,000,162 | -H-- | M] () -- C:\Users\Johannes\Desktop\~$O 56 BARS LEONARDO 20000 a 100000 leonardo.doc
[2010.02.16 14:11:42 | 000,000,162 | -H-- | M] () -- C:\Users\Johannes\Desktop\~$r kluge Esser.docx
[2010.02.09 23:23:56 | 000,002,078 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.02.06 21:12:00 | 000,000,162 | -H-- | M] () -- C:\Users\Johannes\Desktop\~$D zu Small.doc
[2010.02.06 17:55:38 | 000,000,162 | -H-- | M] () -- C:\Users\Johannes\Desktop\~$D1-LEDGER TO LEDGER_CONTRACT 555555.doc
[4 C:\Users\Johannes\Desktop\*.tmp files -> C:\Users\Johannes\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.03.07 09:54:54 | 000,000,162 | -H-- | C] () -- C:\Users\Johannes\Desktop\~$h halte nach dem Ausschau, was ich am liebsten mag..docx
[2010.03.07 09:26:36 | 000,020,782 | ---- | C] () -- C:\Users\Johannes\Desktop\Ich halte nach dem Ausschau, was ich am liebsten mag..docx
[2010.03.07 08:59:08 | 260,961,708 | ---- | C] () -- C:\Users\Johannes\Desktop\ISOALDEA_1_0001.zip
[2010.03.06 18:21:19 | 000,270,999 | ---- | C] () -- C:\Users\Johannes\AppData\Local\udkyygvd_nav.dat
[2010.03.06 18:20:49 | 000,003,496 | ---- | C] () -- C:\Users\Johannes\AppData\Local\udkyygvd.dat
[2010.03.06 18:20:49 | 000,001,377 | ---- | C] () -- C:\Users\Johannes\AppData\Local\udkyygvd_navps.dat
[2010.03.06 18:20:49 | 000,000,094 | ---- | C] () -- C:\Users\Johannes\AppData\Local\udkyygvd.bat
[2010.03.06 11:18:41 | 000,000,162 | -H-- | C] () -- C:\Users\Johannes\Desktop\~$24 Auszüge von Abraham-Workshops.docx
[2010.03.04 01:47:06 | 000,100,252 | ---- | C] () -- C:\Users\Johannes\Desktop\1-24 Auszüge von Abraham-Workshops.docx
[2010.03.04 00:19:52 | 000,000,162 | -H-- | C] () -- C:\Users\Johannes\Desktop\~$eeeee.docx
[2010.03.03 06:21:45 | 000,011,332 | -HS- | C] () -- C:\Users\Johannes\AppData\Local\1H41
[2010.02.28 21:00:00 | 000,015,941 | ---- | C] () -- C:\Users\Johannes\Desktop\GENEVA - 800M.docx
[2010.02.26 16:52:29 | 000,000,162 | -H-- | C] () -- C:\Users\Johannes\Desktop\~$NDA+IMFPA_AU_Blank.doc
[2010.02.20 14:51:07 | 000,000,162 | -H-- | C] () -- C:\Users\Johannes\Desktop\~$O 56 BARS LEONARDO 20000 a 100000 leonardo.doc
[2010.02.16 14:11:42 | 000,000,162 | -H-- | C] () -- C:\Users\Johannes\Desktop\~$r kluge Esser.docx
[2010.02.09 23:23:56 | 000,002,078 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.02.06 21:12:00 | 000,000,162 | -H-- | C] () -- C:\Users\Johannes\Desktop\~$D zu Small.doc
[2010.02.06 17:55:38 | 000,000,162 | -H-- | C] () -- C:\Users\Johannes\Desktop\~$D1-LEDGER TO LEDGER_CONTRACT 555555.doc
[2009.10.24 08:08:17 | 000,295,458 | ---- | C] () -- C:\Users\Johannes\AppData\Local\wxipyzj_nav.dat
[2009.10.24 08:08:17 | 000,003,409 | ---- | C] () -- C:\Users\Johannes\AppData\Local\wxipyzj.dat
[2009.10.24 08:08:17 | 000,001,465 | ---- | C] () -- C:\Users\Johannes\AppData\Local\wxipyzj_navps.dat
[2009.09.24 00:28:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.10 13:15:51 | 000,000,680 | ---- | C] () -- C:\Users\Johannes\AppData\Local\d3d9caps.dat
[2009.07.03 05:57:21 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2
[2009.06.26 07:59:01 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.06.19 11:10:23 | 000,000,093 | ---- | C] () -- C:\Users\Johannes\AppData\Local\awqio.bat
[2009.06.18 18:56:34 | 000,000,334 | ---- | C] () -- C:\Windows\SoftWriting.ini
[2009.06.14 11:01:39 | 000,000,016 | -H-- | C] () -- C:\Users\Johannes\AppData\Roaming\mxfilerelatedcache.mxc2
[2009.06.14 11:01:21 | 000,000,016 | -H-- | C] () -- C:\Users\Johannes\AppData\Local\mxfilerelatedcache.mxc2
[2009.06.11 23:41:10 | 000,001,024 | ---- | C] () -- C:\Users\Johannes\AppData\Roaming\WavCodec.wff
[2009.06.09 07:07:23 | 000,000,614 | ---- | C] () -- C:\Users\Johannes\AppData\Roaming\wklnhst.dat
[2009.06.09 06:52:54 | 000,013,824 | ---- | C] () -- C:\Users\Johannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.04 11:30:01 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008.07.03 10:34:43 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008.07.03 10:27:11 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.07.03 10:17:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.07.03 10:17:58 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.07.03 10:17:58 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.07.03 10:17:58 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.07.03 10:17:58 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.07.03 10:17:58 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008.07.03 09:48:03 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.07.03 08:57:12 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.04.24 17:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008.04.24 17:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008.04.24 17:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008.04.24 17:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008.04.24 17:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008.04.24 17:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2007.12.21 15:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.07.22 20:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
< End of report >

RESULTAT: ESET Online Scanner

C:\Program Files\Unlocker\eBay_shortcuts_1016.exe a variant of Win32/Adware.ADON application deleted - quarantined
C:\Users\Johannes\AppData\Local\wxipyzj.exe a variant of Win32/Skintrim.EW trojan cleaned by deleting - quarantined
C:\Users\Johannes\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\6b800f31-335d1ec4 a variant of Java/TrojanDownloader.Agent.NAC trojan deleted - quarantined
C:\Users\Johannes\Desktop\PROGRAMME\REST\unlocker1.8.7.exe a variant of Win32/Adware.ADON application deleted - quarantined


RESULT: HIJACKTHIS:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:24:15, on 07.03.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\starter4g.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Smart Protector Pro\SmartProtector-Pro.exe
C:\Users\Johannes\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Users\Johannes\AppData\Local\Yahoo!\BrowserPlus\2.5.1\BrowserPlusCore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.schnellsucher.com/?t=Q1003063475&s=h
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [starter4g] C:\Windows\starter4g.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [SPSTEALT] "C:\Program Files\Smart Protector Pro\SmartProtector-Pro.exe" /stealt
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Johannes\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: Recorte de pantalla e Inicio rápido de OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/707-44556-9400-3/4 (file missing)
O9 - Extra button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.de/exec/obidos/red...k-21&site=home (file missing)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AV Engine Scanning Service - Unknown owner - C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9eb3755cbd480) (gupdate1c9eb3755cbd480) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WTGService - Unknown owner - C:\Program Files\XSManager\WTGService.exe
O23 - Service: XS Stick Service - 4G Systems GmbH & Co. KG - C:\Windows\service4g.exe

--
End of file - 10731 bytes