Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Kazy.mekml.1 und jetzt?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.04.2011, 21:05   #1
criß
 
TR/Kazy.mekml.1 und jetzt? - Standard

TR/Kazy.mekml.1 und jetzt?



hallo
haben seit heut auch den TR/Kazy.mekml.1 und nachdem ich hier schon n bisschen gelesen hab, den OTL runtergeladen und einen scan durchlaufen lassen.
hier die ergebnisse:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.04.2011 21:05:41 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\pablo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,41 Gb Total Space | 24,01 Gb Free Space | 11,09% Space Free | Partition Type: NTFS
Drive D: | 107,22 Gb Total Space | 89,70 Gb Free Space | 83,66% Space Free | Partition Type: NTFS
Drive O: | 245,59 Mb Total Space | 245,03 Mb Free Space | 99,77% Space Free | Partition Type: FAT
 
Computer Name: PABLO-PC | User Name: pablo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.04.21 20:59:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\pablo\Desktop\OTL.exe
PRC - [2011.04.21 14:18:25 | 000,569,344 | ---- | M] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe
PRC - [2011.04.08 17:17:40 | 000,176,848 | ---- | M] (iWin Inc.) -- C:\Programme\iWin Games\iWinTrusted.exe
PRC - [2010.09.16 18:36:40 | 000,328,568 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\uTorrent\uTorrent.exe
PRC - [2010.09.01 08:39:18 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.07.06 16:01:16 | 002,634,048 | ---- | M] (Veoh Networks) -- C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2010.03.28 21:47:44 | 001,692,440 | ---- | M] (ParetoLogic) -- C:\Programme\ParetoLogic\FileCure\FileCure.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.10.30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTLite.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.17 10:01:48 | 000,366,849 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\guardgui.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.02.13 08:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFME.EXE
PRC - [2008.07.21 15:07:44 | 002,752,512 | -H-- | M] (Electronic Arts) -- C:\Programme\Electronic Arts\EADM\Core.exe
PRC - [2008.06.10 20:26:28 | 000,222,456 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2008.05.27 19:35:30 | 000,040,960 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Programme\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
PRC - [2008.02.26 17:24:06 | 004,939,776 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.10.23 14:52:26 | 002,764,800 | ---- | M] () -- C:\RecInfo\RecInfo.exe
PRC - [2007.10.12 15:00:12 | 000,180,224 | ---- | M] (hablamax) -- C:\ProgramData\Web.de\adminsvc.exe
PRC - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007.05.17 23:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe
PRC - [2007.04.10 23:46:52 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2006.12.08 10:52:04 | 000,204,800 | -H-- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2006.11.02 11:44:50 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe
PRC - [2006.10.25 00:08:40 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccApp.exe
PRC - [2006.10.25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) -- c:\Programme\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2006.09.20 20:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) -- c:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.21 20:59:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\pablo\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.04.08 17:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Programme\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.06.10 20:26:28 | 000,222,456 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.04.02 03:26:27 | 001,174,152 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.12 15:00:12 | 000,180,224 | ---- | M] (hablamax) [Auto | Running] -- C:\ProgramData\Web.de\adminsvc.exe -- (AdminSVC)
SRV - [2007.09.26 10:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2007.05.17 23:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2006.12.08 10:52:04 | 000,204,800 | -H-- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2006.10.27 02:18:36 | 000,080,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2006.10.25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2006.10.25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2006.10.25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006.10.25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006.10.13 17:29:12 | 000,049,296 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006.09.20 20:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.01.29 16:16:51 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.01.29 16:16:50 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.01.28 22:20:23 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.12.07 21:09:28 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.03.27 10:03:00 | 007,738,816 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.04.02 03:27:05 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008.02.14 15:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.07.02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007.04.10 23:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2006.11.06 12:14:10 | 001,119,616 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.10.24 15:40:22 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006.10.24 15:40:22 | 000,144,784 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2006.10.24 15:40:22 | 000,038,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2006.10.24 15:40:22 | 000,037,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2006.10.24 15:40:22 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006.10.24 15:40:22 | 000,011,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2006.10.20 06:10:16 | 000,202,872 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys -- (IDSvix86)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://go.web.de/tab2 [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/home
IE - HKLM\..\URLSearchHook: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Programme\iWin\tbiWin.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://go.web.de/tab2 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Programme\iWin\tbiWin.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2008.11.13 21:49:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\PROGRA~1\Mozilla Firefox\components [2010.12.27 20:40:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\PROGRA~1\Mozilla Firefox\plugins [2010.09.15 10:49:28 | 000,000,000 | ---D | M]
 
