Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Festplatten-Fehlermeldungen, Desktop schwarz, Dateien verschwunden, wohl auch TR/Kazy.mekml.1

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.04.2011, 21:50   #1
klfreaky
 
Festplatten-Fehlermeldungen, Desktop schwarz, Dateien verschwunden, wohl auch TR/Kazy.mekml.1 - Standard

Festplatten-Fehlermeldungen, Desktop schwarz, Dateien verschwunden, wohl auch TR/Kazy.mekml.1



Ich habe bei anderen Themen schon geschaut und Malwarebytes durchlaufen lassen. Die gefundenen Dateien 3, habe ich gelöscht. Malwarebytes hat dann nichts mehr gefunden. Unhide habe ich auch ausgeführt. So habe ich es zumindest geschafft, dass nicht ständig ein eustart gemacht wird. Weiter komme ich nicht da ich ja wohl für OTL ein eigenes Fix brauche. Im moment ist nur noch der Desktop schwarz und nicht alle Symbole werden angezeigt wie zb. Papierkorb.
CCleaner habe ich auch schon durchlaufen lassen.

Im Anhang aktuelle OTL.txt und extra.txt

Alt 28.04.2011, 00:04   #2
kira
/// Helfer-Team
 
Festplatten-Fehlermeldungen, Desktop schwarz, Dateien verschwunden, wohl auch TR/Kazy.mekml.1 - Standard

Festplatten-Fehlermeldungen, Desktop schwarz, Dateien verschwunden, wohl auch TR/Kazy.mekml.1



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
Zitat:
Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems
Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Babylon - ist noch installiert?

2.
Code:
ATTFilter
Conduit Engine <- wurde vermutlich ungefragt installiert
         
Braucht kein Mensch, kannst deinstallieren

3.
bin ich mir nicht sicher, ob Du absichtlich installiert hast, da oft mit andere Programm wird mitinstalliert bzw angeboten (vermutlich durch Adobe Reader):
Code:
ATTFilter
McAfee Security Scan Plus
         
obwohl selbst die Programmierer/hersteller ein sehr gute Ruf hat, durch dieses "Helferprinzip" wird dein PC nicht noch mehr geschützt, aber beeinträchtigt die Systemleistung

Bestandteile der Standardinstallation vieler Freeware-Programme und teilweise sogar von kostenpflichtigen Programmen. Daher:
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.


4.
wenn du keinen Proxyserver lokal installiert hast, nimm die Proxyeinstellungen aus den Interneteinstellungen raus
im Firefox: Proxyeinstellungen fr Mozilla Firefox
über das Menü Extras-> Einstellungen-> klicke auf den Reiter "Erweitert"-> Netzwerk-> bei "Verbindung" schauen

im Internet Explorer::-> Ändern von Proxyeinstellungen in Internet Explorer
über das Menü Extras-> Internetoptionen-> Verbindungen-> den Unterpunkt LAN-Einstellungen
Code:
ATTFilter
h**p=127.0.0.1:64343
         
5.
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} -  File not found
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2011.04.18 22:28:48 | 000,000,000 | ---D | C] -- C:\Users\uwe\ijqjtnld
[2011.04.18 22:28:17 | 000,000,000 | ---D | C] -- C:\Users\uwe\AppData\Roaming\Ymik
[2011.04.18 22:28:17 | 000,000,000 | ---D | C] -- C:\Users\uwe\AppData\Roaming\Ykcyew
[2011.04.27 19:04:48 | 000,000,336 | ---- | M] () -- C:\ProgramData\28499720
[2011.04.27 18:50:03 | 000,000,184 | ---- | M] () -- C:\ProgramData\~41148168
[2011.04.27 18:50:03 | 000,000,152 | ---- | M] () -- C:\ProgramData\~41148168r
[2011.04.27 18:50:01 | 000,000,336 | ---- | M] () -- C:\ProgramData\41148168

:Commands
[purity]
[emptytemp]
[resethosts]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

6.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

7.
Erneut ein OTL-Log erstellen und posten:-> OTL-Anleitung

8.
Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen:
Code:
ATTFilter
C:\Qoobox 
oder C:\ComboFix.txt
Malwarebytes
TDSSKiller
         
Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
Coverflow
__________________

__________________

Alt 28.04.2011, 02:43   #3
klfreaky
 
Festplatten-Fehlermeldungen, Desktop schwarz, Dateien verschwunden, wohl auch TR/Kazy.mekml.1 - Standard

Festplatten-Fehlermeldungen, Desktop schwarz, Dateien verschwunden, wohl auch TR/Kazy.mekml.1



Vielen Dank schon einmal für die hilfe und Anleitung!

Zu 1.
Das ist nicht mein Laptop und ich kann somit nicht sagen ob Babylon extra drauf ist oder nicht. Genauso wie die ganzen Toolbars (die Nerven)

Zu 2.
Das conduit lasse ich mal, braucht er vieleicht für ältere spiele!

Zu 3.
McAfee Security Scan Plus habe ich deinstalliert, er hat Antivir Personal laufen.

Zu 4.
Ist kein Proxi installiert IE steht auf AUTO und Firefox auf kein

Zu 5.
Fix habe ich gemacht!

Zu 6.
Installierte Programme von CCleaner
Code:
ATTFilter
ABBYY FineReader 6.0 Sprint	ABBYY Software House	06.02.2010	116,2MB
Activation Assistant for the 2007 Microsoft Office suites	Microsoft Corporation	27.03.2009	14,0MB
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	06.03.2011	
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	03.08.2010	
Adobe Reader 8.1.2 - Deutsch	Adobe Systems Incorporated	12.08.2008	99,6MB
Adobe Shockwave Player 11.5	Adobe Systems, Inc.	24.04.2009	7,50MB
Akamai NetSession Interface		13.01.2011	13,5MB
Atheros Driver Installation Program	Atheros	27.03.2009	11,1MB
Atheros Wi-Fi Protected Setup Library	Atheros	27.03.2009	3,99MB
Avira AntiVir Personal - Free Antivirus	Avira GmbH	26.04.2011	129,1MB
CCleaner (remove only)	Piriform	04.08.2009	2,63MB
CD/DVD Drive Acoustic Silencer	TOSHIBA	12.08.2008	0,59MB
Cisco EAP-FAST Module	Cisco Systems, Inc.	27.03.2009	1,04MB
Cisco LEAP Module	Cisco Systems, Inc.	27.03.2009	1,04MB
Cisco PEAP Module	Cisco Systems, Inc.	27.03.2009	0,85MB
Compatibility Pack für 2007 Office System	Microsoft Corporation	13.04.2011	39,9MB
Conduit Engine	Conduit Ltd.	06.02.2011	3,82MB
Favorit		24.07.2009	
Firstload	Firstload.net	05.02.2011	7,79MB
Google Desktop	Google	26.04.2011	16,9MB
Google Gears	Google	05.03.2010	9,05MB
Google Toolbar for Internet Explorer	Google Inc.	26.02.2011	7,75MB
HDAUDIO Soft Data Fax Modem with SmartCP	Conexant	27.03.2009	1,27MB
Intel(R) Graphics Media Accelerator Driver	Intel Corporation	27.03.2009	
Intel® Matrix Storage Manager	Intel Corporation	27.03.2009	37,3MB
Java(TM) 6 Update 22	Oracle	04.08.2010	94,9MB
Lexmark		12.08.2008	
Lexmark 5600-6600 Series	Lexmark International, Inc.	06.02.2010	144,5MB
Lexmark Symbolleiste		07.02.2010	4,63MB
Lexmark Tools for Office		06.02.2010	0,30MB
Malwarebytes' Anti-Malware	Malwarebytes Corporation	26.04.2011	3,90MB
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	09.04.2009	37,0MB
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	31.03.2009	37,0MB
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	14.09.2010	120,3MB
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	14.09.2010	24,5MB
Microsoft LifeCam	Microsoft Corporation	02.01.2011	50,0MB
Microsoft Office Home and Student 2007	Microsoft Corporation	30.07.2010	297,3MB
Microsoft Office PowerPoint Viewer 2007 (German)	Microsoft Corporation	13.04.2011	34,7MB
Microsoft Silverlight	Microsoft Corporation	21.04.2011	60,0MB
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	25.12.2010	1,74MB
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	30.07.2010	0,25MB
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	27.03.2009	0,41MB
Microsoft Visual C++ 2005 Redistributable - KB2467175	Microsoft Corporation	13.04.2011	0,29MB
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	13.04.2011	0,58MB
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	26.08.2009	0,58MB
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	24.05.2010	0,58MB
Microsoft Works	Microsoft Corporation	16.12.2010	376,7MB
Mozilla Firefox (3.6.16)	Mozilla	23.03.2011	27,7MB
MSXML 4.0 SP2 (KB941833)	Microsoft Corporation	12.08.2008	1,28MB
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	31.03.2009	1,29MB
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	25.11.2009	1,35MB
myphotobook 3.6	myphotobook	27.03.2009	18,7MB
NetWaiting	BVRP Software, Inc	27.03.2009	5,23MB
Personal ID	coolspot AG	25.01.2011	1,19MB
PriceGong 2.1.0	PriceGong	03.08.2010	0,75MB
RealPlayer	RealNetworks	13.11.2010	92,6MB
Realtek 8169 8168 8101E 8102E Ethernet Driver	Realtek	12.08.2008	1,50MB
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	27.03.2009	21,6MB
Realtek USB 2.0 Card Reader	Realtek Semiconductor Corp.	12.08.2008	3,07MB
Skype™ 4.2	Skype Technologies S.A.	24.07.2010	31,8MB
Synaptics Pointing Device Driver	Synaptics	27.04.2011	13,9MB
TOSHIBA Assist	TOSHIBA	12.08.2008	1,17MB
TOSHIBA Benutzerhandbücher	TOSHIBA	27.03.2009	4,03MB
TOSHIBA ConfigFree	TOSHIBA Corporation	12.08.2008	73,8MB
TOSHIBA Disc Creator	TOSHIBA Corporation	12.08.2008	9,71MB
TOSHIBA DVD PLAYER	TOSHIBA Corporation	27.03.2009	22,7MB
TOSHIBA Extended Tiles for Windows Mobility Center	Toshiba	12.08.2008	1,28MB
TOSHIBA Hardware Setup		27.03.2009	2,98MB
Toshiba Online Product Information	TOSHIBA	12.08.2008	5,51MB
TOSHIBA Recovery Disc Creator	TOSHIBA	12.08.2008	2,54MB
TOSHIBA Supervisor Password		27.03.2009	3,00MB
Toshiba TEMPRO	Toshiba Europe GmbH	12.08.2008	8,25MB
TOSHIBA Value Added Package	TOSHIBA Corporation	27.03.2009	52,00KB
TRDCReminder	TOSHIBA	12.08.2008	0,38MB
TRORDCLauncher	TOSHIBA	12.08.2008	3,35MB
Unity Web Player	Unity Technologies ApS	30.11.2010	80,00KB
Verbindungsassistent	Verbindungsassistent	22.07.2010	26,4MB
VLC media player 1.1.7	VideoLAN	10.02.2011	49,5MB
Windows Live Essentials	Microsoft Corporation	12.08.2008	
Windows Live Mesh ActiveX control for remote connections	Microsoft Corporation	25.12.2010	5,58MB
Windows Media Encoder 9 Series		12.08.2008	13,6MB
         
