Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
tr/kazy.mekml.1

tr/kazy.mekml.1


Plagegeister aller Art und deren Bekämpfung: tr/kazy.mekml.1

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 21.04.2011, 03:29   #1
s0ny
 
tr/kazy.mekml.1 - Standard

tr/kazy.mekml.1


Hallo,

habe mir wahrscheinlich auch den tr/kazy.mekml.1 eingefangen.

Antivir spuckt diese Meldung aus, schwarzer Bildschirm, kein Zugriff auf eigene Dateien und ständige Fehlermeldungen meine Festplatte sei defekt!

Hier meine OTL-Logs:
OTL.txt
Code:
ATTFilter
OTL logfile created on: 21.04.2011 03:18:45 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Basti\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 47,31 Gb Total Space | 11,26 Gb Free Space | 23,80% Space Free | Partition Type: NTFS
Drive D: | 179,72 Gb Total Space | 2,74 Gb Free Space | 1,53% Space Free | Partition Type: NTFS
Drive F: | 4,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.04.21 03:08:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe
PRC - [2011.04.21 02:45:48 | 000,569,344 | -H-- | M] (WinTrust) -- C:\ProgramData\UEBeSifOsb.exe
PRC - [2011.03.24 17:05:38 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.05.25 19:53:50 | 002,155,848 | ---- | M] () -- D:\Programme\Acronis\DiskDirector\OSS\reinstall_svc.exe
PRC - [2010.04.16 23:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.24 14:03:47 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008.10.24 14:03:45 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2008.06.12 14:28:40 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2008.01.19 00:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 00:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.19 00:33:32 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2008.01.19 00:33:06 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007.09.27 03:05:56 | 000,734,264 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe
PRC - [2007.09.11 16:50:28 | 000,804,144 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\StCenter.exe
PRC - [2007.09.07 15:38:42 | 000,561,152 | ---- | M] (MSI) -- C:\Programme\System Control Manager\MGSysCtrl.exe
PRC - [2007.09.04 11:14:34 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE
PRC - [2007.08.23 14:37:18 | 000,061,440 | ---- | M] () -- C:\Programme\System Control Manager\edd.exe
PRC - [2007.04.04 00:29:15 | 000,165,784 | ---- | M] (DT Soft Ltd.) -- C:\Programme\DAEMON Tools\daemon.exe
PRC - [2007.03.22 14:06:10 | 000,028,672 | ---- | M] () -- C:\Programme\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe
PRC - [2007.03.09 16:17:06 | 002,170,880 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2007.03.07 14:01:18 | 000,274,432 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2007.02.27 20:21:10 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007.02.27 19:57:56 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2007.02.27 14:31:34 | 002,756,608 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2007.02.25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007.01.30 17:47:48 | 000,307,200 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2006.11.02 11:44:50 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe
PRC - [2006.10.05 06:10:00 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006.01.23 23:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2005.10.23 00:00:00 | 000,385,024 | ---- | M] (Team H2O) -- C:\Programme\Syncrosoft\POS\H2O\cledx.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.21 03:08:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe
MOD - [2010.08.31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (LiveUpdate Notice Ex)
SRV - [2011.03.30 21:43:13 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Programme\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai)
SRV - [2010.07.25 08:26:02 | 000,884,736 | -H-- | M] () [Auto | Stopped] -- C:\Users\Basti\AppData\Local\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010.05.25 19:53:50 | 002,155,848 | ---- | M] () [Auto | Running] -- D:\Programme\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector)
SRV - [2008.10.24 14:03:47 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008.10.24 14:03:45 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.04 11:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2007.08.23 14:37:18 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Programme\System Control Manager\edd.exe -- (NishService)
SRV - [2007.02.25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006.10.05 06:10:00 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.10.15 05:29:31 | 000,170,080 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009.05.31 10:56:18 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.05.31 10:56:14 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009.05.31 10:56:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2009.01.30 10:12:00 | 007,544,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.08.30 14:08:50 | 000,682,232 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007.11.08 19:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007.06.25 07:37:00 | 000,084,480 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.04.30 00:45:18 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.03.07 10:26:50 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2007.03.01 16:53:12 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007.02.28 22:27:06 | 000,041,344 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007.02.24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.02.22 19:56:24 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007.01.23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.01.22 10:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2006.12.22 05:21:52 | 000,019,456 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MGHwCtrl.sys -- (MGHwCtrl)
DRV - [2006.11.28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.20 17:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006.11.17 10:57:00 | 000,210,224 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Si3531.sys -- (Si3531)
DRV - [2006.10.18 08:20:00 | 000,005,504 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2006.10.10 19:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2005.08.01 16:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005.05.09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cledx.sys -- (CLEDX)
DRV - [2005.01.06 13:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004.11.01 05:21:00 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.24 17:05:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 17:05:39 | 000,000,000 | ---D | M]
 