[2008.11.06 23:44:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\pablo\AppData\Roaming\mozilla\Extensions
[2008.11.06 23:44:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\pablo\AppData\Roaming\mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
[2010.12.19 16:38:13 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions
[2009.09.26 14:19:15 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008.11.06 23:47:26 | 000,000,000 | -H-D | M] ("I ♥ Miro") -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions\{216ec66d-214a-43ea-92f0-5373f8405c88}
[2008.10.30 00:30:26 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009.12.08 22:56:24 | 000,000,000 | -H-D | M] (DVDVideoSoft Toolbar) -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.01.28 22:21:05 | 000,000,000 | -H-D | M] ("DAEMON Tools Toolbar") -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions\DTToolbar@toolbarnet.com
[2009.12.08 22:56:44 | 000,000,873 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\conduit.xml
[2010.01.28 22:20:55 | 000,002,055 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\daemon-search.xml
[2010.12.19 04:48:16 | 000,000,950 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\icqplugin-1.xml
[2008.10.28 23:54:08 | 000,000,950 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\icqplugin-2.xml
[2008.11.24 21:53:42 | 000,000,950 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\icqplugin-3.xml
[2009.10.15 20:04:51 | 000,000,950 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\icqplugin-4.xml
[2008.10.28 19:12:41 | 000,000,962 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\icqplugin.xml
[2008.09.27 14:09:54 | 000,000,273 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\search.xml
[2010.11.29 17:50:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008.10.28 19:16:01 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.10.13 19:58:33 | 000,000,000 | ---D | M] (Talkback) -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org
[2008.10.28 19:16:01 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
[2009.10.02 17:06:22 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008.10.29 10:35:04 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2010.01.17 16:59:41 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009.10.13 19:58:33 | 000,000,000 | ---D | M] (Talkback) -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\TALKBACK@MOZILLA.ORG
[2008.11.13 21:49:39 | 000,000,000 | ---D | M] (iWinGames Plugin) -- C:\PROGRAMDATA\IWIN GAMES\FIREFOX
[2009.10.13 19:58:23 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jar50.dll
[2009.10.13 19:58:23 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jsd3250.dll
[2009.10.13 19:58:23 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\myspell.dll
[2009.10.13 19:58:24 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\spellchk.dll
[2009.10.13 19:58:24 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\xpinstal.dll
[2009.01.06 21:16:47 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Programme\Mozilla Firefox\plugins\npgcplug.dll
[2005.04.27 22:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Programme\Mozilla Firefox\plugins\npracplug.dll
[2009.10.13 19:58:31 | 000,001,525 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.10.13 19:58:31 | 000,001,063 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.10.13 19:58:31 | 000,000,998 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.10.13 19:58:31 | 000,000,815 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Programme\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Programme\iWin\tbiWin.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Programme\iWin\tbiWin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (iWin Toolbar) - {CE0C2586-DA36-452B-ACDB-320D9BCB19BF} - C:\Programme\iWin\tbiWin.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [osCheck] c:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [recinfo369] c:\RecInfo\RecInfo.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [EPSON PX650 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFME.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [MRtPNAFMRSnT] C:\ProgramData\MRtPNAFMRSnT.exe (WinTrust)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Privacy Tray.lnk = C:\Programme\GnuPT\WPT\WinPT.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldde-de.cab (MSN Photo Upload Tool)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1222761945 (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\pablo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\pablo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{e274f267-0c4a-11df-973a-002421046f5f}\Shell - "" = AutoRun
O33 - MountPoints2\{e274f267-0c4a-11df-973a-002421046f5f}\Shell\AutoRun\command - "" = K:\SETUP.EXE -autorun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.21 21:05:23 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\pablo\Desktop\OTL.exe
[2011.04.21 14:18:26 | 000,569,344 | -H-- | C] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe
[2011.04.20 01:49:01 | 000,000,000 | -H-D | C] -- C:\Users\pablo\Desktop\Neuer Ordner (5)
[2011.04.19 22:41:44 | 000,000,000 | -H-D | C] -- C:\Users\pablo\AppData\Roaming\Rovio
[2011.04.19 21:44:44 | 000,000,000 | -H-D | C] -- C:\Users\pablo\AppData\Local\Babylon
[2011.04.19 21:44:43 | 000,000,000 | -H-D | C] -- C:\Users\pablo\AppData\Roaming\Babylon
[2011.04.19 21:44:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Babylon
[2011.04.19 21:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2011.04.19 17:10:45 | 000,000,000 | -H-D | C] -- C:\Users\pablo\Desktop\Neuer Ordner (4)
[2011.04.13 18:01:40 | 000,000,000 | -H-D | C] -- C:\Users\pablo\Bookworm Adventures
[2011.04.13 18:01:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zylom
[2011.04.13 18:01:07 | 000,000,000 | ---D | C] -- C:\Programme\RealArcade
[2011.04.12 23:55:47 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.12 23:55:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.12 23:55:44 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.12 23:55:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.12 23:55:43 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.12 23:55:43 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.12 23:55:43 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.12 23:55:43 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.12 23:55:42 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.12 23:55:42 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.12 23:55:42 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.12 23:55:41 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.12 23:55:41 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.12 23:55:41 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.12 23:55:41 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.12 23:55:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.12 23:55:40 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.12 23:55:39 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.12 23:55:39 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.12 23:49:55 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.04.12 23:29:12 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.04.12 23:29:12 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.04.12 23:29:10 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.12 23:29:10 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.12 23:29:05 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.12 23:28:53 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.12 23:28:51 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011.04.12 23:28:48 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.12 23:28:48 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.12 23:26:57 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.04.12 23:26:57 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.04.12 23:26:57 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.04.12 23:26:57 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2009.01.06 21:16:49 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\RngInterstitial.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.21 21:19:03 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.04.21 21:08:06 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.21 21:08:06 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.21 21:08:06 | 000,122,442 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.21 21:08:06 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.21 21:04:55 | 000,487,424 | -H-- | M] () -- C:\ProgramData\45539080.exe
[2011.04.21 21:04:34 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.21 21:04:33 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\FileCure Startup.job
[2011.04.21 21:04:24 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011.04.21 21:04:24 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 21:04:24 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 21:04:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.21 21:04:14 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.21 20:59:00 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\pablo\Desktop\OTL.exe
[2011.04.21 14:59:08 | 000,320,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.21 14:18:25 | 000,569,344 | -H-- | M] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe
[2011.04.21 13:57:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.21 10:28:01 | 000,000,240 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2011.04.19 21:45:12 | 000,002,053 | ---- | M] () -- C:\Users\Public\Desktop\Babylon.lnk
[2011.04.19 18:00:00 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011.04.18 22:04:52 | 000,171,520 | -H-- | M] () -- C:\Users\pablo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.18 20:45:57 | 000,017,408 | -H-- | M] () -- C:\Users\pablo\AppData\Local\WebpageIcons.db
[2011.04.16 04:25:01 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011.04.16 03:41:02 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\FileCure Default.job
[2011.04.13 18:02:15 | 000,000,772 | -H-- | M] () -- C:\Users\pablo\Desktop\Bookworm Adventures.lnk
[2011.04.13 18:01:40 | 000,000,133 | -H-- | M] () -- C:\Users\pablo\Desktop\Zylom.url
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.21 21:04:54 | 000,487,424 | -H-- | C] () -- C:\ProgramData\45539080.exe
[2011.04.21 14:58:19 | 2146,689,024 | -HS- | C] () -- C:\hiberfil.sys
[2011.04.19 21:44:44 | 000,002,053 | ---- | C] () -- C:\Users\Public\Desktop\Babylon.lnk
[2011.04.13 18:02:15 | 000,000,772 | -H-- | C] () -- C:\Users\pablo\Desktop\Bookworm Adventures.lnk
[2011.04.13 18:01:40 | 000,000,133 | -H-- | C] () -- C:\Users\pablo\Desktop\Zylom.url
[2011.04.13 01:14:45 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2010.11.15 18:40:24 | 000,050,344 | ---- | C] () -- C:\Programme\Uninstall Mini Balla 2006.exe
[2010.09.13 17:52:38 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2010.06.27 16:32:50 | 000,017,408 | -H-- | C] () -- C:\Users\pablo\AppData\Local\WebpageIcons.db
[2010.03.24 16:43:15 | 000,001,682 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2010.03.24 16:43:15 | 000,000,056 | RHS- | C] () -- C:\Windows\System32\9E63D8604E.sys
[2010.01.29 16:16:51 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.01.29 16:16:50 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.01.28 03:09:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.10.13 17:28:27 | 000,000,120 | ---- | C] () -- C:\Windows\CMRGDB01.INI
[2009.10.13 17:28:23 | 000,004,779 | ---- | C] () -- C:\Windows\CMRGUNST.INI
[2009.10.02 17:10:08 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.07 22:33:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.07 22:33:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.07 22:33:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.05.30 02:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.30 02:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.04.16 21:29:32 | 000,000,552 | -H-- | C] () -- C:\Users\pablo\AppData\Local\d3d8caps.dat
[2009.04.16 21:28:04 | 000,001,356 | -H-- | C] () -- C:\Users\pablo\AppData\Local\d3d9caps.dat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.09.23 12:23:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.09.10 12:23:50 | 000,000,464 | -H-- | C] () -- C:\Users\pablo\AppData\Roaming\wklnhst.dat
[2008.09.09 21:29:05 | 000,000,000 | ---- | C] () -- C:\Windows\PhEdit.INI
[2008.09.09 21:04:18 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008.09.09 21:04:18 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008.09.09 21:04:18 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008.09.09 21:04:18 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008.09.09 21:04:18 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008.09.09 21:04:18 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008.09.09 21:04:18 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008.09.09 21:04:18 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008.09.09 21:04:18 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008.09.09 21:04:18 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2008.09.09 21:04:18 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008.09.09 21:04:18 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008.09.09 21:04:18 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008.09.09 21:04:18 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008.09.09 21:04:18 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008.09.09 21:04:18 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2008.09.09 21:04:18 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2008.09.09 21:04:18 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008.09.09 21:04:18 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008.09.09 16:17:14 | 000,171,520 | -H-- | C] () -- C:\Users\pablo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.05.30 19:41:07 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini
[2007.09.04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007.04.10 23:46:52 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 17:33:31 | 000,618,204 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,122,442 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,320,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,586,980 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,101,052 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2004.09.01 17:49:17 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:6533A988
@Alternate Data Stream - 64 bytes -> C:\Users\pablo\Tracy Chapman - For My Lover (Album Version).avi:TOC.WMV
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:8AEA12E8
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:A1128200
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:75C2528D
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:EB79041A
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:32758ED6
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:1E3035E2
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:DCBD0AC7
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:CB5C4185
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:C04C48D4
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:6F71E822
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E091E936
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:698B483C
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:DF236465
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C4870D32
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:290A724C
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E6B3E318
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5F280981
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:77CE0242
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:581B0446
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E73AD533
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:77CF9481
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4B970D7A
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:257AC7F8
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:98E4FEC6
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:472EB08A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:F0E52E4F
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:5F3235B3
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:2A6BF249
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:EAD1940E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:B7F727B8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AED4FFF5
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5BA6D27E
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4F09946C
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:FF333535
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:53B47F8A
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:EFD52482
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:2702A8B3
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:0E1DD4C5
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:34B9286E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6972373C
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:93CEB973
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:E868CDC2
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:CF185254
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:429EC15A
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:08AC8A76
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:24E8169B
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:CDCE26D3
 
< End of report >
         
--- --- ---


und noch das zweite:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 21.04.2011 21:05:41 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\pablo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,41 Gb Total Space | 24,01 Gb Free Space | 11,09% Space Free | Partition Type: NTFS
Drive D: | 107,22 Gb Total Space | 89,70 Gb Free Space | 83,66% Space Free | Partition Type: NTFS
Drive O: | 245,59 Mb Total Space | 245,03 Mb Free Space | 99,77% Space Free | Partition Type: FAT
 