Zu 7.
OTL.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.04.2011 03:04:59 - Run 4
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\xxx\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,37 Gb Total Space | 3,98 Gb Free Space | 5,35% Space Free | Partition Type: NTFS
Drive E: | 73,21 Gb Total Space | 68,53 Gb Free Space | 93,61% Space Free | Partition Type: NTFS
 
Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.04.27 19:57:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
PRC - [2011.04.27 17:52:47 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.24 17:26:42 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.03.19 15:33:50 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.14 05:19:46 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2010.11.02 17:49:22 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.10.28 19:20:49 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.03 12:45:11 | 000,296,400 | ---- | M] () -- C:\Programme\Verbindungsassistent\WTGService.exe
PRC - [2008.07.18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008.05.23 14:58:34 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxducoms.exe
PRC - [2008.04.24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Programme\Toshiba TEMPRO\TempoSVC.exe
PRC - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008.02.06 15:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2008.01.17 17:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.27 19:57:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.04.27 17:52:47 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.31 09:46:30 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Programme\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai)
SRV - [2011.03.19 15:33:50 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009.03.03 12:45:11 | 000,296,400 | ---- | M] () [Auto | Running] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService)
SRV - [2008.07.18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008.05.23 14:58:34 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxducoms.exe -- (lxdu_device)
SRV - [2008.04.24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008.04.16 16:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Programme\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008.02.06 15:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2008.01.21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.17 17:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.19 15:33:51 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.23 17:39:29 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.05.20 16:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.10.16 20:35:58 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008.10.09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.07.24 18:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008.07.24 11:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.07.18 19:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008.05.19 20:42:56 | 000,912,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.04.28 17:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2007.11.09 15:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.10.17 22:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.11.20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.10.18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/home?AF=17434
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:64343
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17434"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/home?AF=17434"
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3
FF - prefs.js..extensions.enabledItems: adapter@babylontc.com:1.0.0.1
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=adbartrp&AF=17434&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 17:44:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.11.14 05:20:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.27 18:35:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 17:26:48 | 000,000,000 | ---D | M]
 