[2009.03.09 10:10:40 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Extensions
[2011.04.20 14:02:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\yoeosc8w.default\extensions
[2010.06.28 18:11:26 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\yoeosc8w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.03 19:10:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\yoeosc8w.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2011.03.11 00:43:23 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\yoeosc8w.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.04.03 20:04:54 | 000,000,000 | -H-D | M] (TVU Web Player) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\yoeosc8w.default\extensions\firefox@tvunetworks.com
[2009.05.06 23:43:10 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\yoeosc8w.default\extensions\moveplayer@movenetworks.com
[2009.03.09 10:11:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\yoeosc8w.default\extensions\toolbar_extras@de.yahoo.com
[2010.08.15 19:24:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.08.15 19:24:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009.03.09 09:43:37 | 000,000,000 | ---D | M] (Yahoo! Deutschland Toolbar und Extras) -- C:\Programme\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com
[2009.04.07 23:28:04 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2010.08.15 19:24:04 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.10 01:18:15 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.10 01:18:15 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.10 01:18:16 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.10 01:18:16 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.10 01:18:16 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O4 - HKLM..\Run: [AveoKeySti]  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [H2O] C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (MSI)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [WinampAgent]  File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [cmds]  File not found
O4 - HKCU..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKCU..\Run: [EA Core]  File not found
O4 - HKCU..\Run: [MSServer]  File not found
O4 - HKCU..\Run: [Smart Antivirus-2009.exe]  File not found
O4 - HKCU..\Run: [UEBeSifOsb] C:\ProgramData\UEBeSifOsb.exe (WinTrust)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Basti\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: msn.com ([zone] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} hxxp://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab (MSN Games – Backgammon)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.205.211 192.168.205.212
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Basti\Pictures\pamela_anderson_wallpaper_1024x768_003.jpg
O24 - Desktop BackupWallPaper: C:\Users\Basti\Pictures\pamela_anderson_wallpaper_1024x768_003.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{257c9a53-a34a-11dd-914c-0019db99ae46}\Shell - "" = AutoRun
O33 - MountPoints2\{257c9a53-a34a-11dd-914c-0019db99ae46}\Shell\AutoRun\command - "" = G:\setup\rsrc\Autorun.exe
O33 - MountPoints2\{257c9a53-a34a-11dd-914c-0019db99ae46}\Shell\dinstall\command - "" = G:\Directx\dxsetup.exe
O33 - MountPoints2\{9aea7971-e0db-11dd-8e18-0019db99ae46}\Shell\1\Command - "" = .\recycled\info.exe
O33 - MountPoints2\{9aea7971-e0db-11dd-8e18-0019db99ae46}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe
O33 - MountPoints2\{bfd3ff16-8b50-11dd-8d16-0019db99ae46}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe UTELIAS.vbs
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.21 03:22:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2011.04.21 03:22:29 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.21 03:21:57 | 007,734,208 | -H-- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Basti\Desktop\mbam-setup-1.50.1.1100.exe
[2011.04.21 03:08:02 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe
[2011.04.21 02:45:49 | 000,569,344 | -H-- | C] (WinTrust) -- C:\ProgramData\UEBeSifOsb.exe