Computer Name: PABLO-PC | User Name: pablo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\ParetoLogic\FileCure\FileCure_noapp.exe %1 (ParetoLogic)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AAE4AB9-05D7-44F7-9B0F-94249DB8EC47}" = lport=445 | protocol=6 | dir=in | app=system | 
"{66F7F48E-1EF9-4D99-B1B2-24FF7176F6CC}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A3C40E56-03E7-4E48-9339-279EA860CFF5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B88766C4-751B-4FCF-93D8-CEAE2ABED598}" = rport=137 | protocol=17 | dir=out | app=system | 
"{CAAE537E-E1F3-4C43-B5E6-D4EE0C4C76B5}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D4E5EEFA-9CF7-4D84-9AD7-18CC826D3B74}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{DDDA2D15-314C-4942-9075-B77A7B0C7FDB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E97FF89D-EF31-4A14-B0C8-38E644F3B83F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F2734FBB-279B-4F13-B971-F34FE5F0FFAF}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F4D18BDB-0629-4755-A488-192138FAFE93}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0025EB18-6632-42A0-99C4-0D57BA884102}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0CE7BC3D-84DF-4E14-8137-7A2EED505350}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{2D87E381-7EDF-4B42-B358-6D912B621F97}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{3D1A72F6-2AE0-44FD-AAB7-CB613D487D7B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{3EE36C16-EE41-4B38-894E-6C55D75850BF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4EA490CF-CFDB-495B-A4A1-9773506408B6}" = protocol=6 | dir=in | app=c:\program files\iwin games\webupdater.exe | 
"{50E7BB67-AB1D-46A4-AC08-E7FB9962BC77}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{57607F00-89D5-4459-BD1A-8D43E66AA417}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{789A518F-0A1B-4E51-A96B-22B4D951A654}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{7F6C9084-4608-4A81-AF17-4A68B89E051F}" = protocol=17 | dir=in | app=c:\program files\iwin games\iwingames.exe | 
"{80616181-E9ED-4D76-906D-971AAB03432F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{843E9780-BBEB-41BC-98C4-D57CDC83A772}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | 
"{9563085C-E533-4F12-BDB7-07AD9116B6DD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{989D6816-DDA6-4F84-A584-703284E5D44D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AFED63F6-8614-4D9E-99DE-DB673C7F7593}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B4732F6A-8916-4F89-87B1-01AD2B12FB4A}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{B5FFCCCC-584E-40CA-8C99-E09C3049BAD0}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{D042E2CF-7CC5-49B9-9A72-A561621E406F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{D12973E1-D033-449D-8F90-1FC48BBC8A69}" = protocol=6 | dir=in | app=c:\program files\iwin games\iwingames.exe | 
"{D29B898F-892B-41B1-901A-BE07D1225A36}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{D54450AC-98E8-4FE1-BABB-A4C300379E46}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{DA3E266F-7B7F-42DC-B7D4-50E139290603}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{E8E5316E-7A42-47D7-A815-FA0C59002F4D}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | 
"{F1E87292-7997-4E5B-9B3C-DF51B0C06D9D}" = protocol=17 | dir=in | app=c:\program files\iwin games\webupdater.exe | 
"{F56E6D8B-F4C2-407D-915E-F1406C97A293}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{2DCDD54C-BCA3-41F4-9E63-FA9D8F92ADA3}C:\program files\mmtoolz\internettv\internettv.exe" = protocol=6 | dir=in | app=c:\program files\mmtoolz\internettv\internettv.exe | 
"TCP Query User{401E4E8D-2292-4C8F-809E-FF311300BE0E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{4CEFCADF-11FD-4990-A01A-165AD7555F83}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{89F323A6-7814-4014-B694-FAFEE8597B45}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"TCP Query User{8DC620BA-1A0F-46C5-A13B-C83DD4443E2C}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{A0FD5B02-540A-4DEB-822C-62A8C23C940D}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{D8711A72-9E5E-44E8-8BED-C725E07B1C64}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{E8EE1298-42D7-4E2B-AF43-E7471134FA79}C:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe | 
"UDP Query User{19C83C63-742B-402B-9658-A60397120121}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{37830EE0-65C7-4235-AE83-29858670C94E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{4945DB64-B1FA-405C-A4DC-47FC398EBB66}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"UDP Query User{955C5B4D-0C77-4FAD-BA02-FE0D1BF8D4A9}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{956CF4FC-F375-48CA-BD3C-2A2C49884ABA}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{9C6FF2DF-655C-49C8-AA2C-CAD995FAD5DA}C:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe | 
"UDP Query User{C9D290DB-2C3D-432F-ABED-60704579EEFF}C:\program files\mmtoolz\internettv\internettv.exe" = protocol=17 | dir=in | app=c:\program files\mmtoolz\internettv\internettv.exe | 
"UDP Query User{E844DACC-CBB4-4A73-9B47-371E82E06F29}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D00CD3F-AEDC-45F1-A2DD-DADF74407D7B}_is1" = Edna Bricht Aus 6.3
"{0E77B4E0-0D8B-4F93-B419-29CE8498E6B6}" = Simon the Sorcerer - Wer will schon Kontakt?
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 17
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4E5459A7-20FC-44D6-8832-80AE5A8D2B47}_is1" = GnuPT Version 3.6.7
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{726DBFE3-BE2B-4FFA-9787-D6495765CFD2}" = Microsoft LifeCam
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DB77BE4-629D-458D-BD68-9F36667C2177}" = TubeBox!
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BD009869-6498-4CF9-9016-E9EA6E3742B2}" = The Whispered World
"{C1C441C4-57FA-4950-BDBA-BABFBAA2AA39}" = ParetoLogic FileCure
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1031}" = Nero 7 Essentials
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"10 Days To Save The World" = 10 Days To Save The World (nur deinstallation)
"87f22455ae2e457413fab5f880d72f9a" = Bookworm Adventures
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"AlawarGameBox" = Alawar Game Box
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Be A King" = Be A King (nur deinstallation)
"BFG-Bookworm Deluxe" = Bookworm Deluxe
"BFGC" = Big Fish Games: Game Manager
"BFG-Ice Cream Craze - Tycoon Takeover" = Ice Cream Craze: Tycoon Takeover
"BGroom" = BGroom
"Big Fish Games Center" = Big Fish Games Center (remove only)
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"Boggle_is1" = Boggle
"Bookworm Adventures Deluxe" = Bookworm Adventures Deluxe
"Bookworm Adventures Vol. 2" = Bookworm Adventures Vol. 2
"Cheatbook 05.2009" = Cheatbook 05.2009
"Coconut Queen" = Coconut Queen (nur deinstallation)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Dirty Split" = Dirty Split (remove only)
"DivX Setup.divx.com" = DivX-Setup
"Drakensang_is1" = Drakensang (Patch Version 1.02)
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"Eco Rescue: Project Rainforest" = Eco Rescue: Project Rainforest (nur deinstallation)
"Epson Printer Software Downloader" = Epson Printer Software Downloader
"EPSON PX650 Series" = Druckerdeinstallation für EPSON PX650 Series
"EPSON Scanner" = EPSON Scan
"Epson Stylus Photo PX650_TX650 Benutzerhandbuch" = Epson Stylus Photo PX650_TX650 Handbuch
"Fairy Godmother Tycoon" = Fairy Godmother Tycoon (nur deinstallation)
"Farm Frenzy 3" = Farm Frenzy 3 (nur deinstallation)
"Farm Frenzy 3 ." = Farm Frenzy 3 .
"Farm Frenzy 3 Ice Age 1.00" = Farm Frenzy 3 Ice Age 1.00
"Farm Frenzy: Gone Fishing!" = Farm Frenzy: Gone Fishing! (nur deinstallation)
"Farm Mania 2" = Farm Mania 2 (nur deinstallation)
"Fever Frenzy" = Fever Frenzy (remove only)
"Fiona Finch and the Finest Flowers" = Fiona Finch and the Finest Flowers (nur deinstallation)
"Fishdom: Frosty Splash" = Fishdom: Frosty Splash (nur deinstallation)
"Free Studio_is1" = Free Studio version 4.2
"GNU Backgammon_is1" = GNU Backgammon (MAIN branch, 20081113 code)
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"InternetTV_is1" = InternetTV 7.12
"IrfanView" = IrfanView (remove only)
"Island Realms" = Island Realms (nur deinstallation)
"iWin Toolbar" = iWin Toolbar
"iWinArcade" = iWin Games (remove only)
"Jewel Quest II" = Jewel Quest II (nur deinstallation)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Luxor Amun Rising" = Luxor Amun Rising (remove only)
"Mah Jong Quest III" = Mah Jong Quest III (nur deinstallation)
"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mini Balla 2006" = Mini Balla 2006
"Mini-Mäuse" = Mini-Mäuse
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"My Free Mahjong_is1" = My Free Mahjong
"My Tribe" = My Tribe (nur entfernen)
"My Tribe 1.00" = My Tribe 1.00
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"Photo Mania" = Photo Mania (nur entfernen)
"Picasa 3" = Picasa 3
"Poker Superstars II" = Poker Superstars II (remove only)
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"QuickSFV" = QuickSFV (Remove only)
"RealArcade 1.2" = RealArcade
"RollerCoaster Tycoon Setup" = Roll
"Royal Trouble" = Royal Trouble (nur deinstallation)
"Sanitarium" = Sanitarium
"SKIP BO Castaway Caper1.0" = SKIP BO Castaway Caper
"SKIP¯BO Castaway Caper" = SKIP¯BO Castaway Caper (nur deinstallation)
"Sprill & Rithies Adventures In Time" = Sprill & Rithies Adventures In Time (nur deinstallation)
"Super Granny 5" = Super Granny 5 (nur deinstallation)
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"Tahiti Hidden Pearls" = Tahiti Hidden Pearls (nur deinstallation)
"The Clumsys" = The Clumsys (nur entfernen)
"The Enchanting Islands" = The Enchanting Islands (nur deinstallation)
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Veoh Web Player Beta" = Veoh Web Player
"WEB.DE IE7 Browser Update" = WEB.DE IE7 Browser Update
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = WinRAR
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Farm Frenzy 2 Deluxe" = Farm Frenzy 2 Deluxe
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"SKIP-BO Castaway Caper(TM)" = SKIP-BO Castaway Caper(TM)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.04.2011 04:17:44 | Computer Name = pablo-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 20.04.2011 04:19:05 | Computer Name = pablo-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 20.04.2011 13:23:50 | Computer Name = pablo-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 21.04.2011 02:32:01 | Computer Name = pablo-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 21.04.2011 02:33:22 | Computer Name = pablo-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 21.04.2011 06:46:36 | Computer Name = pablo-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 21.04.2011 06:47:57 | Computer Name = pablo-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 21.04.2011 06:49:18 | Computer Name = pablo-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 21.04.2011 08:20:09 | Computer Name = pablo-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.6001.19048 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen. Prozess-ID: 1764 Anfangszeit: 01cbffea8f121339 Zeitpunkt
der Beendigung: 19
 