[2011.03.10 19:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions
[2011.04.27 23:52:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\o7e7khfk.default\extensions
[2011.03.10 20:55:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\o7e7khfk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.18 11:59:45 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\o7e7khfk.default\extensions\ffxtlbr@babylon.com
[2011.04.18 17:54:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.04.18 17:54:32 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\Programme\Mozilla Firefox\extensions\adapter@babylontc.com
[2010.03.06 17:44:30 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2011.04.18 17:54:32 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\ADAPTER@BABYLONTC.COM
[2010.08.04 22:24:06 | 000,000,000 | ---D | M] (PriceGong) -- C:\PROGRAM FILES\PRICEGONG\2.1.0\FF
[2010.11.14 05:20:28 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011.03.24 17:26:45 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.04.18 17:54:22 | 000,002,226 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
[2011.03.24 17:26:45 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.28 18:14:06 | 000,002,040 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fcmdSrchstonicde.xml
[2011.03.24 17:26:45 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.24 17:26:45 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.24 17:26:45 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.04.28 01:42:07 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} -  File not found
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -  File not found
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} -  File not found
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Personal ID] C:\Programme\coolspot AG\Personal ID\pid.exe (coolspot AG, Düsseldorf)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -  File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} -  File not found
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} -  File not found
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} -  File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} -  File not found
O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\xxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\xxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.28 03:03:47 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2011.04.28 02:40:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.04.28 02:39:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.04.28 02:30:38 | 000,000,000 | ---D | C] -- C:\cofi7299c
[2011.04.28 02:29:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.04.28 02:10:31 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\xxx\Desktop\tdsskiller.exe
[2011.04.28 01:46:34 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{BB5B51BE-0F95-4961-8C19-DD27ACD1314B}
[2011.04.28 01:33:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.04.27 21:40:32 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\temp
[2011.04.27 21:31:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.04.27 21:31:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.04.27 21:31:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.04.27 21:30:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.04.27 21:30:57 | 000,000,000 | ---D | C] -- C:\cofi
[2011.04.27 21:29:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.04.27 18:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Desktop
[2011.04.27 17:59:13 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011.04.27 17:59:13 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011.04.27 17:59:09 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.04.27 10:58:11 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{A5C31070-455E-4AD5-A6F5-B4D4A9EE7883}
[2011.04.26 22:57:40 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{BD15CC27-35C2-4474-9D4A-8A7E8AD63A98}
[2011.04.26 10:57:16 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{D56CD24E-821F-413A-8714-D85E718862DF}
[2011.04.25 17:21:11 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{056E83B0-7E01-456D-AC1A-E72CE669964A}
[2011.04.24 20:07:38 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{F088292F-809D-4FD2-992D-488C640A402C}
[2011.04.23 12:08:24 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{C2F96D8E-394C-4CCA-856D-57EE20825480}
[2011.04.23 00:08:02 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{64C06B1A-0C7A-482D-8FC6-798F1E448D0C}
[2011.04.22 12:07:51 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{F25D85AA-FDDA-49B9-85CA-8003459BEBDD}
[2011.04.22 00:07:28 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{723796D2-8716-4CF9-80C6-6720D6F00F2D}
[2011.04.21 12:06:53 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{7C7C7CAA-4044-438B-B3D7-5DB941EC97F0}
[2011.04.20 12:06:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{2D08EB9D-B7C1-4C39-850D-AE8E762BCB04}
[2011.04.18 22:14:49 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{D6327E97-B5A0-4617-A6A8-ECED090870E8}
[2011.04.18 17:55:02 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Babylon
[2011.04.18 12:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.04.18 12:13:35 | 000,000,000 | ---D | C] -- C:\Programme\Skype
[2011.04.18 12:13:35 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2011.04.18 11:59:29 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Babylon
[2011.04.18 11:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2011.04.18 11:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TorrentEasy
[2011.04.18 09:13:12 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{93312FAA-81D5-4E5C-B38F-80DDDA8D9857}
[2011.04.17 13:47:54 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{1BA6099C-800D-42C3-A12E-E3786FACC0EA}
[2011.04.17 01:47:42 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{411CABEF-458D-4D34-A5AE-75929A1CEE76}
[2011.04.16 20:00:51 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{B4CEA97B-ED68-472C-A765-8827EF98B0BE}
[2011.04.16 09:19:55 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{8B33F33F-1698-4531-A890-4C919DF89052}
[2011.04.15 21:19:30 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{E2FBC9AB-00D8-4BFF-9209-F6D65DE5123C}
[2011.04.15 09:17:51 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{42C89B17-08F2-4BF3-A970-E01E9982810A}
[2011.04.14 21:01:44 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{F721DF05-F29E-42DB-9570-28B00AD4D424}
[2011.04.14 08:59:48 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{40A37074-3016-4872-8C97-FB1C8B7BB02A}
[2011.04.13 14:34:05 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.13 14:34:05 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.13 14:34:05 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.13 14:34:05 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.13 14:34:05 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.13 14:34:05 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.13 14:34:05 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.13 14:34:05 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.13 14:34:05 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.13 14:34:05 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.13 14:34:05 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.13 14:34:05 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.13 14:34:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.13 14:34:05 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.13 14:34:04 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.13 14:34:04 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.13 14:34:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.13 14:33:59 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.13 14:33:59 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.13 14:33:45 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.13 14:33:45 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.13 14:33:39 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.13 14:32:00 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.13 14:31:31 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.13 14:31:31 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.11 14:21:30 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{C8AE54E9-537E-4582-AC1D-6FAE2EC70CD0}
[2011.04.10 17:26:59 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{99F9C53F-14D5-4021-BD20-A143D08ADB29}
[2011.04.10 00:27:56 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{4DBF94D4-D1ED-47DF-AF18-89226A06BD76}
[2011.04.08 14:17:52 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{DFACCF0A-B367-4F7E-878E-52C76943DBC4}
[2011.04.07 10:18:17 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{D50B4FEA-4FC9-46C0-884E-5078BAB9601D}
[2011.04.06 09:53:15 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{9BD69A6D-389D-48B1-AAF9-6A74F873AE2A}
[2011.04.05 18:55:27 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{68AD1DC3-4372-4A50-B960-AC072035DFD2}
[2011.04.04 10:44:58 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{16B57D93-79EB-4AE4-8DC6-A9B1750E8CC7}
[2011.04.03 13:08:54 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{70F207AD-B440-4281-9EF6-67EF67DF304B}
[2011.04.03 05:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\fCi31001cBlPc31001
[2011.04.03 01:08:02 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{C3066291-4028-4357-8754-4FDD385397C7}
[2011.03.31 09:50:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{7E6606A9-968B-4895-8E3C-B8E0ACD83CB1}
[2011.03.30 20:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\App4rTemp
[2011.03.30 20:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Lexmark 5600-6600 Series
[2011.03.30 10:37:02 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{5C2E0A05-7CEA-407A-928E-8525519ADC15}
[2011.03.29 18:22:43 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{32242EAA-3812-4306-84FB-CEEFD68DBB36}
[2010.02.07 11:23:38 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDUhcp.dll
[2010.02.07 11:23:37 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxduusb1.dll
[2010.02.07 11:23:37 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxduinpa.dll
[2010.02.07 11:23:37 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxduiesc.dll
[2010.02.07 11:23:36 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxduserv.dll
[2010.02.07 11:23:36 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdupmui.dll
[2010.02.07 11:23:36 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdulmpm.dll
[2010.02.07 11:23:35 | 000,328,360 | ---- | C] ( ) -- C:\Windows\System32\lxduih.exe
[2010.02.07 11:23:34 | 000,679,936 | ---- | C] ( ) -- C:\Windows\System32\lxduhbn3.dll
[2010.02.07 11:23:33 | 000,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxducomc.dll
[2010.02.07 11:23:33 | 000,594,600 | ---- | C] ( ) -- C:\Windows\System32\lxducoms.exe
[2010.02.07 11:23:33 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxducomm.dll
[2010.02.07 11:23:32 | 000,369,320 | ---- | C] ( ) -- C:\Windows\System32\lxducfg.exe
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.28 02:50:23 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.28 02:50:23 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.28 02:50:23 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.28 02:50:23 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.28 02:44:33 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.28 02:44:14 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.28 02:44:14 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.28 02:44:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.28 02:26:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.28 01:42:07 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011.04.28 01:22:07 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{40C0AA4B-0465-45EA-9CB5-383F5F500537}.job
[2011.04.28 01:13:09 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2011.04.27 21:25:35 | 004,331,679 | R--- | M] () -- C:\Users\xxx\Desktop\cofi.exe
[2011.04.27 21:21:15 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\xxx\Desktop\tdsskiller.exe
[2011.04.27 19:57:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2011.04.23 02:34:47 | 000,174,592 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.14 09:24:37 | 000,322,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.28 02:10:36 | 004,331,679 | R--- | C] () -- C:\Users\xxx\Desktop\cofi.exe
[2011.04.28 01:13:09 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2011.04.27 21:31:02 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.04.27 21:31:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.04.27 21:31:02 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.04.27 21:31:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.04.27 21:31:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.03.10 17:35:52 | 000,000,206 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.03.05 23:53:00 | 000,020,867 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\A08C.72C
[2011.02.06 09:46:07 | 002,273,280 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\hping3-20051105.avi
[2010.08.10 14:08:25 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.08.10 14:07:58 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.08.10 14:07:52 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.07.30 09:24:34 | 000,000,000 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\wklnhst.dat
[2010.07.26 06:33:31 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2010.07.25 14:38:00 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.19 04:54:21 | 000,000,039 | ---- | C] () -- C:\Windows\System32\spfid.bin
[2010.05.19 04:54:21 | 000,000,039 | ---- | C] () -- C:\Windows\spfid.bin
[2010.02.07 11:34:14 | 000,360,448 | ---- | C] () -- C:\Windows\System32\lxducoin.dll
[2010.02.07 11:31:56 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxduvs.dll
[2010.02.07 11:29:52 | 001,036,288 | ---- | C] () -- C:\Windows\System32\lxdudrs.dll
[2010.02.07 11:29:52 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxducaps.dll
[2010.02.07 11:29:52 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxducnv4.dll
[2010.02.07 11:29:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXDUPMON.DLL
[2010.02.07 11:29:30 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXDUFXPU.DLL
[2010.02.07 11:29:09 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxduoem.dll
[2010.02.07 11:26:03 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdurwrd.ini
[2010.02.07 11:23:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\LXDUinst.dll
[2010.02.07 11:23:34 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdugrd.dll
[2009.12.03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.09.11 12:51:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.11 12:51:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.27 09:57:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\MSVolumeAD.dll
[2009.07.25 05:27:37 | 000,000,087 | ---- | C] () -- C:\Users\xxx\AppData\Local\ckipdb.bat
[2009.04.07 05:56:42 | 000,174,592 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.01 20:20:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.03.28 16:10:33 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009.03.28 16:10:33 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009.03.28 16:10:33 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009.03.28 16:10:33 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008.12.11 22:38:34 | 000,042,320 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2008.08.13 13:51:12 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008.08.13 13:36:31 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008.08.13 13:36:30 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008.08.13 13:36:29 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.08.13 13:36:27 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008.08.13 12:51:33 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.01.21 10:21:25 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 10:21:25 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 10:21:25 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 10:21:25 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:44:53 | 000,322,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2010.02.08 18:21:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\5600-6600 Series
[2011.04.19 19:35:04 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Babylon
[2009.07.18 09:17:27 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Blumentals
[2011.04.18 12:14:05 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Common Toolkit Suite
[2010.05.18 03:30:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Fighters
[2011.03.24 17:32:57 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Free Download Manager
[2010.06.12 14:53:15 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ICQ
[2010.02.07 14:30:51 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Lexmark Productivity Studio
[2009.09.25 10:18:02 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\myphotobook
[2010.05.22 17:13:20 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Panda Security
[2011.02.07 18:53:21 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Philipp Winterberg
[2011.02.06 08:55:57 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Reviversoft
[2010.05.21 18:12:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Service Installer
[2009.10.27 20:08:08 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Skip-Bo
[2009.03.29 20:56:35 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Toshiba
[2011.01.26 20:22:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Utherverse
[2010.08.14 12:45:23 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Verbindungsassistent
[2010.07.17 09:55:16 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Verimount
[2009.10.27 20:08:01 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Zylom
[2011.04.28 02:43:24 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.04.28 01:22:07 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{40C0AA4B-0465-45EA-9CB5-383F5F500537}.job
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Extras.txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 28.04.2011 03:04:59 - Run 4
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\xxx\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,37 Gb Total Space | 3,98 Gb Free Space | 5,35% Space Free | Partition Type: NTFS
Drive E: | 73,21 Gb Total Space | 68,53 Gb Free Space | 93,61% Space Free | Partition Type: NTFS
 
Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4066D5B3-6957-4BD1-B739-520371FAD9CC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{45A8278A-0F6B-495C-B9A8-7BC0D3E8D0F5}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{4E1D1E6B-7EA9-4F87-BEAE-512A9505B85E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{55F01420-67A1-47B9-A98F-B1987D9693EB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{907E3794-8BC2-4724-8651-99771F88694C}" = lport=49164 | protocol=6 | dir=in | name=akamai netsession interface | 
"{9FE84B0C-E0FE-403C-8F5D-F8A936A29A0A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A736B62C-95BC-4949-8C3F-5A2AF74A0F70}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A7E7AA7C-C7A2-4C22-AA9F-4603767C9B68}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{AE885729-F902-4B44-97AE-684E1CABDC57}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface | 
"{AFA32E8A-79E8-48C1-B231-72039E739A5E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{BED960CC-F002-4F12-A65F-4CF20C73C5C2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C6776E70-DEB3-41FA-BD29-0F244310A4A8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D8151988-C112-4AF9-A369-707C5888EB95}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{DAE4C25F-0895-4179-94BC-CFC37FA2910F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F3F2F002-F955-48C1-B6D5-45C6B473DED5}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F934278D-628F-4E16-8FBA-17306D8B4E5B}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07E8E7B1-A1FF-432D-85EC-1426956AB51E}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{0E4CB067-0310-4643-B845-1F8C0D15A343}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{0FF83EFE-F4D3-4543-B59B-4F4042B36132}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{10CEB0D7-623F-4FBF-8E7F-92DEE7772076}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{14C0D6B0-211F-41CE-95F4-548B82787E60}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{281EA648-A420-41E3-8DD8-B9924CDB89CB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2E9AD379-61C8-41D9-B393-E85519417296}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | 
"{3373E4F9-2E09-4758-A28E-F1F40BD53728}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe | 
"{445E1EB2-B323-4BC4-9DB9-8AFC0B0243E9}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxdufax.exe | 
"{4D6EBABE-BBB4-4EF4-A728-7B8E66B60FCB}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{545A10AE-09E0-4016-A7D5-E5B64AF03597}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{578E75F9-C740-40D2-B6A0-7F2D490ACDE3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5BCD3CCB-7FC7-40B1-AD05-D85960B5BFD7}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe | 
"{7CCAB95A-1503-425F-8387-DBF4F6EF3552}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | 
"{7CFD12E3-AE03-47BD-9F36-D3D779E17CAB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{7F2D1489-5FCD-4224-91B8-BDCC9457D66C}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxdufax.exe | 
"{7F40EB22-3A95-4BB5-ADAA-8DC952C5735A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A6F30EA9-02B4-49A4-B3BC-98180C075F67}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{B7CB1CE2-E771-44E2-B418-8D495E092155}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{C5368BD2-5936-472F-9702-6756AF855B21}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | 
"{C5F78B57-3048-4BA8-9F5B-FDEE030DA38B}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{C69FD5D1-4366-46D5-950C-5945EE335C60}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{CC6D68B4-ACB7-46BD-8C98-8FE59507B118}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe | 
"{DB7095F0-FB9B-4CEA-91EF-DF86978A55C7}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe | 
"{E2FA396C-82A3-4EBF-B209-CB2CEC040C1F}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe | 
"{F563894B-BA76-45FB-9D9E-7ED81197AFC1}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe | 
"{FB19C24A-BBCD-4B13-B2D2-FF44AAAABFE3}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | 
"TCP Query User{0E0E30E9-1727-4326-B087-D683F5768368}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{1BD0DBCB-1690-4D8E-97BF-F5D446E56531}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{2EB36645-23A7-4F92-A996-9321CF26DEC1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{464109E6-C5EC-407F-B180-DBD3562A172F}C:\program files\free download manager\fdm.exe" = protocol=6 | dir=in | app=c:\program files\free download manager\fdm.exe | 
"TCP Query User{5CF4799A-CAF1-482C-8602-7A3CDA18A076}C:\downloads\software\worldofbattles-downloader.exe" = protocol=6 | dir=in | app=c:\downloads\software\worldofbattles-downloader.exe | 
"TCP Query User{6828B123-5453-4178-9163-DE97390562EA}C:\program files\free download manager\fdm.exe" = protocol=6 | dir=in | app=c:\program files\free download manager\fdm.exe | 
"TCP Query User{6916832D-D447-4820-9A53-309E12089571}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{6A2D867A-130D-4A43-8688-834B1AD06ADA}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{6C0A6316-936C-481D-B6E5-AADCB11E21B6}C:\users\xxx\downloads\torrenteasy-mydirtyhobby-com-sexy-cora-11-clips(3).exe" = protocol=6 | dir=in | app=c:\users\xxx\downloads\torrenteasy-mydirtyhobby-com-sexy-cora-11-clips(3).exe | 
"TCP Query User{7E3C1376-5178-4E14-AA9C-510FA3CF51F4}C:\users\xxx\downloads\torrenteasy-sexy-cora-amateurstars-no-1-german-xxx-dvdrip-xvid-chikani.exe" = protocol=6 | dir=in | app=c:\users\xxx\downloads\torrenteasy-sexy-cora-amateurstars-no-1-german-xxx-dvdrip-xvid-chikani.exe | 
"TCP Query User{9748DFF3-7C36-4271-B23D-A7E5AF59C3CC}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{ACF49F89-5BE9-4C9C-A348-44282B9641EA}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{BD27A21A-E07F-41BF-9BFF-1F3898D88B01}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{E7BEAEA7-56E8-4FDC-AC8F-5B65C3B640B1}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{08DE349D-DACF-4C08-BE4D-9738D019C84C}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{1FD93BBB-7653-4DD2-AC60-3DC3B8F298DF}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{276C1929-E7FD-48B4-938C-F243470EB143}C:\program files\free download manager\fdm.exe" = protocol=17 | dir=in | app=c:\program files\free download manager\fdm.exe | 
"UDP Query User{33DC54AB-D7D7-4E50-B5E9-F11228A5E24F}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{608181D5-619C-4498-8AC0-AAE4FDE6F068}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{71CCACDA-53A3-44FF-8D91-C0B019DC5C83}C:\downloads\software\worldofbattles-downloader.exe" = protocol=17 | dir=in | app=c:\downloads\software\worldofbattles-downloader.exe | 
"UDP Query User{837DA81F-14E7-4695-BDB7-C7407FE3632E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{8592E78A-30A3-4DAB-B6EC-893043202F6C}C:\users\xxx\downloads\torrenteasy-mydirtyhobby-com-sexy-cora-11-clips(3).exe" = protocol=17 | dir=in | app=c:\users\xxx\downloads\torrenteasy-mydirtyhobby-com-sexy-cora-11-clips(3).exe | 
"UDP Query User{88B50093-4F33-41EB-88A6-3D007FF2D12C}C:\users\xxx\downloads\torrenteasy-sexy-cora-amateurstars-no-1-german-xxx-dvdrip-xvid-chikani.exe" = protocol=17 | dir=in | app=c:\users\xxx\downloads\torrenteasy-sexy-cora-amateurstars-no-1-german-xxx-dvdrip-xvid-chikani.exe | 
"UDP Query User{99F3B709-D773-4C2C-8CDF-CAD01DE2A960}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{AC734956-10AD-4339-B6DC-4B310CA5FFE2}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{C6DDFAA3-AE42-4C4F-95C7-E8D6D8D09CCD}C:\program files\free download manager\fdm.exe" = protocol=17 | dir=in | app=c:\program files\free download manager\fdm.exe | 
"UDP Query User{CDE66033-9E4A-473F-880E-5961075E75E6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{DCCE43D0-4E87-4226-A0D8-CB6E8FB3E146}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Symbolleiste
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark 
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F722209B-739E-40E4-ADB1-062BD032A0DB}" = Personal ID
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"ckipdb" = Favorit
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP
"conduitEngine" = Conduit Engine
"Firstload" = Firstload
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"myphotobook" = myphotobook 3.6
"PriceGong" = PriceGong 2.1.0
"RealPlayer 12.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Verbindungsassistent" = Verbindungsassistent
"VLC media player" = VLC media player 1.1.7
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.04.2011 05:49:08 | Computer Name = xxx-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.04.2011 05:50:05 | Computer Name = xxx-PC | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 27.04.2011 05:50:38 | Computer Name = xxx-PC | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 27.04.2011 05:57:24 | Computer Name = xxx-PC | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 27.04.2011 05:58:59 | Computer Name = xxx-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.04.2011 05:59:20 | Computer Name = xxx-PC | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 27.04.2011 05:59:22 | Computer Name = xxx-PC | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 27.04.2011 05:59:26 | Computer Name = xxx-PC | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 27.04.2011 05:59:52 | Computer Name = xxx-PC | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 27.04.2011 06:11:11 | Computer Name = xxx-PC | Source = Windows Search Service | ID = 1006
Description = 
 