[2011.04.13 12:14:36 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.13 12:14:36 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.13 12:14:33 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.13 12:14:32 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.13 12:14:29 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.13 12:14:23 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.13 12:14:22 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.13 12:14:22 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.13 12:14:22 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.04.13 12:14:21 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.13 12:14:21 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.13 12:14:21 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.13 12:14:21 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.13 12:14:21 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011.04.13 12:14:21 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.13 12:14:18 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.13 12:14:16 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.13 12:14:16 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.03.29 21:07:19 | 000,000,000 | -H-D | C] -- C:\Users\Basti\Documents\wohnung
[2011.03.29 20:37:40 | 000,000,000 | -H-D | C] -- C:\Users\Basti\Documents\PIXMA_MX850_MANUAL
[2011.03.27 19:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX850 series Benutzerregistrierung
[2011.03.27 19:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX850 series
[2011.03.27 19:02:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2011.03.27 19:01:04 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information
[2011.03.27 18:57:20 | 000,223,744 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMLM98.DLL
[2011.03.27 18:56:01 | 000,204,800 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC850L.DLL
[2011.03.27 18:56:01 | 000,188,416 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNC850O.DLL
[2011.03.27 18:56:01 | 000,098,304 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC850I.DLL
[2011.03.27 18:56:00 | 001,339,392 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC850C.DLL
[2011.03.27 18:55:55 | 000,106,496 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFMSf.EXE
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfUS.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfTW.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfTR.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfTH.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfSE.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfRU.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfPT.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfPL.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfNO.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfKR.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfIT.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfID.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfHU.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfGR.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfFR.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfFI.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfES.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfDK.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfDE.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfCZ.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfCN.DLL
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfAR.DLL
[2011.03.27 18:55:55 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfJP.DLL
[2011.03.27 18:55:54 | 000,156,160 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCF2Lf.DLL
[2011.03.27 18:55:42 | 000,000,000 | -H-D | C] -- C:\Programme\CanonBJ
[2011.03.27 18:55:28 | 000,363,520 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMNPPM.DLL
[2011.03.27 18:55:28 | 000,143,360 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMNPUI.DLL
[2011.03.27 18:54:49 | 000,000,000 | ---D | C] -- C:\Programme\Canon
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[11 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.21 03:22:37 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.21 03:22:00 | 007,734,208 | -H-- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Basti\Desktop\mbam-setup-1.50.1.1100.exe
[2011.04.21 03:12:27 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 03:12:27 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 03:12:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.21 03:08:13 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe
[2011.04.21 02:48:57 | 000,102,035 | -H-- | M] () -- C:\ProgramData\nvModes.001
[2011.04.21 02:45:48 | 000,569,344 | -H-- | M] (WinTrust) -- C:\ProgramData\UEBeSifOsb.exe
