Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/Kazy.mekml.1 e ...welch ein Aerger

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 27.04.2011, 19:12   #1
danMUC
 
TR/Kazy.mekml.1 e ...welch ein Aerger - Frage

TR/Kazy.mekml.1 e ...welch ein Aerger



Hallo,

Habe mir auch den TR/Kazy.mekml.1 eingefangen. Nach den enstrpechenden AntVir-Meldungen die jeweiligen Dateien geloescht, hat aber nichts gebracht. Alles persoenlichen Dateien sind unsichtbar, Icons weg und Desktop schwarz. Ausserdem springt Skype nicht mehr an.

Bin nun hier im Forum wie es scheint an die richtigen Experten geraten. Habe auch schon etwas gestoebert und bereits den OTL durchlaufen lassen, anbei das Protokoll.

Kann hier jemand bitte helfen??OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.04.2011 19:40:36 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Daniel\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 113,00 Mb Available Physical Memory | 11,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 36,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147,58 Gb Total Space | 81,00 Gb Free Space | 54,88% Space Free | Partition Type: NTFS
Drive F: | 939,75 Mb Total Space | 659,34 Mb Free Space | 70,16% Space Free | Partition Type: FAT
 
Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Daniel\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - c:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\PDFCreator\PDFCreator.exe (pdfforge  hxxp://www.pdfforge.org/)
PRC - C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\USB 2.0 WebCam Device\Monitor.exe ()
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Utilities\KeNotify.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Daniel\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (LiveUpdate Notice Ex) --  File not found
SRV - (CLTNetCnService) --  File not found
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (jswpsapi) -- C:\Program Files\Jumpstart\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Ca522bv) -- C:\Windows\System32\drivers\Ca522Bv.sys (Digital Camera)
DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (Cdralw2k) -- C:\Windows\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\Windows\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (pfc) -- C:\Windows\System32\drivers\pfc.sys (Padus, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.toshibadirect.com/dpdstart
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.toshibadirect.com/dpdstart
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.2.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=NRO&o=101917&locale=en_DE&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.02.13 18:42:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.25 23:56:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.25 23:56:46 | 000,000,000 | ---D | M]
 