[ System Events ]
Error - 27.04.2011 20:40:45 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 27.04.2011 20:45:49 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 27.04.2011 20:45:49 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 27.04.2011 20:45:56 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 27.04.2011 20:46:49 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 27.04.2011 20:46:49 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 27.04.2011 20:47:29 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 27.04.2011 20:47:29 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 27.04.2011 20:59:06 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 27.04.2011 20:59:06 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7034
Description = 
 
 
< End of report >
         
Zu 8.
Malwarebytes
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6458

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

27.04.2011 23:19:03
mbam-log-2011-04-27 (23-19-03).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 151448
Laufzeit: 3 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Combofix.txt
TDSSKILLER
im Anhang weil der Beitrag zu lange ist!


mehr habe ich nicht.

Jetzt ist nur noch die Taskleiste fehlerhaft.
Es werden keine Schnellstartsymbole angezeigt wie Firefox, IE, Mediaplayer
keine ahnung was da war, denn wie oben schon geschrieben gehört der Laptop nicht mir.

Und nochmal Danke

Gruss klfreaky
__________________

Alt 28.04.2011, 10:34   #4
kira
/// Helfer-Team
 
Festplatten-Fehlermeldungen, Desktop schwarz, Dateien verschwunden, wohl auch TR/Kazy.mekml.1 - Standard

Festplatten-Fehlermeldungen, Desktop schwarz, Dateien verschwunden, wohl auch TR/Kazy.mekml.1



1.
** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:
  • per Doppelklick starten.
  • gleich mal die Datenbanken zu aktualisieren - online updaten
  • Vollständiger Suchlauf wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • alle Funde bis auf - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

2.
Deinstalliere unter `Start→ Systemsteuereung→ Ändern/Entfernen...`
Code:
ATTFilter
Favorit - Adware -Toolbar
         
3.
Adobe Reader aktualisieren :
- Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

4.
Java bei Oracle bitte updaten

5.
neues Logfiles mit OTL erstellen:

OTL.exe starten
♦ wähle unter Extra Registrierung-> Benutze Safe List und klicke auf den Scan Button.
♦ Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread.
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 28.04.2011, 10:43   #5
klfreaky
 
Festplatten-Fehlermeldungen, Desktop schwarz, Dateien verschwunden, wohl auch TR/Kazy.mekml.1 - Standard

Festplatten-Fehlermeldungen, Desktop schwarz, Dateien verschwunden, wohl auch TR/Kazy.mekml.1



Hallo,
ich habe nun den Papierkorb usw. alles wieder auf dem Desktop.
Den Papierkorb mußte ich über rechtsklick auf dem Desktop -> Anpassen -> Desktopsymbole ändern -> Häkchen bei Papierkorb rein machen wieder herstellen.

In der Taskleiste waren wohl die Symbole, Verknüpfungen nur gelöscht.
Durch reinziehen der Verknüpfungen sind die jetzt auch wieder da!

Es schein alles wieder ok zu sein.
Den Laptop hat er schon bei mir abgeholt, da er ihn dringent braucht.
Falls noch etwas zu machen ist gebe ich es Ihm weiter.

Danke für die Hilfe!

MFG Klfreaky


Alt 28.04.2011, 15:14   #6
kira
/// Helfer-Team
 
Festplatten-Fehlermeldungen, Desktop schwarz, Dateien verschwunden, wohl auch TR/Kazy.mekml.1 - Standard

Festplatten-Fehlermeldungen, Desktop schwarz, Dateien verschwunden, wohl auch TR/Kazy.mekml.1



Zitat:
Zitat von klfreaky Beitrag anzeigen
Falls noch etwas zu machen ist gebe ich es Ihm weiter.
das hier ja abarbeiten:-> http://www.trojaner-board.de/98357-f...tml#post648186
dann noch eine gründliche Reinigung und Kurzprüfung fällig
__________________
--> Festplatten-Fehlermeldungen, Desktop schwarz, Dateien verschwunden, wohl auch TR/Kazy.mekml.1

Alt 28.04.2011, 20:35   #7
klfreaky
 
Festplatten-Fehlermeldungen, Desktop schwarz, Dateien verschwunden, wohl auch TR/Kazy.mekml.1 - Standard

Festplatten-Fehlermeldungen, Desktop schwarz, Dateien verschwunden, wohl auch TR/Kazy.mekml.1



So, nun hier die logs:
Zu1.
Malwarebytes
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6464

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

28.04.2011 19:06:03
mbam-log-2011-04-28 (19-06-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 255966
Laufzeit: 59 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Punkt 2, 3, 4 wurde erledigt

Zu 5.
Neue Logdateien
OTL.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.04.2011 21:02:08 - Run 6
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\***\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,37 Gb Total Space | 4,31 Gb Free Space | 5,80% Space Free | Partition Type: NTFS
Drive E: | 73,21 Gb Total Space | 68,53 Gb Free Space | 93,61% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.04.28 20:13:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2011.04.27 17:52:47 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.19 15:33:50 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.14 05:19:46 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2010.11.10 03:54:18 | 004,240,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe
PRC - [2010.11.10 02:13:30 | 000,025,456 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Contacts\wlcomm.exe
PRC - [2010.11.02 17:49:22 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.10.28 19:20:49 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.03 12:45:11 | 000,296,400 | ---- | M] () -- C:\Programme\Verbindungsassistent\WTGService.exe
PRC - [2008.07.18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008.05.23 14:58:34 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxducoms.exe
PRC - [2008.04.24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Programme\Toshiba TEMPRO\TempoSVC.exe
PRC - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008.02.06 15:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2008.01.21 04:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.17 17:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.28 20:13:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.04.27 17:52:47 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.31 09:46:30 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Programme\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai)
SRV - [2011.03.19 15:33:50 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009.03.03 12:45:11 | 000,296,400 | ---- | M] () [Auto | Running] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService)
SRV - [2008.07.18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008.05.23 14:58:34 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxducoms.exe -- (lxdu_device)
SRV - [2008.04.24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008.04.16 16:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Programme\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008.02.06 15:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2008.01.21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.17 17:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.19 15:33:51 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.23 17:39:29 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.05.20 16:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.10.16 20:35:58 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008.10.09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.07.24 18:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008.07.24 11:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.07.18 19:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008.05.19 20:42:56 | 000,912,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.04.28 17:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2007.11.09 15:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.10.17 22:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.11.20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.10.18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/home?AF=17434
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:64343
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17434"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/home?AF=17434"
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=adbartrp&AF=17434&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 17:44:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.11.14 05:20:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.27 18:35:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.28 19:47:00 | 000,000,000 | ---D | M]
 