[2011.04.21 00:05:08 | 000,102,035 | -H-- | M] () -- C:\ProgramData\nvModes.dat
[2011.04.20 13:53:27 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8D3263E7-530E-4AF9-89AC-C8AF1A32D293}.job
[2011.04.15 14:24:59 | 000,206,848 | -H-- | M] () -- C:\Users\Basti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.14 03:37:04 | 000,363,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.14 03:07:57 | 000,670,934 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.14 03:07:57 | 000,631,636 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.14 03:07:57 | 000,143,888 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.14 03:07:57 | 000,118,262 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.29 20:37:21 | 014,389,179 | -H-- | M] () -- C:\Users\Basti\Documents\PIXMA_MX850_MANUAL.zip
[2011.03.27 19:08:54 | 000,086,432 | -H-- | M] () -- C:\Users\Basti\Documents\ausbi67.ods
[2011.03.27 19:08:46 | 000,085,941 | -H-- | M] () -- C:\Users\Basti\Documents\ausbi65.ods
[2011.03.27 19:08:38 | 000,086,983 | -H-- | M] () -- C:\Users\Basti\Documents\ausbi66.ods
[2011.03.27 19:06:11 | 000,001,853 | ---- | M] () -- C:\Users\Public\Desktop\Canon MX850 series Benutzerregistrierung.LNK
[2011.03.27 16:30:35 | 000,107,520 | -H-- | M] () -- C:\Users\Basti\Documents\ausbinachweis.xlt
[2011.03.22 17:11:42 | 000,007,592 | -H-- | M] () -- C:\Users\Basti\AppData\Local\d3d9caps.dat
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[11 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.21 03:22:37 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.29 20:36:18 | 014,389,179 | -H-- | C] () -- C:\Users\Basti\Documents\PIXMA_MX850_MANUAL.zip
[2011.03.27 19:06:11 | 000,001,853 | ---- | C] () -- C:\Users\Public\Desktop\Canon MX850 series Benutzerregistrierung.LNK
[2011.03.27 18:55:55 | 000,003,584 | ---- | C] () -- C:\Windows\System32\CNCFLfNL.DLL
[2011.03.27 16:57:05 | 000,086,432 | -H-- | C] () -- C:\Users\Basti\Documents\ausbi67.ods
[2011.03.27 16:50:54 | 000,086,983 | -H-- | C] () -- C:\Users\Basti\Documents\ausbi66.ods
[2011.03.27 16:50:45 | 000,085,941 | -H-- | C] () -- C:\Users\Basti\Documents\ausbi65.ods
[2011.03.27 16:30:34 | 000,107,520 | -H-- | C] () -- C:\Users\Basti\Documents\ausbinachweis.xlt
[2010.08.25 10:43:36 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.03.09 15:45:51 | 000,164,193 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010.03.09 15:45:36 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2009.09.09 17:31:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.07.29 15:25:52 | 000,007,592 | -H-- | C] () -- C:\Users\Basti\AppData\Local\d3d9caps.dat
[2009.05.12 10:12:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\MFC_InstDrvDLL.dll
[2009.04.11 16:03:57 | 000,000,020 | ---- | C] () -- C:\Windows\powerlist.ini
[2009.04.11 15:44:37 | 000,000,013 | ---- | C] () -- C:\Windows\msgtn.ini
[2009.04.11 15:43:57 | 000,000,829 | ---- | C] () -- C:\Windows\psnetwork.ini
[2009.04.11 15:43:57 | 000,000,412 | ---- | C] () -- C:\Windows\powerplayer.ini
[2009.03.09 15:36:08 | 000,102,035 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2009.03.09 15:36:08 | 000,102,035 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2008.12.02 19:48:48 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2008.12.02 19:48:37 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.12.02 19:48:29 | 000,183,112 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2008.11.28 02:15:17 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.11.06 18:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.09.05 01:25:51 | 000,206,848 | -H-- | C] () -- C:\Users\Basti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.07.06 23:44:41 | 000,075,069 | -H-- | C] () -- C:\Users\Basti\AppData\Roaming\nvModes.001
[2008.07.06 23:44:40 | 000,075,069 | -H-- | C] () -- C:\Users\Basti\AppData\Roaming\nvModes.dat
[2007.09.02 07:37:55 | 000,110,592 | ---- | C] () -- C:\Windows\System32\MGHwCtrl.dll
[2007.09.02 07:37:55 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MGFPCtrl.dll
[2006.12.05 13:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 17:33:31 | 000,670,934 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,143,888 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,363,352 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,631,636 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,118,262 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2005.07.22 21:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