Error - 21.04.2011 08:55:57 | Computer Name = pablo-PC | Source = EventSystem | ID = 4609
Description = 
 
[ Media Center Events ]
Error - 18.06.2010 14:21:46 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
 
 
Error - 23.06.2010 07:48:12 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
 
 
Error - 11.07.2010 08:08:18 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
 
 
Error - 17.07.2010 03:59:38 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
 
 
Error - 17.07.2010 13:00:42 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
 
 
Error - 27.07.2010 17:06:37 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
 
 
Error - 28.07.2010 17:17:17 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
 
 
Error - 29.01.2011 08:00:48 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
 
 
Error - 15.02.2011 05:05:13 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
 
 
Error - 13.04.2011 15:14:35 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
 
 
[ System Events ]
Error - 21.04.2011 08:56:30 | Computer Name = pablo-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 21.04.2011 08:56:30 | Computer Name = pablo-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 21.04.2011 08:56:34 | Computer Name = pablo-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 21.04.2011 08:56:34 | Computer Name = pablo-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 21.04.2011 08:56:36 | Computer Name = pablo-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 21.04.2011 08:56:43 | Computer Name = pablo-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 21.04.2011 09:04:37 | Computer Name = pablo-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 21.04.2011 10:29:17 | Computer Name = pablo-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 21.04.2011 10:36:09 | Computer Name = pablo-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 21.04.2011 15:09:31 | Computer Name = pablo-PC | Source = Service Control Manager | ID = 7022
Description = 
 
 
< End of report >
         
--- --- ---


bitte sagt uns was wir damit anfangen können?
danke
und frohe ostern

Alt 21.04.2011, 22:41   #2
kira
/// Helfer-Team
 
TR/Kazy.mekml.1 und jetzt? - Standard

TR/Kazy.mekml.1 und jetzt?



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

Zitat:
Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems
Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
PRC - [2011.04.21 14:18:25 | 000,569,344 | ---- | M] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
[2011.04.21 21:04:55 | 000,487,424 | -H-- | M] () -- C:\ProgramData\45539080.exe
@Alternate Data Stream - 64 bytes -> C:\Users\pablo\Tracy Chapman - For My Lover (Album Version).avi:TOC.WMV

:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

2.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

3.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

4.
Erneut ein OTL-Log erstellen und posten:-> OTL-Anleitung

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
Coverflow
__________________

__________________

Alt 22.04.2011, 20:49   #3
criß
 
TR/Kazy.mekml.1 und jetzt? - Standard

TR/Kazy.mekml.1 und jetzt?



hallo
und vielen dank für deine hilfe
haben jetzt deine anweisungen befolgt also hier erst mal die ergebnisse:

1. otl-log:
Code:
ATTFilter
All processes killed
========== OTL ==========
No active process named MRtPNAFMRSnT.exe was found!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
File C:\ProgramData\45539080.exe not found.
ADS C:\Users\pablo\Tracy Chapman - For My Lover (Album Version).avi:TOC.WMV deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: pablo
->Temp folder emptied: 2742601026 bytes
->Temporary Internet Files folder emptied: 665770250 bytes
->Java cache emptied: 29438732 bytes
->FireFox cache emptied: 20430512 bytes
->Google Chrome cache emptied: 8976536 bytes
->Flash cache emptied: 100663 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 331776 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 193500262 bytes
RecycleBin emptied: 152120179 bytes
 
Total Files Cleaned = 3.637,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 04222011_125137

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP0000003DE0019F04D92893A8 not found!

Registry entries deleted on Reboot...
         
mbam-scan:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6418

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

22.04.2011 21:13:20
mbam-log-2011-04-22 (21-13-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|O:\|)
Durchsuchte Objekte: 377885
Laufzeit: 1 Stunde(n), 44 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
c:\programdata\mrtpnafmrsnt.exe (Trojan.FakeAlert) -> 1384 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MRtPNAFMRSnT (Trojan.FakeAlert) -> Value: MRtPNAFMRSnT -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Value: *.securewebinfo.com -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Value: *.safetyincludes.com -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Value: *.securemanaging.com -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\mrtpnafmrsnt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\Games\My Tribe\MyTribe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\pablo\favorites\antivirus scan.url (Rogue.Link) -> Quarantined and deleted successfully.
c:\Users\pablo\documents\my documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
         
ccleaner:

Code:
ATTFilter
10 Days To Save The World (nur deinstallation)		17.07.2010	87,2MB	
Activation Assistant for the 2007 Microsoft Office suites	Microsoft Corporation	29.05.2008	14,0MB	
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	13.09.2010		10.1.82.76
Adobe Flash Player Plugin	Adobe Systems Incorporated	10.10.2008		9.0.124.0
Adobe Reader 8.1.2 - Deutsch	Adobe Systems Incorporated	01.04.2008	99,6MB	8.1.2
Alawar Game Box		28.10.2008	2,71MB	
Apple Application Support	Apple Inc.	01.10.2009	32,2MB	1.0
Apple Mobile Device Support	Apple Inc.	01.10.2009	40,4MB	2.6.0.32
Apple Software Update	Apple Inc.	18.09.2008	2,16MB	2.1.1.116
Avira AntiVir Personal - Free Antivirus	Avira GmbH	12.10.2009	134,3MB	
AVS Update Manager 1.0	Online Media Technologies Ltd.	23.03.2010	10,4MB	
AVS Video Converter 6	Online Media Technologies Ltd.	23.03.2010	34,1MB	
AVS4YOU Software Navigator 1.4	Online Media Technologies Ltd.	23.03.2010	8,74MB	
Be A King (nur deinstallation)		22.07.2009	28,8MB	
BGroom		28.06.2010	11,3MB	
Big Fish Games Center (remove only)		29.05.2008	172,3MB	
Big Fish Games Sudoku (remove only)		29.05.2008	172,3MB	
Big Fish Games: Game Manager		23.04.2010	6,64MB	1.5.1.0
Boggle		13.12.2009	34,7MB	
Bonjour	Apple Inc.	01.10.2009	0,49MB	1.0.106
Bookworm Adventures		12.04.2011	32,2MB	
Bookworm Adventures Deluxe	GameHouse, Inc.	23.04.2010	31,9MB	
Bookworm Adventures Vol. 2	PopCap Games	15.10.2009	74,6MB	
Bookworm Deluxe		15.10.2009	12,8MB	
CCleaner	Piriform	21.04.2011	3,60MB	3.05
Cheatbook 05.2009		25.01.2010	7,55MB	
Coconut Queen (nur deinstallation)		17.07.2010	107,6MB	
Compatibility Pack für 2007 Office System	Microsoft Corporation	12.04.2011	56,2MB	12.0.6425.1000
DAEMON Tools Toolbar	DT Soft Ltd	27.01.2010	2,46MB	1.1.1.0014
Dirty Split (remove only)		22.01.2010	225MB	
DivX-Setup	DivX, Inc. 	12.09.2010	2,34MB	2.0.4.2
Drakensang (Patch Version 1.02)	dtp AG	16.09.2010	4.809MB	
Driver Detective	PC Drivers HeadQuarters	28.01.2010	5,35MB	8.0.1
Druckerdeinstallation für EPSON PX650 Series	SEIKO EPSON Corporation	12.07.2010		
DVDVideoSoft Toolbar		07.12.2009	69,1MB	
EA Download Manager	Electronic Arts	26.12.2010	6,61MB	4.0.0.396
Eco Rescue:  Project Rainforest (nur deinstallation)		14.09.2009	134,2MB	
Edna Bricht Aus 6.3		02.03.2010	6.887MB	
Epson Easy Photo Print 2	SEIKO EPSON CORPORATION	12.07.2010	98,9MB	2.1.0.0
Epson Print CD	SEIKO EPSON CORPORATION	12.07.2010	26,9MB	2.00.00
Epson Printer Software Downloader		12.07.2010		
EPSON Scan		12.07.2010	15,8MB	
Epson Stylus Photo PX650_TX650 Handbuch		12.07.2010	8,17MB	
Fairy Godmother Tycoon (nur deinstallation)		03.04.2010	50,1MB	
Farm Frenzy 2 Deluxe	Zylom Games	04.01.2009	38,7MB	1.0.0
Farm Frenzy 3 (nur deinstallation)		11.09.2009	92,8MB	
Farm Frenzy 3 .		25.02.2010	98,9MB	
Farm Frenzy 3 Ice Age 1.00		21.04.2010	92,9MB	
Farm Frenzy: Gone Fishing! (nur deinstallation)		27.10.2010	88,4MB	
Farm Mania 2 (nur deinstallation)		08.01.2010	227MB	
Fever Frenzy (remove only)		04.01.2009	46,5MB	
Fiona Finch and the Finest Flowers (nur deinstallation)		13.12.2010	125,1MB	
FirstSteps Diagnostics	Fujitsu Siemens Computers	01.04.2008	4,67MB	1.00
Fishdom: Frosty Splash (nur deinstallation)		28.11.2009	57,6MB	
Free Studio version 4.2	DVDVideoSoft Limited.	07.12.2009	66,7MB	
FSCLounge	Fujitsu Siemens Computers	29.05.2008	8,47MB	1.0.0
GIMP 2.6.7		14.10.2009	87,0MB	
GNU Backgammon (MAIN branch, 20081113 code)	Free Software Foundation	07.12.2010	41,8MB	
GnuPT Version 3.6.7	GnuPT - Protect Your Data	05.04.2010	6,14MB	3.6.7
Google Chrome	Google Inc.	05.03.2010	157,9MB	10.0.648.205
Google Desktop	Google	29.05.2008	8,57MB	-
Google Earth	Google	28.09.2010	85,4MB	5.2.1.1588
Google Toolbar for Internet Explorer	Google Inc.	12.04.2011	44,7MB	
Google Updater	Google Inc.	12.10.2008	3,96MB	2.4.1368.5602
Ice Cream Craze: Tycoon Takeover		23.04.2010	50,7MB	
ICQ Toolbar	ICQ	27.10.2008		3.0.0
ICQ6	ICQ	27.10.2008	42,5MB	6.00.0000
InternetTV 7.12	MMToolz, Inc.	19.10.2008	1,14MB	
IrfanView (remove only)		14.10.2009	1,85MB	
Island Realms (nur deinstallation)		06.06.2010	48,2MB	
iTunes	Apple Inc.	01.10.2009	132,4MB	9.0.1.8
iWin Games (remove only)		21.07.2009	2,69MB	
iWin Toolbar		12.11.2008	1,90MB	
Java(TM) 6 Update 17	Sun Microsystems, Inc.	28.10.2008	94,4MB	6.0.170
Jewel Quest II (nur deinstallation)		06.09.2009	36,2MB	
LiveUpdate 3.2 (Symantec Corporation)	Symantec Corporation	22.09.2008	8,56MB	3.2.0.68
LiveUpdate Notice (Symantec Corporation)	Symantec Corporation	22.09.2008	7,59MB	1.4.5
Luxor Amun Rising (remove only)		29.05.2008	18,1MB	
Mah Jong Quest III (nur deinstallation)		09.01.2010	96,3MB	
Mahjong Towers Eternity EU (remove only)		29.05.2008	15,7MB	
Malwarebytes' Anti-Malware	Malwarebytes Corporation	21.04.2011	4,80MB	
McAfee Security Scan Plus	McAfee, Inc.	14.09.2010	9,10MB	2.0.181.2
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	06.08.2009	27,8MB	
Microsoft LifeCam	Microsoft	01.10.2009	57,7MB	1.40.164.0
Microsoft Office Home and Student 2007	Microsoft Corporation	23.10.2010	297MB	12.0.6425.1000
Microsoft Office PowerPoint Viewer 2007 (German)	Microsoft Corporation	12.04.2011	51,0MB	12.0.6425.1000
Microsoft Silverlight	Microsoft Corporation	21.04.2011	79,9MB	4.0.60310.0
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	23.03.2010	0,33MB	8.0.59193
Microsoft Visual C++ 2005 Redistributable - KB2467175	Microsoft Corporation	12.04.2011	0,29MB	8.0.51011
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	22.10.2010	0,19MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	12.04.2011	0,58MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	12.10.2009	0,58MB	9.0.30729
Microsoft Works	Microsoft Corporation	16.12.2010	377MB	9.7.0621
Mini Balla 2006		14.11.2010	4,47MB	
Mini-Mäuse		12.10.2009	5,05MB	
Move Networks Media Player for Internet Explorer		02.10.2009	1,09MB	
Mozilla Firefox (2.0.0.20)	Mozilla	12.10.2009	24,5MB	2.0.0.20 (de)
MSXML 4.0 SP2 (KB936181)	Microsoft Corporation	01.11.2008	1,27MB	4.20.9848.0
MSXML 4.0 SP2 (KB941833)	Microsoft Corporation	01.04.2008	1,27MB	4.20.9849.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	12.11.2008	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	25.11.2009	1,34MB	4.20.9876.0
My Free Mahjong	MyPlayCity, Inc.	08.01.2010	7,00MB	1.0
My Tribe (nur entfernen)		22.01.2010	60,1MB	
My Tribe 1.00		23.01.2010	60,2MB	
Mystery Case Files - Prime Suspects (remove only)		29.05.2008	39,3MB	
Nero 7 Essentials	Nero AG	18.03.2010	2.644MB	7.03.1152
Norton Internet Security (Symantec Corporation)	Symantec Corporation	29.05.2008	26,9MB	10.1.0.26
NVIDIA Drivers	NVIDIA Corporation	19.04.2009		1.3
NVIDIA PhysX	NVIDIA Corporation	19.04.2009	119,9MB	9.09.0203
OpenOffice.org 3.2	OpenOffice.org	16.05.2010	356MB	3.2.9483
ParetoLogic FileCure	ParetoLogic, Inc.	14.04.2010	4,08MB	1.1.1.0
Photo Mania (nur entfernen)		04.01.2009	19,9MB	
PHOTOfunSTUDIO -viewer-	Panasonic	08.09.2008	59,1MB	2.01.000
Picasa 3	Google, Inc.	27.07.2010	74,3MB	3.6
Poker Superstars II (remove only)		29.05.2008	30,3MB	
ProtectDisc Driver, Version 11	ProtectDisc Software GmbH	27.02.2011	100,00KB	11.0.0.12
QuickSFV (Remove only)		28.01.2010	0,27MB	
QuickTime	Apple Inc.	01.10.2009	76,5MB	7.64.17.73
RealArcade		05.01.2009	52,8MB	
Realtek High Definition Audio Driver		01.04.2008		
Roll		12.09.2010	152,9MB	
Royal Trouble (nur deinstallation)		27.10.2010	147,6MB	
Sanitarium		27.01.2010	84,0MB	
Simon the Sorcerer - Wer will schon Kontakt?	The Games Company	27.02.2011	2.282MB	1.0
SKIP BO Castaway Caper	Adnan_Boy 2008	25.01.2010	18,5MB	1.0
SKIP-BO Castaway Caper(TM)	Zylom Games	08.01.2010	68,5MB	1.0.0
SKIP¯BO Castaway Caper (nur deinstallation)		11.10.2009	21,5MB	
Skype web features	Skype Technologies S.A.	01.10.2009	4,34MB	1.0.3971
Skype™ 4.2	Skype Technologies S.A.	07.10.2010	31,7MB	4.2.187
SPORE™	Electronic Arts	26.12.2010	3.862MB	1.00.0000
Sprill & Rithies Adventures In Time (nur deinstallation)		21.06.2010	353MB	
Super Granny 5 (nur deinstallation)		12.04.2011	73,7MB	
Tahiti Hidden Pearls (nur deinstallation)		22.01.2010	45,0MB	
The Clumsys (nur entfernen)		04.01.2009	90,8MB	
The Enchanting Islands (nur deinstallation)		22.01.2010	40,0MB	
The Whispered World	Deep Silver	28.01.2010	2.525MB	1.00
TubeBox!	Jens Lorek	01.12.2010	12,9MB	3.4.1
Uninstall 1.0.0.1		07.12.2009	39,5MB	
Veoh Web Player	Veoh Networks, Inc.	28.11.2010	30,5MB	1.1.2.0000
Vista Codec Package	Shark007	16.02.2010	52,5MB	5.5.8
WEB.DE IE7 Browser Update	WEB.DE	31.10.2008		
WinRAR		28.01.2010	3,79MB	
Zattoo 3.3.4 Beta	Zattoo Inc.	19.07.2009	18,4MB	3.3.4 Beta
Zattoo4 4.0.5	Zattoo Inc.	26.06.2010	39,9MB	4.0.5
µTorrent		23.01.2010	0,31MB	1.8.5
         