[2011.03.10 19:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.04.28 20:03:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\o7e7khfk.default\extensions
[2011.03.10 20:55:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\o7e7khfk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.28 19:47:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.04.28 19:47:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.04.18 17:54:32 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\Programme\Mozilla Firefox\extensions\adapter@babylontc.com
[2010.03.06 17:44:30 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2011.04.28 19:47:12 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010.11.14 05:20:28 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.24 17:26:45 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.04.18 17:54:22 | 000,002,226 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
[2011.03.24 17:26:45 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.28 18:14:06 | 000,002,040 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fcmdSrchstonicde.xml
[2011.03.24 17:26:45 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.24 17:26:45 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.24 17:26:45 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.04.28 01:42:07 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} -  File not found
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -  File not found
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} -  File not found
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Personal ID] C:\Programme\coolspot AG\Personal ID\pid.exe (coolspot AG, Düsseldorf)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -  File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} -  File not found
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} -  File not found
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} -  File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} -  File not found
O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.28 20:13:42 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.04.28 19:47:00 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.04.28 19:47:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.04.28 19:47:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.04.28 17:46:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{81DE229E-276A-448A-A8FC-5BE395F63EC0}
[2011.04.28 02:40:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.04.28 02:39:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.04.28 02:30:38 | 000,000,000 | ---D | C] -- C:\cofi7299c
[2011.04.28 02:29:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.04.28 01:46:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{BB5B51BE-0F95-4961-8C19-DD27ACD1314B}
[2011.04.28 01:33:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.04.27 21:40:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp
[2011.04.27 21:31:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.04.27 21:31:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.04.27 21:31:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.04.27 21:30:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.04.27 21:30:57 | 000,000,000 | ---D | C] -- C:\cofi
[2011.04.27 21:29:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.04.27 18:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Desktop
[2011.04.27 17:59:13 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011.04.27 17:59:13 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011.04.27 17:59:09 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.04.27 10:58:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{A5C31070-455E-4AD5-A6F5-B4D4A9EE7883}
[2011.04.26 22:57:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{BD15CC27-35C2-4474-9D4A-8A7E8AD63A98}
[2011.04.26 10:57:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D56CD24E-821F-413A-8714-D85E718862DF}
[2011.04.25 17:21:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{056E83B0-7E01-456D-AC1A-E72CE669964A}
[2011.04.24 20:07:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F088292F-809D-4FD2-992D-488C640A402C}
[2011.04.23 12:08:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{C2F96D8E-394C-4CCA-856D-57EE20825480}
[2011.04.23 00:08:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{64C06B1A-0C7A-482D-8FC6-798F1E448D0C}
[2011.04.22 12:07:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F25D85AA-FDDA-49B9-85CA-8003459BEBDD}
[2011.04.22 00:07:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{723796D2-8716-4CF9-80C6-6720D6F00F2D}
[2011.04.21 12:06:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{7C7C7CAA-4044-438B-B3D7-5DB941EC97F0}
[2011.04.20 12:06:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{2D08EB9D-B7C1-4C39-850D-AE8E762BCB04}
[2011.04.18 22:14:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D6327E97-B5A0-4617-A6A8-ECED090870E8}
[2011.04.18 17:55:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Babylon
[2011.04.18 12:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.04.18 12:13:35 | 000,000,000 | ---D | C] -- C:\Programme\Skype
[2011.04.18 12:13:35 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2011.04.18 11:59:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Babylon
[2011.04.18 11:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2011.04.18 11:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TorrentEasy
[2011.04.18 09:13:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{93312FAA-81D5-4E5C-B38F-80DDDA8D9857}
[2011.04.17 13:47:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{1BA6099C-800D-42C3-A12E-E3786FACC0EA}
[2011.04.17 01:47:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{411CABEF-458D-4D34-A5AE-75929A1CEE76}
[2011.04.16 20:00:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B4CEA97B-ED68-472C-A765-8827EF98B0BE}
[2011.04.16 09:19:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8B33F33F-1698-4531-A890-4C919DF89052}
[2011.04.15 21:19:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E2FBC9AB-00D8-4BFF-9209-F6D65DE5123C}
[2011.04.15 09:17:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{42C89B17-08F2-4BF3-A970-E01E9982810A}
[2011.04.14 21:01:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F721DF05-F29E-42DB-9570-28B00AD4D424}
[2011.04.14 08:59:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{40A37074-3016-4872-8C97-FB1C8B7BB02A}
[2011.04.13 14:34:05 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.13 14:34:05 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.13 14:34:05 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.13 14:34:05 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.13 14:34:05 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.13 14:34:05 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.13 14:34:05 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.13 14:34:05 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.13 14:34:05 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.13 14:34:05 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.13 14:34:05 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.13 14:34:05 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.13 14:34:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.13 14:34:05 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.13 14:34:04 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.13 14:34:04 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.13 14:34:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.13 14:33:59 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.13 14:33:59 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.13 14:33:45 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.13 14:33:45 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.13 14:33:39 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.13 14:32:00 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.13 14:31:31 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.13 14:31:31 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.11 14:21:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{C8AE54E9-537E-4582-AC1D-6FAE2EC70CD0}
[2011.04.10 17:26:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{99F9C53F-14D5-4021-BD20-A143D08ADB29}
[2011.04.10 00:27:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4DBF94D4-D1ED-47DF-AF18-89226A06BD76}
[2011.04.08 14:17:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{DFACCF0A-B367-4F7E-878E-52C76943DBC4}
[2011.04.07 10:18:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D50B4FEA-4FC9-46C0-884E-5078BAB9601D}
[2011.04.06 09:53:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9BD69A6D-389D-48B1-AAF9-6A74F873AE2A}
[2011.04.05 18:55:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{68AD1DC3-4372-4A50-B960-AC072035DFD2}
[2011.04.04 10:44:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{16B57D93-79EB-4AE4-8DC6-A9B1750E8CC7}
[2011.04.03 13:08:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{70F207AD-B440-4281-9EF6-67EF67DF304B}
[2011.04.03 05:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\fCi31001cBlPc31001
[2011.04.03 01:08:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{C3066291-4028-4357-8754-4FDD385397C7}
[2011.03.31 09:50:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{7E6606A9-968B-4895-8E3C-B8E0ACD83CB1}
[2011.03.30 20:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\App4rTemp
[2011.03.30 20:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Lexmark 5600-6600 Series
[2011.03.30 10:37:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{5C2E0A05-7CEA-407A-928E-8525519ADC15}
[2010.02.07 11:23:38 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDUhcp.dll
[2010.02.07 11:23:37 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxduusb1.dll
[2010.02.07 11:23:37 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxduinpa.dll
[2010.02.07 11:23:37 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxduiesc.dll
[2010.02.07 11:23:36 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxduserv.dll
[2010.02.07 11:23:36 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdupmui.dll
[2010.02.07 11:23:36 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdulmpm.dll
[2010.02.07 11:23:35 | 000,328,360 | ---- | C] ( ) -- C:\Windows\System32\lxduih.exe
[2010.02.07 11:23:34 | 000,679,936 | ---- | C] ( ) -- C:\Windows\System32\lxduhbn3.dll
[2010.02.07 11:23:33 | 000,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxducomc.dll
[2010.02.07 11:23:33 | 000,594,600 | ---- | C] ( ) -- C:\Windows\System32\lxducoms.exe
[2010.02.07 11:23:33 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxducomm.dll
[2010.02.07 11:23:32 | 000,369,320 | ---- | C] ( ) -- C:\Windows\System32\lxducfg.exe
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.28 20:46:34 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.28 20:46:34 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.28 20:26:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.28 20:23:02 | 001,135,080 | ---- | M] () -- C:\Users\***\Desktop\yahoomailuploader_0.5.exe
[2011.04.28 20:13:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.04.28 19:26:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.28 16:51:58 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.28 16:51:58 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.28 16:51:58 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.28 16:51:58 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.28 16:45:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.28 11:01:44 | 000,001,039 | ---- | M] () -- C:\Users\***\Desktop\Firstload.lnk
[2011.04.28 10:57:22 | 000,001,747 | ---- | M] () -- C:\Users\***\Desktop\Mozilla Firefox.lnk
[2011.04.28 01:42:07 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011.04.28 01:22:07 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{40C0AA4B-0465-45EA-9CB5-383F5F500537}.job
[2011.04.28 01:13:09 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2011.04.23 02:34:47 | 000,174,592 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.14 09:24:37 | 000,322,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.28 20:23:00 | 001,135,080 | ---- | C] () -- C:\Users\***\Desktop\yahoomailuploader_0.5.exe
[2011.04.28 11:01:44 | 000,001,039 | ---- | C] () -- C:\Users\***\Desktop\Firstload.lnk
[2011.04.28 10:57:22 | 000,001,747 | ---- | C] () -- C:\Users\***\Desktop\Mozilla Firefox.lnk
[2011.04.28 01:13:09 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2011.04.27 21:31:02 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.04.27 21:31:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.04.27 21:31:02 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.04.27 21:31:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.04.27 21:31:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.03.10 17:35:52 | 000,000,206 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.03.05 23:53:00 | 000,020,867 | ---- | C] () -- C:\Users\***\AppData\Roaming\A08C.72C
[2011.02.06 09:46:07 | 002,273,280 | ---- | C] () -- C:\Users\***\AppData\Roaming\hping3-20051105.avi
[2010.08.10 14:08:25 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.08.10 14:07:58 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.08.10 14:07:52 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.07.30 09:24:34 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2010.07.26 06:33:31 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2010.07.25 14:38:00 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.19 04:54:21 | 000,000,039 | ---- | C] () -- C:\Windows\System32\spfid.bin
[2010.05.19 04:54:21 | 000,000,039 | ---- | C] () -- C:\Windows\spfid.bin
[2010.02.07 11:34:14 | 000,360,448 | ---- | C] () -- C:\Windows\System32\lxducoin.dll
[2010.02.07 11:31:56 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxduvs.dll
[2010.02.07 11:29:52 | 001,036,288 | ---- | C] () -- C:\Windows\System32\lxdudrs.dll
[2010.02.07 11:29:52 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxducaps.dll
[2010.02.07 11:29:52 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxducnv4.dll
[2010.02.07 11:29:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXDUPMON.DLL
[2010.02.07 11:29:30 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXDUFXPU.DLL
[2010.02.07 11:29:09 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxduoem.dll
[2010.02.07 11:26:03 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdurwrd.ini
[2010.02.07 11:23:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\LXDUinst.dll
[2010.02.07 11:23:34 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdugrd.dll
[2009.12.03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.09.11 12:51:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.11 12:51:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.27 09:57:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\MSVolumeAD.dll
[2009.07.25 05:27:37 | 000,000,087 | ---- | C] () -- C:\Users\***\AppData\Local\ckipdb.bat
[2009.04.07 05:56:42 | 000,174,592 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.01 20:20:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.03.28 16:10:33 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009.03.28 16:10:33 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009.03.28 16:10:33 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009.03.28 16:10:33 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008.12.11 22:38:34 | 000,042,320 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2008.08.13 13:51:12 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008.08.13 13:36:31 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008.08.13 13:36:30 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008.08.13 13:36:29 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.08.13 13:36:27 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008.08.13 12:51:33 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.01.21 10:21:25 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 10:21:25 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 10:21:25 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 10:21:25 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:44:53 | 000,322,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >
         