< End of report >
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 21.04.2011 03:41:01 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Basti\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 55,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 47,31 Gb Total Space | 11,11 Gb Free Space | 23,48% Space Free | Partition Type: NTFS
Drive D: | 179,72 Gb Total Space | 2,74 Gb Free Space | 1,53% Space Free | Partition Type: NTFS
Drive F: | 4,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Users\Basti\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ -- (PPStream Inc.)
"C:\Program Files\PPStream\PPSAP.exe" = C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷ -- (PPStream Inc)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0480238D-A439-4BBC-89BE-8D84DD82B9E4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{0CEEBE93-4ED9-48EB-A444-F6AFF087E0EA}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface | 
"{10176D6B-3C9A-4EF0-A73B-CA3F9ADBCA9C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{14EA2ABE-8687-40AB-88DB-379553C89D98}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{16FC42EC-F47D-4776-A9E8-322E81B607B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{1CF57C01-0B7D-4DA6-982A-B7E9E0488776}" = lport=50001 | protocol=6 | dir=in | name=vuze | 
"{2D4E0BBE-BE7B-4A4F-8E4C-42CC35BBDEED}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3B0D828B-D1C4-4518-9897-A1AE8EC89FE2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3E6C8C36-28C2-4688-8BAC-A058B75D3C9E}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{435C7F28-3AF6-4191-B2F0-BDCF83CE3D06}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{48690AC3-3002-43EE-8B2D-DEC79F8A1FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{4A02DC9F-4706-4C6A-8B64-28D2005F1E42}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6663AA09-EE6F-433E-ADFA-611061FF7264}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{66D624CC-8AD4-44E7-9644-16C4445A1241}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{68D09A99-649C-4B8D-998F-D102F74E22E2}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{74943D2A-320B-41AE-BBB9-999FD4340CB1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{785C353D-AA32-458D-ADC0-8FE2808B5347}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{7A51C5B3-3C9A-4B5D-83AD-A72B78C859A3}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{7F68F46F-2100-484C-9A5E-1C486CA0E4CA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{8752B766-2AFC-41B8-9811-7EEA6D4BC344}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8EF7ACDC-E5F9-4715-A540-870F5F171AFD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{90EC38E8-6D35-4DBC-A7D0-FF90A0EF7704}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{917F1CEB-D2D8-4ACC-95B9-E469B79C5692}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9405977B-AF36-4958-A0EF-FAA105692365}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe | 
"{94533F7A-49A5-4A01-A1A4-563EF992D488}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{A1402820-8DC9-469C-9493-6B47510D4D04}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{A1F27024-27CA-46DA-B105-DC424F7E1750}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{A6A37339-7143-45F6-93C3-4D9CF6670A42}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{AADB7CA4-B33C-4DC9-8F7C-3628EF5D4906}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BAFD726B-0064-43A6-8DC2-C29525722BEE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{BC90D045-1A35-415B-9740-4D4C69F3859D}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe | 
"{D0573E56-1291-48F3-916D-A1A76A429163}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{D6915033-CE42-453F-B5E3-FFF11623E397}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{DB2FA487-7C5A-4387-8A73-A84F6435BB1C}" = lport=50001 | protocol=17 | dir=in | name=vuzeudp | 
"{DC039100-8836-4E52-9C74-CFCCF1FCFC76}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{DCB48DAC-8033-4DED-8D68-A4EB20A32E6D}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{DDB6495B-1564-4D68-AADE-43A730F15E3A}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface | 
"{E13BBC2B-1EE4-4AA6-A967-5F7E630E0DC4}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe | 
"{F5334E2A-414A-405D-BB74-05CB3F7941C0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{F78E9F03-AD05-443A-9311-3B939C97BC72}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013BD9BC-540B-4FC1-9BD7-27A95CFBAA1A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{0760B0C7-3119-47B6-B571-4BA89AC2BFFB}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{0C94A18E-9B3A-45E9-AEB7-C7EF43D08070}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe | 
"{2C55B68C-99D6-4B7E-8547-4668A161F0D1}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe | 