2.otl-log

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.04.2011 21:05:41 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\pablo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,41 Gb Total Space | 24,01 Gb Free Space | 11,09% Space Free | Partition Type: NTFS
Drive D: | 107,22 Gb Total Space | 89,70 Gb Free Space | 83,66% Space Free | Partition Type: NTFS
Drive O: | 245,59 Mb Total Space | 245,03 Mb Free Space | 99,77% Space Free | Partition Type: FAT
 
Computer Name: PABLO-PC | User Name: pablo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.04.21 20:59:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\pablo\Desktop\OTL.exe
PRC - [2011.04.21 14:18:25 | 000,569,344 | ---- | M] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe
PRC - [2011.04.08 17:17:40 | 000,176,848 | ---- | M] (iWin Inc.) -- C:\Programme\iWin Games\iWinTrusted.exe
PRC - [2010.09.16 18:36:40 | 000,328,568 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\uTorrent\uTorrent.exe
PRC - [2010.09.01 08:39:18 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.07.06 16:01:16 | 002,634,048 | ---- | M] (Veoh Networks) -- C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2010.03.28 21:47:44 | 001,692,440 | ---- | M] (ParetoLogic) -- C:\Programme\ParetoLogic\FileCure\FileCure.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.10.30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTLite.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.17 10:01:48 | 000,366,849 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\guardgui.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.02.13 08:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFME.EXE
PRC - [2008.07.21 15:07:44 | 002,752,512 | -H-- | M] (Electronic Arts) -- C:\Programme\Electronic Arts\EADM\Core.exe
PRC - [2008.06.10 20:26:28 | 000,222,456 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2008.05.27 19:35:30 | 000,040,960 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Programme\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
PRC - [2008.02.26 17:24:06 | 004,939,776 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.10.23 14:52:26 | 002,764,800 | ---- | M] () -- C:\RecInfo\RecInfo.exe
PRC - [2007.10.12 15:00:12 | 000,180,224 | ---- | M] (hablamax) -- C:\ProgramData\Web.de\adminsvc.exe
PRC - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007.05.17 23:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe
PRC - [2007.04.10 23:46:52 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2006.12.08 10:52:04 | 000,204,800 | -H-- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2006.11.02 11:44:50 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe
PRC - [2006.10.25 00:08:40 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccApp.exe
PRC - [2006.10.25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) -- c:\Programme\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2006.09.20 20:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) -- c:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.21 20:59:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\pablo\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.04.08 17:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Programme\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.06.10 20:26:28 | 000,222,456 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.04.02 03:26:27 | 001,174,152 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.12 15:00:12 | 000,180,224 | ---- | M] (hablamax) [Auto | Running] -- C:\ProgramData\Web.de\adminsvc.exe -- (AdminSVC)
SRV - [2007.09.26 10:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2007.05.17 23:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2006.12.08 10:52:04 | 000,204,800 | -H-- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2006.10.27 02:18:36 | 000,080,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2006.10.25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2006.10.25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2006.10.25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006.10.25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006.10.13 17:29:12 | 000,049,296 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006.09.20 20:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.01.29 16:16:51 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.01.29 16:16:50 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.01.28 22:20:23 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.12.07 21:09:28 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.03.27 10:03:00 | 007,738,816 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.04.02 03:27:05 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008.02.14 15:56:02 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.07.02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007.04.10 23:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2006.11.06 12:14:10 | 001,119,616 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.10.24 15:40:22 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006.10.24 15:40:22 | 000,144,784 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2006.10.24 15:40:22 | 000,038,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2006.10.24 15:40:22 | 000,037,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2006.10.24 15:40:22 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006.10.24 15:40:22 | 000,011,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2006.10.20 06:10:16 | 000,202,872 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys -- (IDSvix86)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://go.web.de/tab2 [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/home
IE - HKLM\..\URLSearchHook: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Programme\iWin\tbiWin.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://go.web.de/tab2 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Programme\iWin\tbiWin.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2008.11.13 21:49:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\PROGRA~1\Mozilla Firefox\components [2010.12.27 20:40:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\PROGRA~1\Mozilla Firefox\plugins [2010.09.15 10:49:28 | 000,000,000 | ---D | M]
 