[2009.08.11 20:19:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions
[2011.04.27 19:34:29 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\5r2llr05.default\extensions
[2010.04.27 20:37:20 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\5r2llr05.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.28 19:13:01 | 000,000,000 | -H-D | M] (20-20 3D Viewer) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\5r2llr05.default\extensions\2020Player@2020Technologies.com
[2011.03.21 22:05:53 | 000,000,000 | -H-D | M] (Nero Toolbar) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\5r2llr05.default\extensions\toolbar@ask.com
[2010.12.11 01:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.02.13 18:42:47 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HWSetup]  File not found
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [jswtrayutil]  File not found
O4 - HKLM..\Run: [KeNotify] C:\Program Files\Toshiba\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [NDSTray.exe]  File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [{294248DF-502E-BC57-8FF0-40354ACB9BF0}] C:\Users\Daniel\AppData\Roaming\Ihtox\ydeq.exe ()
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [ukfaLIXCpkTKHl]  File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} hxxp://www.streamplug.com/StreamPlug/beta/SP.cab (StreamPlug Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} hxxp://85.89.171.5/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1211772359 (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.234.128.7 195.234.128.16 85.233.58.60
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.03.27 20:10:34 | 000,008,546 | RHS- | M] () - F:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.15 23:53:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.04.15 19:47:43 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.15 19:47:41 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.15 19:46:20 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.15 19:46:19 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.15 19:46:19 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.15 19:46:18 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.15 19:46:16 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.15 19:46:15 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.15 19:46:11 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.15 19:46:10 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.15 19:46:10 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.15 19:46:09 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.15 19:46:07 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.15 19:46:07 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.15 19:46:07 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.15 19:46:07 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.15 19:46:07 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.15 19:46:07 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.15 19:46:06 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.15 19:45:24 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.15 19:45:23 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.15 19:45:12 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.15 19:45:05 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.15 19:44:56 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.15 19:44:55 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.08 18:47:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\Skype Extras
[2011.03.29 20:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.03.29 20:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011.03.29 20:18:44 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Daniel\Desktop\*.tmp files -> C:\Users\Daniel\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.27 19:16:10 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.27 19:16:09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.27 19:15:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.27 19:15:20 | 1063,706,624 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.17 18:36:06 | 000,085,504 | -H-- | M] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.16 00:07:34 | 000,326,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.15 23:54:50 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.15 23:54:50 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.08 19:03:00 | 000,231,808 | -H-- | M] () -- C:\Users\Daniel\Desktop\Lake House.jpg
[2011.04.06 21:14:42 | 000,001,908 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011.04.06 21:14:42 | 000,001,406 | -H-- | M] () -- C:\Users\Daniel\Desktop\DivX Movies.lnk
[2011.03.29 20:18:49 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Daniel\Desktop\*.tmp files -> C:\Users\Daniel\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.08 19:02:59 | 000,231,808 | -H-- | C] () -- C:\Users\Daniel\Desktop\Lake House.jpg
[2011.03.29 20:18:49 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.02.14 21:32:49 | 000,000,680 | -H-- | C] () -- C:\Users\Daniel\AppData\Local\d3d9caps.dat
[2010.12.04 00:00:28 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.12.04 00:00:27 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.12.04 00:00:25 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.12.04 00:00:24 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.12.04 00:00:23 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.03.13 14:41:14 | 000,000,159 | -H-- | C] () -- C:\Users\Daniel\AppData\Roaming\default.rss
[2009.09.11 12:54:04 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.11 12:54:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.21 21:28:07 | 000,032,768 | ---- | C] () -- C:\Windows\URCACM.EXE
[2008.08.30 19:51:17 | 000,000,099 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008.08.30 19:51:16 | 000,077,416 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008.08.30 19:51:16 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008.08.30 19:51:16 | 000,023,415 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008.08.30 19:51:16 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008.08.30 19:51:16 | 000,012,551 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008.08.30 19:51:16 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2008.08.30 19:51:16 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008.08.30 19:51:16 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008.08.30 19:51:16 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008.08.30 19:51:16 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008.08.30 19:51:16 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008.08.30 19:51:16 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2008.08.30 19:51:16 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2008.08.30 19:51:16 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008.08.30 19:49:13 | 000,000,027 | ---- | C] () -- C:\Windows\CDE P34903590GD.ini
[2008.08.12 12:49:32 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.07.02 22:48:04 | 000,002,942 | ---- | C] () -- C:\Windows\Dext522b.ini
[2008.06.24 05:15:40 | 000,134,162 | ---- | C] () -- C:\Windows\hpwins10.dat.temp
[2008.06.24 05:15:40 | 000,001,042 | ---- | C] () -- C:\Windows\hpwmdl10.dat.temp
[2008.05.27 03:08:50 | 000,133,846 | ---- | C] () -- C:\Windows\hpwins10.dat
[2008.05.27 03:08:37 | 000,010,385 | ---- | C] () -- C:\Windows\hpwscr10.dat
[2008.05.27 03:08:37 | 000,001,042 | ---- | C] () -- C:\Windows\hpwmdl10.dat
[2008.05.26 03:26:41 | 000,002,905 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008.05.26 01:03:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.05.23 16:28:05 | 000,085,504 | -H-- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.05.22 05:57:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.05.22 05:30:52 | 000,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2008.05.22 05:30:52 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008.02.20 21:16:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.02.20 21:16:48 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.02.20 21:16:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.02.20 21:16:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.02.20 21:16:48 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.02.20 21:16:48 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008.02.20 21:03:54 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2008.02.20 21:03:54 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2008.02.20 21:03:54 | 000,000,016 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2008.02.19 04:43:23 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008.02.19 04:36:45 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2008.02.19 04:33:34 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008.02.19 04:33:34 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008.02.19 04:33:34 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008.02.19 04:33:34 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008.02.19 03:31:59 | 000,157,040 | ---- | C] () -- C:\Windows\fdbpinger.exe
[2007.12.22 02:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2007.09.27 20:48:10 | 000,014,100 | ---- | C] () -- C:\Windows\twspmm.ini
[2007.09.14 00:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007.09.14 00:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007.09.14 00:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007.09.14 00:11:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007.06.29 02:01:48 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2007.05.10 03:39:28 | 000,003,584 | ---- | C] () -- C:\Windows\System32\CNCFLdNL.DLL
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,326,088 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.11.24 00:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005.07.23 07:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.04.2011 19:40:37 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Daniel\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 113,00 Mb Available Physical Memory | 11,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 36,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147,58 Gb Total Space | 81,00 Gb Free Space | 54,88% Space Free | Partition Type: NTFS
Drive F: | 939,75 Mb Total Space | 659,34 Mb Free Space | 70,16% Space Free | Partition Type: FAT
 
Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F4E4FCB7-C4F1-4D4B-A161-9F1482C3DF5A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{087F007B-2697-4B8C-BC19-A43CEFF8B1B2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{09FDA0D4-422C-4F29-B063-92BB3C49EE9F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{1C3B3E7A-6B82-41F2-8529-958161A37A84}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{26325FC0-322E-4B07-BF3D-C479991E2567}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{727E16A4-349A-43F7-8175-BB3DCFA0F798}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 
"{9C2AEFCC-321B-4201-880E-014072B6BF70}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BCE65ED8-1235-4E5B-BF8E-836FB4028CF4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D5E8DBB3-5209-4031-B47D-B38A1A96C4EE}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{DFE66648-A3A3-4BF7-9C06-41CCF1146675}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 
"{F71315CA-336E-4510-AAC5-DCA491CE8043}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{26942D8B-1279-4EC6-B4E7-90099A31E2F4}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{335745EB-39F5-4E97-9BB5-9D9F855C4159}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{3E9585E5-46C7-4926-8A4A-830C281ED3D2}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{777D5718-96A5-4E3C-8455-BB5AB11D1695}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{1730A53C-26E4-49FD-AFC0-508346493871}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{B0AE12AD-4D1F-4159-90FF-0255D0CA8B83}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{D26C94C0-2ED6-40EB-92BF-E4B9D07DC3CA}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{E513FAD9-6017-4BE5-8A0A-FF242305B04C}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{03240EBA-04F2-4652-BC7F-B055902BDCD3}" = Memeo AutoBackup
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C43EAE7-22C0-4b33-ABFB-3757ECA5FD7B}" = HP Officejet All-In-One Series
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BA976E-38B8-4C63-990C-50999C8C3521}" = BPD_Scan
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7f029c76-d6d8-44d6-93ed-33765e45d3e9}" = Nero 9 Trial
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84B2CF01-194D-2284-B313-F2E0D78D1031}" = Nero 7 Demo
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D41D7FEA-DE6E-4305-B86C-8D332391D534}" = USB 2.0 WebCam Device
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows Driver Package - Nokia Modem  (10/07/2010 4.6)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"E5372C32E8562C76C24DBA6525002B1031495F34" = Windows Driver Package - Nokia Modem  (06/09/2010 7.01.0.8)
"ElsterFormular für Privatanwender 12.1.1.6214p" = ElsterFormular für Privatanwender
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{03240EBA-04F2-4652-BC7F-B055902BDCD3}" = Memeo AutoBackup
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{D41D7FEA-DE6E-4305-B86C-8D332391D534}" = USB 2.0 WebCam Device
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.6.0
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"netrcacm Uninstall" = RCA Digital Cable Modem
"Nokia PC Suite" = Nokia PC Suite
"Picasa2" = Picasa 2
"RealPlayer 6.0" = RealPlayer
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"VLC media player" = VideoLAN VLC media player 0.8.6h
"WildTangent toshiba Master Uninstall" = TOSHIBA Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinPcapInst" = WinPcap 4.0.1
"ZoneAlarm" = ZoneAlarm
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 19.07.2010 14:19:49 | Computer Name = Daniel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 19.07.2010 14:19:49 | Computer Name = Daniel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 19.07.2010 15:56:49 | Computer Name = Daniel-PC | Source = Application Hang | ID = 1002
Description = The program Skype.exe version 4.2.0.169 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Problem Reports and Solutions control panel.  Process 
ID: 590  Start Time: 01cb276e3d253569  Termination Time: 60000
 
Error - 20.07.2010 14:20:04 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.07.2010 14:08:10 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.07.2010 13:58:24 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.07.2010 14:46:12 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.07.2010 05:44:08 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.07.2010 12:00:41 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.07.2010 16:19:25 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 16.04.2011 12:44:19 | Computer Name = Daniel-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 415
 seconds with 360 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 27.04.2011 13:50:30 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 27.04.2011 13:50:30 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 27.04.2011 13:50:31 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 27.04.2011 13:50:31 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 27.04.2011 13:50:32 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 27.04.2011 13:50:32 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 27.04.2011 13:50:33 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 27.04.2011 13:50:33 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 27.04.2011 13:50:34 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 27.04.2011 13:50:34 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7001
Description = 
 