--- --- ---


Zu 5.
EXTRA.txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 28.04.2011 21:02:08 - Run 6
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\***\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,37 Gb Total Space | 4,31 Gb Free Space | 5,80% Space Free | Partition Type: NTFS
Drive E: | 73,21 Gb Total Space | 68,53 Gb Free Space | 93,61% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4066D5B3-6957-4BD1-B739-520371FAD9CC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{45A8278A-0F6B-495C-B9A8-7BC0D3E8D0F5}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{4E1D1E6B-7EA9-4F87-BEAE-512A9505B85E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{55F01420-67A1-47B9-A98F-B1987D9693EB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9FE84B0C-E0FE-403C-8F5D-F8A936A29A0A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A736B62C-95BC-4949-8C3F-5A2AF74A0F70}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A7E7AA7C-C7A2-4C22-AA9F-4603767C9B68}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{AE885729-F902-4B44-97AE-684E1CABDC57}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface | 
"{AFA32E8A-79E8-48C1-B231-72039E739A5E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{BED960CC-F002-4F12-A65F-4CF20C73C5C2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C6776E70-DEB3-41FA-BD29-0F244310A4A8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{DAE4C25F-0895-4179-94BC-CFC37FA2910F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F3F2F002-F955-48C1-B6D5-45C6B473DED5}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F934278D-628F-4E16-8FBA-17306D8B4E5B}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07E8E7B1-A1FF-432D-85EC-1426956AB51E}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{0E4CB067-0310-4643-B845-1F8C0D15A343}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{0FF83EFE-F4D3-4543-B59B-4F4042B36132}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{10CEB0D7-623F-4FBF-8E7F-92DEE7772076}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{14C0D6B0-211F-41CE-95F4-548B82787E60}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{281EA648-A420-41E3-8DD8-B9924CDB89CB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2E9AD379-61C8-41D9-B393-E85519417296}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | 
"{3373E4F9-2E09-4758-A28E-F1F40BD53728}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe | 
"{445E1EB2-B323-4BC4-9DB9-8AFC0B0243E9}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxdufax.exe | 
"{4D6EBABE-BBB4-4EF4-A728-7B8E66B60FCB}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{545A10AE-09E0-4016-A7D5-E5B64AF03597}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{578E75F9-C740-40D2-B6A0-7F2D490ACDE3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5BCD3CCB-7FC7-40B1-AD05-D85960B5BFD7}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe | 
"{7CCAB95A-1503-425F-8387-DBF4F6EF3552}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | 
"{7CFD12E3-AE03-47BD-9F36-D3D779E17CAB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{7F2D1489-5FCD-4224-91B8-BDCC9457D66C}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxdufax.exe | 
"{7F40EB22-3A95-4BB5-ADAA-8DC952C5735A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A6F30EA9-02B4-49A4-B3BC-98180C075F67}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{B7CB1CE2-E771-44E2-B418-8D495E092155}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{C5368BD2-5936-472F-9702-6756AF855B21}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | 
"{C5F78B57-3048-4BA8-9F5B-FDEE030DA38B}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{C69FD5D1-4366-46D5-950C-5945EE335C60}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{CC6D68B4-ACB7-46BD-8C98-8FE59507B118}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe | 
"{DB7095F0-FB9B-4CEA-91EF-DF86978A55C7}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe | 
"{E2FA396C-82A3-4EBF-B209-CB2CEC040C1F}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe | 
"{F563894B-BA76-45FB-9D9E-7ED81197AFC1}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe | 
"{FB19C24A-BBCD-4B13-B2D2-FF44AAAABFE3}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | 
"TCP Query User{0E0E30E9-1727-4326-B087-D683F5768368}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{1BD0DBCB-1690-4D8E-97BF-F5D446E56531}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{2EB36645-23A7-4F92-A996-9321CF26DEC1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{464109E6-C5EC-407F-B180-DBD3562A172F}C:\program files\free download manager\fdm.exe" = protocol=6 | dir=in | app=c:\program files\free download manager\fdm.exe | 
"TCP Query User{5CF4799A-CAF1-482C-8602-7A3CDA18A076}C:\downloads\software\worldofbattles-downloader.exe" = protocol=6 | dir=in | app=c:\downloads\software\worldofbattles-downloader.exe | 
"TCP Query User{6828B123-5453-4178-9163-DE97390562EA}C:\program files\free download manager\fdm.exe" = protocol=6 | dir=in | app=c:\program files\free download manager\fdm.exe | 
"TCP Query User{6916832D-D447-4820-9A53-309E12089571}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{6A2D867A-130D-4A43-8688-834B1AD06ADA}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{6C0A6316-936C-481D-B6E5-AADCB11E21B6}C:\users\***\downloads\torrenteasy-mydirtyhobby-com-sexy-cora-11-clips(3).exe" = protocol=6 | dir=in | app=c:\users\***\downloads\torrenteasy-mydirtyhobby-com-sexy-cora-11-clips(3).exe | 
"TCP Query User{7E3C1376-5178-4E14-AA9C-510FA3CF51F4}C:\users\***\downloads\torrenteasy-sexy-cora-amateurstars-no-1-german-xxx-dvdrip-xvid-chikani.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\torrenteasy-sexy-cora-amateurstars-no-1-german-xxx-dvdrip-xvid-chikani.exe | 
"TCP Query User{9748DFF3-7C36-4271-B23D-A7E5AF59C3CC}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{ACF49F89-5BE9-4C9C-A348-44282B9641EA}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{BD27A21A-E07F-41BF-9BFF-1F3898D88B01}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{E7BEAEA7-56E8-4FDC-AC8F-5B65C3B640B1}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{08DE349D-DACF-4C08-BE4D-9738D019C84C}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{1FD93BBB-7653-4DD2-AC60-3DC3B8F298DF}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{276C1929-E7FD-48B4-938C-F243470EB143}C:\program files\free download manager\fdm.exe" = protocol=17 | dir=in | app=c:\program files\free download manager\fdm.exe | 
"UDP Query User{33DC54AB-D7D7-4E50-B5E9-F11228A5E24F}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{608181D5-619C-4498-8AC0-AAE4FDE6F068}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{71CCACDA-53A3-44FF-8D91-C0B019DC5C83}C:\downloads\software\worldofbattles-downloader.exe" = protocol=17 | dir=in | app=c:\downloads\software\worldofbattles-downloader.exe | 
"UDP Query User{837DA81F-14E7-4695-BDB7-C7407FE3632E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{8592E78A-30A3-4DAB-B6EC-893043202F6C}C:\users\***\downloads\torrenteasy-mydirtyhobby-com-sexy-cora-11-clips(3).exe" = protocol=17 | dir=in | app=c:\users\***\downloads\torrenteasy-mydirtyhobby-com-sexy-cora-11-clips(3).exe | 
"UDP Query User{88B50093-4F33-41EB-88A6-3D007FF2D12C}C:\users\***\downloads\torrenteasy-sexy-cora-amateurstars-no-1-german-xxx-dvdrip-xvid-chikani.exe" = protocol=17 | dir=in | app=c:\users\***\downloads\torrenteasy-sexy-cora-amateurstars-no-1-german-xxx-dvdrip-xvid-chikani.exe | 
"UDP Query User{99F3B709-D773-4C2C-8CDF-CAD01DE2A960}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{AC734956-10AD-4339-B6DC-4B310CA5FFE2}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{C6DDFAA3-AE42-4C4F-95C7-E8D6D8D09CCD}C:\program files\free download manager\fdm.exe" = protocol=17 | dir=in | app=c:\program files\free download manager\fdm.exe | 
"UDP Query User{CDE66033-9E4A-473F-880E-5961075E75E6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{DCCE43D0-4E87-4226-A0D8-CB6E8FB3E146}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Symbolleiste
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 24
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark 
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F722209B-739E-40E4-ADB1-062BD032A0DB}" = Personal ID
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"ckipdb" = Favorit
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP
"conduitEngine" = Conduit Engine
"Firstload" = Firstload
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"myphotobook" = myphotobook 3.6
"PriceGong" = PriceGong 2.1.0
"RealPlayer 12.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Verbindungsassistent" = Verbindungsassistent
"VLC media player" = VLC media player 1.1.7
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.04.2011 09:50:12 | Computer Name = ***-PC | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 27.04.2011 09:52:06 | Computer Name = ***-PC | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 27.04.2011 12:02:37 | Computer Name = ***-PC | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 27.04.2011 12:08:54 | Computer Name = ***-PC | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 27.04.2011 12:09:54 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.04.2011 12:10:51 | Computer Name = ***-PC | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 27.04.2011 12:11:21 | Computer Name = ***-PC | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 27.04.2011 12:14:13 | Computer Name = ***-PC | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 27.04.2011 12:14:13 | Computer Name = ***-PC | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 27.04.2011 12:15:51 | Computer Name = ***-PC | Source = Windows Search Service | ID = 1006
Description = 
 