[2008.11.06 23:44:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\pablo\AppData\Roaming\mozilla\Extensions
[2008.11.06 23:44:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\pablo\AppData\Roaming\mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
[2010.12.19 16:38:13 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions
[2009.09.26 14:19:15 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008.11.06 23:47:26 | 000,000,000 | -H-D | M] ("I ♥ Miro") -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions\{216ec66d-214a-43ea-92f0-5373f8405c88}
[2008.10.30 00:30:26 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009.12.08 22:56:24 | 000,000,000 | -H-D | M] (DVDVideoSoft Toolbar) -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.01.28 22:21:05 | 000,000,000 | -H-D | M] ("DAEMON Tools Toolbar") -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions\DTToolbar@toolbarnet.com
[2009.12.08 22:56:44 | 000,000,873 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\conduit.xml
[2010.01.28 22:20:55 | 000,002,055 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\daemon-search.xml
[2010.12.19 04:48:16 | 000,000,950 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\icqplugin-1.xml
[2008.10.28 23:54:08 | 000,000,950 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\icqplugin-2.xml
[2008.11.24 21:53:42 | 000,000,950 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\icqplugin-3.xml
[2009.10.15 20:04:51 | 000,000,950 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\icqplugin-4.xml
[2008.10.28 19:12:41 | 000,000,962 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\icqplugin.xml
[2008.09.27 14:09:54 | 000,000,273 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\search.xml
[2010.11.29 17:50:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008.10.28 19:16:01 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.10.13 19:58:33 | 000,000,000 | ---D | M] (Talkback) -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org
[2008.10.28 19:16:01 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
[2009.10.02 17:06:22 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008.10.29 10:35:04 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2010.01.17 16:59:41 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009.10.13 19:58:33 | 000,000,000 | ---D | M] (Talkback) -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\TALKBACK@MOZILLA.ORG
[2008.11.13 21:49:39 | 000,000,000 | ---D | M] (iWinGames Plugin) -- C:\PROGRAMDATA\IWIN GAMES\FIREFOX
[2009.10.13 19:58:23 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jar50.dll
[2009.10.13 19:58:23 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jsd3250.dll
[2009.10.13 19:58:23 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\myspell.dll
[2009.10.13 19:58:24 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\spellchk.dll
[2009.10.13 19:58:24 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\xpinstal.dll
[2009.01.06 21:16:47 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Programme\Mozilla Firefox\plugins\npgcplug.dll
[2005.04.27 22:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Programme\Mozilla Firefox\plugins\npracplug.dll
[2009.10.13 19:58:31 | 000,001,525 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.10.13 19:58:31 | 000,001,063 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.10.13 19:58:31 | 000,000,998 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.10.13 19:58:31 | 000,000,815 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Programme\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Programme\iWin\tbiWin.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Programme\iWin\tbiWin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (iWin Toolbar) - {CE0C2586-DA36-452B-ACDB-320D9BCB19BF} - C:\Programme\iWin\tbiWin.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [osCheck] c:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [recinfo369] c:\RecInfo\RecInfo.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [EPSON PX650 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFME.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [MRtPNAFMRSnT] C:\ProgramData\MRtPNAFMRSnT.exe (WinTrust)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Privacy Tray.lnk = C:\Programme\GnuPT\WPT\WinPT.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldde-de.cab (MSN Photo Upload Tool)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1222761945 (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\pablo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\pablo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{e274f267-0c4a-11df-973a-002421046f5f}\Shell - "" = AutoRun
O33 - MountPoints2\{e274f267-0c4a-11df-973a-002421046f5f}\Shell\AutoRun\command - "" = K:\SETUP.EXE -autorun
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.21 21:05:23 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\pablo\Desktop\OTL.exe
[2011.04.21 14:18:26 | 000,569,344 | -H-- | C] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe
[2011.04.20 01:49:01 | 000,000,000 | -H-D | C] -- C:\Users\pablo\Desktop\Neuer Ordner (5)
[2011.04.19 22:41:44 | 000,000,000 | -H-D | C] -- C:\Users\pablo\AppData\Roaming\Rovio
[2011.04.19 21:44:44 | 000,000,000 | -H-D | C] -- C:\Users\pablo\AppData\Local\Babylon
[2011.04.19 21:44:43 | 000,000,000 | -H-D | C] -- C:\Users\pablo\AppData\Roaming\Babylon
[2011.04.19 21:44:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Babylon
[2011.04.19 21:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2011.04.19 17:10:45 | 000,000,000 | -H-D | C] -- C:\Users\pablo\Desktop\Neuer Ordner (4)
[2011.04.13 18:01:40 | 000,000,000 | -H-D | C] -- C:\Users\pablo\Bookworm Adventures
[2011.04.13 18:01:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zylom
[2011.04.13 18:01:07 | 000,000,000 | ---D | C] -- C:\Programme\RealArcade
[2011.04.12 23:55:47 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.12 23:55:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.12 23:55:44 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.12 23:55:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.12 23:55:43 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.12 23:55:43 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.12 23:55:43 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.12 23:55:43 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.12 23:55:42 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.12 23:55:42 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.12 23:55:42 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.12 23:55:41 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.12 23:55:41 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.12 23:55:41 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.12 23:55:41 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.12 23:55:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.12 23:55:40 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.12 23:55:39 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.12 23:55:39 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.12 23:49:55 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.04.12 23:29:12 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.04.12 23:29:12 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.04.12 23:29:10 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.12 23:29:10 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.12 23:29:05 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.12 23:28:53 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.12 23:28:51 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011.04.12 23:28:48 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.12 23:28:48 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.12 23:26:57 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.04.12 23:26:57 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.04.12 23:26:57 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.04.12 23:26:57 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2009.01.06 21:16:49 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\RngInterstitial.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.21 21:19:03 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.04.21 21:08:06 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.21 21:08:06 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.21 21:08:06 | 000,122,442 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.21 21:08:06 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.21 21:04:55 | 000,487,424 | -H-- | M] () -- C:\ProgramData\45539080.exe
[2011.04.21 21:04:34 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.21 21:04:33 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\FileCure Startup.job
[2011.04.21 21:04:24 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011.04.21 21:04:24 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 21:04:24 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 21:04:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.21 21:04:14 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.21 20:59:00 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\pablo\Desktop\OTL.exe
[2011.04.21 14:59:08 | 000,320,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.21 14:18:25 | 000,569,344 | -H-- | M] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe
[2011.04.21 13:57:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.21 10:28:01 | 000,000,240 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2011.04.19 21:45:12 | 000,002,053 | ---- | M] () -- C:\Users\Public\Desktop\Babylon.lnk
[2011.04.19 18:00:00 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011.04.18 22:04:52 | 000,171,520 | -H-- | M] () -- C:\Users\pablo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.18 20:45:57 | 000,017,408 | -H-- | M] () -- C:\Users\pablo\AppData\Local\WebpageIcons.db
[2011.04.16 04:25:01 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011.04.16 03:41:02 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\FileCure Default.job
[2011.04.13 18:02:15 | 000,000,772 | -H-- | M] () -- C:\Users\pablo\Desktop\Bookworm Adventures.lnk
[2011.04.13 18:01:40 | 000,000,133 | -H-- | M] () -- C:\Users\pablo\Desktop\Zylom.url
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.21 21:04:54 | 000,487,424 | -H-- | C] () -- C:\ProgramData\45539080.exe
[2011.04.21 14:58:19 | 2146,689,024 | -HS- | C] () -- C:\hiberfil.sys
[2011.04.19 21:44:44 | 000,002,053 | ---- | C] () -- C:\Users\Public\Desktop\Babylon.lnk
[2011.04.13 18:02:15 | 000,000,772 | -H-- | C] () -- C:\Users\pablo\Desktop\Bookworm Adventures.lnk
[2011.04.13 18:01:40 | 000,000,133 | -H-- | C] () -- C:\Users\pablo\Desktop\Zylom.url
[2011.04.13 01:14:45 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2010.11.15 18:40:24 | 000,050,344 | ---- | C] () -- C:\Programme\Uninstall Mini Balla 2006.exe
[2010.09.13 17:52:38 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2010.06.27 16:32:50 | 000,017,408 | -H-- | C] () -- C:\Users\pablo\AppData\Local\WebpageIcons.db
[2010.03.24 16:43:15 | 000,001,682 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2010.03.24 16:43:15 | 000,000,056 | RHS- | C] () -- C:\Windows\System32\9E63D8604E.sys
[2010.01.29 16:16:51 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.01.29 16:16:50 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.01.28 03:09:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.10.13 17:28:27 | 000,000,120 | ---- | C] () -- C:\Windows\CMRGDB01.INI
[2009.10.13 17:28:23 | 000,004,779 | ---- | C] () -- C:\Windows\CMRGUNST.INI
[2009.10.02 17:10:08 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.07 22:33:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.07 22:33:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.07 22:33:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.05.30 02:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.30 02:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.04.16 21:29:32 | 000,000,552 | -H-- | C] () -- C:\Users\pablo\AppData\Local\d3d8caps.dat
[2009.04.16 21:28:04 | 000,001,356 | -H-- | C] () -- C:\Users\pablo\AppData\Local\d3d9caps.dat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.09.23 12:23:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.09.10 12:23:50 | 000,000,464 | -H-- | C] () -- C:\Users\pablo\AppData\Roaming\wklnhst.dat
[2008.09.09 21:29:05 | 000,000,000 | ---- | C] () -- C:\Windows\PhEdit.INI
[2008.09.09 21:04:18 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008.09.09 21:04:18 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008.09.09 21:04:18 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008.09.09 21:04:18 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008.09.09 21:04:18 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008.09.09 21:04:18 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008.09.09 21:04:18 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008.09.09 21:04:18 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008.09.09 21:04:18 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008.09.09 21:04:18 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2008.09.09 21:04:18 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008.09.09 21:04:18 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008.09.09 21:04:18 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008.09.09 21:04:18 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008.09.09 21:04:18 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008.09.09 21:04:18 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2008.09.09 21:04:18 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2008.09.09 21:04:18 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008.09.09 21:04:18 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008.09.09 16:17:14 | 000,171,520 | -H-- | C] () -- C:\Users\pablo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.05.30 19:41:07 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini
[2007.09.04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007.04.10 23:46:52 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 17:33:31 | 000,618,204 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,122,442 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,320,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,586,980 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,101,052 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2004.09.01 17:49:17 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:6533A988
@Alternate Data Stream - 64 bytes -> C:\Users\pablo\Tracy Chapman - For My Lover (Album Version).avi:TOC.WMV
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:8AEA12E8
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:A1128200
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:75C2528D
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:EB79041A
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:32758ED6
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:1E3035E2
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:DCBD0AC7
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:CB5C4185
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:C04C48D4
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:6F71E822
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E091E936
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:698B483C
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:DF236465
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C4870D32
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:290A724C
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E6B3E318
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5F280981
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:77CE0242
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:581B0446
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E73AD533
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:77CF9481
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4B970D7A
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:257AC7F8
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:98E4FEC6
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:472EB08A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:F0E52E4F
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:5F3235B3
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:2A6BF249
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:EAD1940E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:B7F727B8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AED4FFF5
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5BA6D27E
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4F09946C
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:FF333535
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:53B47F8A
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:EFD52482
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:2702A8B3
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:0E1DD4C5
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:34B9286E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6972373C
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:93CEB973
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:E868CDC2
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:CF185254
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:429EC15A
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:08AC8A76
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:24E8169B
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:CDCE26D3