"{31E216C4-332A-406E-90EB-FDFE3DB4003A}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe | 
"{3D8009F9-66E8-4F31-956F-5210050FBB20}" = protocol=17 | dir=in | app=d:\call of duty - world at war\codwaw.exe | 
"{3DBA5B88-D456-4B1B-B3E2-D5367EFADEBE}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe | 
"{458BF580-CB93-4DC9-B32D-FF2B588F9ED2}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{517C3996-CAF0-4C52-9D91-BC5647153A52}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe | 
"{75014B41-C0BF-47DA-99EB-E624F6638FC6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7BBDF974-EF4C-44F4-AD49-53EEEFEC33B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7F44CB82-B290-4741-951E-548B1F2B8FD7}" = protocol=6 | dir=in | app=d:\call of duty - world at war\codwawmp.exe | 
"{99C17028-F6C6-46DE-AA02-1E28F78072C6}" = protocol=6 | dir=in | app=c:\users\basti\appdata\local\tversity\media server\mediaserver.exe | 
"{9ADA5464-5E57-452D-A8E4-63756EF73AE8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9D77A592-11CF-44B3-A76B-D38D0DDD8F7F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9ED7FCDC-6F4F-4D91-9747-965015E41069}" = protocol=6 | dir=in | app=d:\call of duty - world at war\codwaw.exe | 
"{A0D955D3-1D1A-4F12-A255-13113B61BCA8}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe | 
"{A6A2206A-8EDC-4FF7-82D5-C509FA43B009}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{AA37E326-1306-4127-8A4C-1CEF576726B8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{AB610899-5CBD-4F21-9E3C-5855E2EB0070}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB8C0860-F581-401A-AD73-D0F6DE69EB67}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B09EAC25-88C6-4C93-9ECF-4741F525CD92}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{B0B5BA1B-F4D3-46D5-90A0-05CE25717085}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B1609969-BEA3-4725-BBB0-2B160CDA20F9}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe | 
"{BC141F76-40BB-4673-A0D6-04604A9DDA9D}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{BCF2C58F-9FA7-451B-BB38-F78752A05475}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C90D13C4-D0AF-49C0-BEE8-0260CBEEA456}" = dir=in | app=c:\program files\cyberlink\powerdirector express\pdx.exe | 
"{CEF1E102-F108-45F1-AD70-BAD9B904F686}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe | 
"{D3832025-A589-4F0D-877A-CEAA160F765E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D4258166-D00E-4785-9286-17AA09A01CE0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DCD0F455-EA11-4C75-87B0-8649F2A72622}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{E1E749EA-C830-4C97-A757-351DF17A1A3D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E57BBC30-7B60-40B2-8F42-48D99522B74C}" = protocol=17 | dir=in | app=c:\users\basti\appdata\local\tversity\media server\mediaserver.exe | 
"{E77089A5-087B-4D50-BB08-9A30FEB42139}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{F0995D43-341C-4140-85F3-3A961A80F153}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F3B917CF-9E3D-4ECC-AAA7-AE4E92A35279}" = protocol=6 | dir=out | app=system | 
"{FDBEC566-A783-468E-8D59-E5F224F0F64B}" = protocol=17 | dir=in | app=d:\call of duty - world at war\codwawmp.exe | 
"TCP Query User{11864471-F79F-4726-9615-A4AA9C07BA2C}D:\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=d:\electronic arts\eadm\core.exe | 
"TCP Query User{27C7DD88-072E-4A39-96CE-A4BF54815C8C}D:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=d:\program files\vuze\azureus.exe | 
"TCP Query User{3AF0B694-6DD0-44CE-90F6-003DDC190CDE}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{4B033598-C7E1-41A4-BE04-A642C846E292}D:\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=d:\electronic arts\eadm\core.exe | 
"TCP Query User{58971C0B-F701-462A-8462-D2DB83A94DBE}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{66A8E826-0BEF-4EBA-94F7-512EB7DE1FC3}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{D12808A3-6582-45D7-B8C4-2F6FEBBA2917}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{D6DE786D-1C09-4E64-8AD4-CDAA8E10413C}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{FE28C814-1C12-48EB-A445-AC8B819989B0}D:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=d:\program files\vuze\azureus.exe | 
"UDP Query User{07DB2828-EB82-44B6-9D92-3F577FDDB594}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{1407F657-A510-4803-9209-8C3EE32CC405}D:\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=d:\electronic arts\eadm\core.exe | 
"UDP Query User{323E3039-3CBB-4D94-8E70-955B0ED29CEF}D:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=d:\program files\vuze\azureus.exe | 