[ System Events ]
Error - 28.04.2011 10:48:21 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 28.04.2011 10:48:21 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 28.04.2011 10:49:00 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 28.04.2011 10:49:00 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 28.04.2011 11:45:50 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 28.04.2011 11:45:50 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 28.04.2011 13:49:24 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 28.04.2011 13:49:24 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 28.04.2011 14:07:56 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 28.04.2011 14:07:56 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7034
Description = 
 
 
< End of report >
         
--- --- ---


Ich habe gesehen das immer noch Babylon mit in den Logs ist,
aber deinstalliert habe ich es.
Sind das noch reste?

Mit was am besten noch bereinigen ?
CCleaner & da ist Windows recovery tool drauf, das Prüft, Scannt und repariert auch!

MFG klfreaky

Geändert von klfreaky (28.04.2011 um 20:40 Uhr)

Alt 28.04.2011, 21:27   #8
kira
/// Helfer-Team
 
Festplatten-Fehlermeldungen, Desktop schwarz, Dateien verschwunden, wohl auch TR/Kazy.mekml.1 - Standard

Festplatten-Fehlermeldungen, Desktop schwarz, Dateien verschwunden, wohl auch TR/Kazy.mekml.1



1.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java Version 6 Update 24 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

2.
Adobe Reader aktualisieren :
- Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

3.
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/home?AF=17434
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:64343
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17434"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/home?AF=17434"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&AF=17434&q="
[2011.04.18 17:54:32 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\Programme\Mozilla Firefox\extensions\adapter@babylontc.com
[2011.04.18 17:54:22 | 000,002,226 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} -  File not found
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -  File not found
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} -  File not found
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -  File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} -  File not found
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} -  File not found
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} -  File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} -  File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2011.04.18 17:55:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Babylon
[2011.04.18 11:59:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Babylon
[2011.04.18 11:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon

:Commands
[purity]
[emptytemp]
[resethosts]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

4.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

5.
- "Link:-> ESET Online Scanner
>>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.► [Sicherheit] Autorun Funktion für mehr Sicherheit auf allen Laufwerken deaktivieren /Avira Support Forum

-> Führe dann einen Komplett-Systemcheck mit Eset/Nod32 durch

- folgendes bitte anhaken > "Remove found threads" und "Scan archives"
- die Scanergebnis als *.txt Dateien speichern)
- meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt"

Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben
- um den Scan zu starten: wenn du danach gefragt wirst (den Text in der Informationsleiste ) - ActiveX-Steuerelement installieren lassen

► Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Antwort

Themen zu Festplatten-Fehlermeldungen, Desktop schwarz, Dateien verschwunden, wohl auch TR/Kazy.mekml.1
aktuelle, andere, anderen, angezeigt, anhang, dateien, dateien verschwunden, desktop, desktop schwarz, eigenes, festplatte, fix, gefunde, gefundene, gefundenen, gen, malwarebytes, nichts, otl.txt, platte, schwarz, symbole, theme, themen, tr/kazy.mekml.1, unhide, verschwunden



Ähnliche Themen: Festplatten-Fehlermeldungen, Desktop schwarz, Dateien verschwunden, wohl auch TR/Kazy.mekml.1


  1. SMART HDD Trojaner eingefangen - Desktop schwarz, Dateien verschwunden
    Plagegeister aller Art und deren Bekämpfung - 04.05.2012 (25)
  2. Nach Virusmeldung Desktop schwarz & Dateien verschwunden
    Log-Analyse und Auswertung - 05.06.2011 (19)
  3. Nach Trojaner Desktop schwarz Programme und Dateien verschwunden
    Log-Analyse und Auswertung - 23.05.2011 (39)
  4. nach Trojanerbefall alle Dateien verschwunden, Screnn schwarz, Fehlermeldungen
    Log-Analyse und Auswertung - 16.05.2011 (20)
  5. TR/Kazy.mekml.1 Festplatten-Fehlermeldungen, Desktop schwarz, Dateien verschwunden
    Log-Analyse und Auswertung - 12.05.2011 (13)
  6. Beschädigter Festplatten-Cluster - TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 08.05.2011 (5)
  7. mich wohl oder übel auch...(TR/Kazy.mekml.1)
    Log-Analyse und Auswertung - 06.05.2011 (1)
  8. TR/Kazy.mekml.1 - Mich hat es wohl auch erwischt!
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (13)
  9. TR/Kazy.mekml.1 eigefangen, Desktop schwarz, Dateien versteckt :(
    Log-Analyse und Auswertung - 29.04.2011 (6)
  10. TR/Kazy.mekml.1 - Dateien verschwunden,
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (1)
  11. TR/Kazy.mekml.1 , Eigene Dateien weg, Desktop futsch,....
    Log-Analyse und Auswertung - 28.04.2011 (1)
  12. Bildschirm bleibt schwarz, undone. exe funktioniert nicht bei desktop Dateien, kazy.mekml1
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (8)
  13. TR/Kazy.mekml.1 - leider wohl auch bei mir
    Plagegeister aller Art und deren Bekämpfung - 27.04.2011 (3)
  14. TR/Kazy.mekml.1 (Eigene Datein unsichtbar, Festplattenfehler, Desktop schwarz...)
    Plagegeister aller Art und deren Bekämpfung - 27.04.2011 (9)
  15. tr/kazy.mekml.1' desktop dateien weg
    Log-Analyse und Auswertung - 25.04.2011 (1)
  16. TR/Kazy.mekml.1 Festplatten-Fehlermeldungen, Desktop schwarz, Dateien verschwunden
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (12)
  17. TR/Kazy.mekml.1: Festplatten-Fehlermeldungen, Desktop schwarz, Dateien verschwunden
    Mülltonne - 21.04.2011 (1)

Zum Thema Festplatten-Fehlermeldungen, Desktop schwarz, Dateien verschwunden, wohl auch TR/Kazy.mekml.1 - Ich habe bei anderen Themen schon geschaut und Malwarebytes durchlaufen lassen. Die gefundenen Dateien 3, habe ich gelöscht. Malwarebytes hat dann nichts mehr gefunden. Unhide habe ich auch ausgeführt. So - Festplatten-Fehlermeldungen, Desktop schwarz, Dateien verschwunden, wohl auch TR/Kazy.mekml.1...
Archiv
Du betrachtest: Festplatten-Fehlermeldungen, Desktop schwarz, Dateien verschwunden, wohl auch TR/Kazy.mekml.1 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.