 
< End of report >
         
--- --- ---

Geändert von danMUC (27.04.2011 um 19:47 Uhr)

Alt 28.04.2011, 19:48   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Kazy.mekml.1 e ...welch ein Aerger - Standard

TR/Kazy.mekml.1 e ...welch ein Aerger



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________

__________________

Alt 28.04.2011, 21:00   #3
danMUC
 
TR/Kazy.mekml.1 e ...welch ein Aerger - Standard

TR/Kazy.mekml.1 e ...welch ein Aerger



Hallo Arne, hier die Malware Logs. Habe die gefundenen Probleme bereits beseitigen lassen und Restart durchgefuhert. Leider sind immer noch alle Dateien und Icons unsichtbar. Immerhin, AntiVir gibt jetzt erstmal Ruhe. Ausserdem habe ich schon ZoneAlarm deinstalliert, da ich bereits in einem anderen Thread gelesen habe, dass dieser eher kontraproduktiv sein kann.

Schonmal Vielen Dank fuer Deine Hilfe!
__________________

Alt 29.04.2011, 08:10   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Kazy.mekml.1 e ...welch ein Aerger - Standard

TR/Kazy.mekml.1 e ...welch ein Aerger



Zitat:
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
ZoneAlarm und andere sinnfreie PFWs sollte man nicht installieren.
Bitte zuerst das kontraproduktive ZoneAlarm deinstallieren und die Windows-Firewall einschalten.
Starte den Rechner neu und mach frische OTL-Logs.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 29.04.2011, 19:29   #5
danMUC
 
TR/Kazy.mekml.1 e ...welch ein Aerger - Standard

TR/Kazy.mekml.1 e ...welch ein Aerger



Hi, ZoneAlarm sollte nun entfernt sein. Windows firewall dafuer wieder aktiv. Anbei die frischen OTL Logs.

Nebenbei: Skype klappt immer noch zusammen mit der Meldung "Windows has stopped working Skype" und nun werde ich auch mit Mozilla immer wieder auf andere WebSites umgeleitet... Kann fuer all die Problemchen die Ursache die gleiche sein?

Gruesse,
Daniel


Alt 29.04.2011, 21:10   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Kazy.mekml.1 e ...welch ein Aerger - Standard

TR/Kazy.mekml.1 e ...welch ein Aerger



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O4 - HKLM..\Run: [jswtrayutil]  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.03.27 20:10:34 | 000,008,546 | RHS- | M] () - F:\autorun.inf -- [ FAT ]
[2011.04.27 22:10:28 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
--> TR/Kazy.mekml.1 e ...welch ein Aerger

Alt 30.04.2011, 15:30   #7
danMUC
 
TR/Kazy.mekml.1 e ...welch ein Aerger - Standard

TR/Kazy.mekml.1 e ...welch ein Aerger



Habe den OTL fix wie von Dir beschrieben ausgefuehrt. Log anbei.

Icons und persoenliche Dateien sind wieder da, wenn auch 'unsichtbar'. Skype mag aber immer noch nicht laufen.

Soweit schonmal Danke! Was als naechstes?

Alt 01.05.2011, 12:47   #8
danMUC
 
TR/Kazy.mekml.1 e ...welch ein Aerger - Standard

TR/Kazy.mekml.1 e ...welch ein Aerger



Nun sind die Icons und persoenliche Daten wieder weg...

Alt 01.05.2011, 14:44   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Kazy.mekml.1 e ...welch ein Aerger - Standard

TR/Kazy.mekml.1 e ...welch ein Aerger



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.05.2011, 18:11   #10
danMUC
 
TR/Kazy.mekml.1 e ...welch ein Aerger - Standard

TR/Kazy.mekml.1 e ...welch ein Aerger



Hi, ich kriege das Kaspersky Tool nicht zum laufen. Habe es auf dem Desktop, wenn ich es dann als Admin ausfuehren moechte kommt erst die Account Control Abfrage, die ich bestaetige/zulasse, nur passiert dann danach gar nichts mehr/alles weiterhin ruhig... (auch der Task Manager zeigt nicht an das irgendeine Anwendung laeuft) - habe bereits die Datei auch direkt von der Kaspersky Homepage runtergeladen, da ich zunaechst dachte, es koennte vielleicht an der Datei liegen, nur leider das gleiches Ergebnis.