< End of report >
         
--- --- ---


so, hoffe mal dass ichs bis hierhin richtig hab.
bin wirklich dankbar für deine hilfe
schönes wochenende
__________________

Alt 23.04.2011, 00:01   #4
kira
/// Helfer-Team
 
TR/Kazy.mekml.1 und jetzt? - Standard

TR/Kazy.mekml.1 und jetzt?



1.
Du hast deinen Rechner mit zwei Anti-Viren-Programmen generell `geschwächt`: Avira und Norton
Wichtig:
Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
Mehr AV Programme bedeutet nicht mehr Sicherheit!Die Scanner behindern sich gegenseitig (bei beiden den On-Access Scan aktiviert bzw laufen ständig im Hintergrund) und ein Systemcrash kann die Folge sein oder im schlechtesten fall, kannst Du über eine komplette Neuinstallation freuen! Deinstalliere also eines der AV-Programme und lass nur noch eins auf deinem PC laufen.
Zitat:
►Bevor du ein anderes Antivirenprogramm installierst solltest du auf jeden Fall das vorherige vollständig deinstallieren!
also entscheide dich entweder für Avira/Antivir oder Symantec/Norton!
Je nachdem, wie Du Dich entscheidest
► Entweder Avira deinstallieren:
unter Software, oder und noch das Tool Download Avira RegistryCleaner verwenden


Norton Antivirus vollständig zu deinstallieren - gehe auf der Symantec-Webseite und suche nach den speziellen Deinstallations-Tools, mit denen die letzten Reste (auch) entfernt werden sollten:► Norton Removal Tool (für alle Produkte ab 2003 bis 2008) von hier herunterladen
oder hier: ►Norton Removal Tool für alle Produkte ab 2003 bis 2010 / wintotal.de

2.
Zitat:
**Vor dem Löschen temporärer Dateien sollte man unbedingt alle Anwendungen beenden!
**lösche nur den Inhalt der Ordner, nicht die Ordner selbst!
**Der Temp Ordner,ist für temporäre Dateien,also der Inhalt kann man ohne weiteres löschen.- Dateien, die noch in Benutzung sind,nicht löschbar.
alle Anwendungen schließen → Ordner für temporäre Dateien bitte leeren
lösche nur den Inhalt der Ordner, nicht die Ordner selbst! - Dateien, die noch in Benutzung sind,nicht löschbar.
gib in der Suchleiste unter dem Windows Start Button folgendes ein:
Code:
ATTFilter
 %temp%
         
Inhalt markieren und löschen:
- anschließend den Papierkorb leeren

3.
reinige dein System mit Ccleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

[color=blue4.[/color]
bin ich mir nicht sicher, ob Du absichtlich installiert hast, da oft mit andere Programm wird mitinstalliert bzw angeboten(vermutlich durch Adobe Reader):
Code:
ATTFilter
McAfee Security Scan Plus
         
obwohl selbst die Programmierer/hersteller ein sehr gute Ruf hat, durch dieses "Helferprinzip" wird dein PC nicht noch mehr geschützt, aber beeinträchtigt die Systemleistung

5.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java Version 6 Update 24 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

6.
Adobe Reader aktualisieren :
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

7.
gehört nicht auf ein sauberes System:
unter `Systemsteuerung --> Programme und Funktionen
Code:
ATTFilter
DAEMON Tools Toolbar
         
8.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

9.
- "Link:-> ESET Online Scanner
>>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.► [Sicherheit] Autorun Funktion für mehr Sicherheit auf allen Laufwerken deaktivieren /Avira Support Forum

-> Führe dann einen Komplett-Systemcheck mit Eset/Nod32 durch

- folgendes bitte anhaken > "Remove found threads" und "Scan archives"
- die Scanergebnis als *.txt Dateien speichern)
- meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt"

Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben
- um den Scan zu starten: wenn du danach gefragt wirst (den Text in der Informationsleiste ) - ActiveX-Steuerelement installieren lassen

** Gibt es weitere Auffälligkeiten/Probleme mit dem Rechner?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Antwort

Themen zu TR/Kazy.mekml.1 und jetzt?
alternate, antivir, avgntflt.sys, avira, bho, bonjour, browser update, conduit, entfernen, error, excel.exe, failed, fever, firefox, fishing, flash player, format, google, google chrome, google earth, home, iexplore.exe, install.exe, intranet, location, logfile, microsoft office word, mozilla, nvlddmkm.sys, office 2007, oldtimer, picasa, plug-in, realtek, registry, rundll, saver, scan, searchplugins, security, security scan, security update, senden, skype.exe, software, sptd.sys, start menu, studio, symantec, tubebox, udp, video converter, vista



Ähnliche Themen: TR/Kazy.mekml.1 und jetzt?


  1. TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 30.05.2011 (37)
  2. TR/Kazy.mekml.1 - jetzt auch auf meinem Rechner! :(
    Log-Analyse und Auswertung - 20.05.2011 (2)
  3. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 19.05.2011 (27)
  4. TR/Kazy.mekml.1 ; 'TR/FakeSysdef.A.621 ; 'TR/Kazy.22847'..
    Log-Analyse und Auswertung - 15.05.2011 (33)
  5. TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 10.05.2011 (17)
  6. Kazy.mekml.1
    Log-Analyse und Auswertung - 09.05.2011 (19)
  7. TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 06.05.2011 (1)
  8. Tr/kazy.mekml.1
    Log-Analyse und Auswertung - 03.05.2011 (13)
  9. TR/Kazy.mekml.1 - OTL Fix?
    Log-Analyse und Auswertung - 01.05.2011 (17)
  10. TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 26.04.2011 (1)
  11. TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 26.04.2011 (3)
  12. Da bin ich jetzt auch dabei: TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 25.04.2011 (3)
  13. TR/Kazy.mekml.1 habe ich jetzt auch
    Plagegeister aller Art und deren Bekämpfung - 25.04.2011 (1)
  14. TR/Kazy.mekml.1 jetzt auch bei mir!
    Plagegeister aller Art und deren Bekämpfung - 25.04.2011 (1)
  15. Osterei: TR/Kazy.mekml.1 und TR/Kazy.20364
    Log-Analyse und Auswertung - 25.04.2011 (1)
  16. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (6)
  17. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (11)

Zum Thema TR/Kazy.mekml.1 und jetzt? - hallo haben seit heut auch den TR/Kazy.mekml.1 und nachdem ich hier schon n bisschen gelesen hab, den OTL runtergeladen und einen scan durchlaufen lassen. hier die ergebnisse: OTL Logfile: Code: - TR/Kazy.mekml.1 und jetzt?...
Archiv
Du betrachtest: TR/Kazy.mekml.1 und jetzt? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.