Alt 02.05.2011, 09:35   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Kazy.mekml.1 e ...welch ein Aerger - Standard

TR/Kazy.mekml.1 e ...welch ein Aerger



Dann bitte jetzt CF ausführen, probier den tdsskiller danach nochmal.

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 02.05.2011, 20:05   #12
danMUC
 
TR/Kazy.mekml.1 e ...welch ein Aerger - Icon22

TR/Kazy.mekml.1 e ...welch ein Aerger



Hi Arne, habe es nun beim zweiten Versuch geschafft die Tools in der richtigen Reihenfolge auszufuehren. Anbei die Logs.
Allgemein scheinen die Prozesse wieder schneller geworden zu sein und auch Skype laeuft nun schon wieder.

Ist noch etwas zu tun?

Alt 02.05.2011, 20:50   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Kazy.mekml.1 e ...welch ein Aerger - Standard

TR/Kazy.mekml.1 e ...welch ein Aerger



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.05.2011, 18:52   #14
danMUC
 
TR/Kazy.mekml.1 e ...welch ein Aerger - Standard

TR/Kazy.mekml.1 e ...welch ein Aerger



Hi Arne, nach wie vor: Vielen Dank fuer Deine Hilfe!

Anbei die drei Logs.

Hoffe ich hab alles richtig gemacht.

Gruesse, D.

Alt 04.05.2011, 19:02   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Kazy.mekml.1 e ...welch ein Aerger - Standard

TR/Kazy.mekml.1 e ...welch ein Aerger



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu TR/Kazy.mekml.1 e ...welch ein Aerger
32 bit, antivir, autorun, avgntflt.sys, avira, bho, bonjour, desktop, error, excel, firefox, flash player, home, install.exe, installation, location, logfile, microsoft office word, monitor.exe, mozilla, object, office 2007, officejet, oldtimer, picasa, plug-in, problem, realtek, registry, rundll, saver, scan, sched.exe, security, security update, shell32.dll, skype.exe, software, start menu, svchost.exe, symantec, usb 2.0, vista



Ähnliche Themen: TR/Kazy.mekml.1 e ...welch ein Aerger


  1. TR/Kazy.mekml.1 ; 'TR/FakeSysdef.A.621 ; 'TR/Kazy.22847'..
    Log-Analyse und Auswertung - 15.05.2011 (33)
  2. Kazy.mekml.1
    Log-Analyse und Auswertung - 09.05.2011 (19)
  3. TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 04.05.2011 (19)
  4. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 02.05.2011 (2)
  5. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (37)
  6. TR/Kazy.mekml.1 - OTL Fix?
    Log-Analyse und Auswertung - 01.05.2011 (17)
  7. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (10)
  8. TR/kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 29.04.2011 (10)
  9. TR/kazy.mekml.1
    Mülltonne - 26.04.2011 (0)
  10. TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 26.04.2011 (1)
  11. Osterei: TR/Kazy.mekml.1 und TR/Kazy.20364
    Log-Analyse und Auswertung - 25.04.2011 (1)
  12. tr/kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 23.04.2011 (9)
  13. kazy.mekml.1
    Log-Analyse und Auswertung - 23.04.2011 (3)
  14. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (6)
  15. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (11)
  16. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 20.04.2011 (6)
  17. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 18.04.2011 (4)

Zum Thema TR/Kazy.mekml.1 e ...welch ein Aerger - Hallo, Habe mir auch den TR/Kazy.mekml.1 eingefangen. Nach den enstrpechenden AntVir-Meldungen die jeweiligen Dateien geloescht, hat aber nichts gebracht. Alles persoenlichen Dateien sind unsichtbar, Icons weg und Desktop schwarz. Ausserdem - TR/Kazy.mekml.1 e ...welch ein Aerger...
Archiv
Du betrachtest: TR/Kazy.mekml.1 e ...welch ein Aerger auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.