"UDP Query User{3F43C682-71B6-4584-9F97-F34298307D9F}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{478DECA8-3DB5-499D-99A8-AF9474F4B180}D:\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=d:\electronic arts\eadm\core.exe | 
"UDP Query User{6D3FAD3B-91E8-409E-8624-617616CA2E81}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{841738A0-A188-4901-873C-E6F8597F04EC}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{94895169-7EE6-4AE1-803D-011FFB25C8AA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{E1B666E7-F5C2-4A4C-8D78-B236A23DAF7F}D:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=d:\program files\vuze\azureus.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series" = Canon MX850 series
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23F76BD5-9DD6-4121-900B-FBBDF81DC74A}" = AveoCap
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 21
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{825E9A84-1E03-4526-9F8E-45015C938A7C}" = WBFS Manager 4.0
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_WORD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_WORD_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_WORD_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_WORD_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CCC78EF-027E-40E0-9B61-39932C65E3FE}" = Acronis*Disk*Director*Home
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B727BD4D-0C42-43F7-AC60-4AFBDDC732BD}" = FlexPoints 2.01
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CC13FB47-0B90-46C3-9BB7-57D2DB455D4D}" = Microsoft Xbox 360 Accessories 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"AC3Filter" = AC3Filter (remove only)
"Achtung, die Kurve!" = Achtung, die Kurve!
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Akamai" = Akamai NetSession Interface
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"AskSBar Uninstall" = Ask Toolbar
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Canon MX850 series Benutzerregistrierung" = Canon MX850 series Benutzerregistrierung
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"Explorer Suite_is1" = Explorer Suite III
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.34.305
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"HaaliMkx" = Haali Media Splitter
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPOCR" = HP OCR Software 8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Next Generation Graphic Patch Update" = Next Generation Graphic Patch Update
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars" = PokerStars
"PPStream" = PPStream
"SopCast" = SopCast 3.2.4
"Steinberg Cubase SX v3.1.1.944" = Steinberg Cubase SX v3.1.1.944
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosofts Lizenz Kontrolle
"SystemRequirementsLab" = System Requirements Lab
"The Magic Fireplace Screensaver 1.4_is1" = The Magic Fireplace Screensaver 1.4
"TVAnts 1.0" = TVAnts 1.0
"TVersity Codec Pack" = TVersity Codec Pack 1.4
"TVersity Media Server" = TVersity Media Server 1.9.2
"TVUPlayer" = TVUPlayer 2.5.2.2
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.1
"Vuze" = Vuze
"Wave Editor_is1" = Wave Editor 3.1.0.0
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WORD" = Microsoft Office Word 2007
"World Series of Poker 2008" = World Series of Poker 2008: Battle for the Bracelets
"YDKJV2" = YOU DON'T KNOW JACK Volume 2
"You Don't Know Jack 4" = You Don't Know Jack 4 1.00
"Zatacka_is1" = Zatacka 0.1.7
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 19.12.2010 12:52:34 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung explorer.exe, Version 6.0.6001.18164, Zeitstempel
 0x4907e242, fehlerhaftes Modul TosBtShell.dll_unloaded, Version 0.0.0.0, Zeitstempel
 0x45b456f8, Ausnahmecode 0xc0000005, Fehleroffset 0x03a84730,  Prozess-ID 0xe78, 
Anwendungsstartzeit 01cb9f9bf1b11553.
 
Error - 19.12.2010 14:49:54 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6001.18164, Zeitstempel
 0x4907e242, fehlerhaftes Modul TosBtShell.dll_unloaded, Version 0.0.0.0, Zeitstempel
 0x45b456f8, Ausnahmecode 0xc0000005, Fehleroffset 0x079a4733,  Prozess-ID 0xca4, 
Anwendungsstartzeit 01cb9f8737b6daa7.
 
Error - 19.12.2010 15:02:54 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6001.18164, Zeitstempel
 0x4907e242, fehlerhaftes Modul TosBtShell.dll_unloaded, Version 0.0.0.0, Zeitstempel
 0x45b456f8, Ausnahmecode 0xc0000005, Fehleroffset 0x08884730,  Prozess-ID 0x1338,
 Anwendungsstartzeit 01cb9fad89e9cdb8.
 
Error - 01.01.2011 16:28:10 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung MGSysCtrl.exe, Version 1.2.9.0, Zeitstempel 
0x46e10001, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0xd58, Anwendungsstartzeit
 01cba9d5d1220cd6.
 
Error - 04.01.2011 13:50:18 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung MGSysCtrl.exe, Version 1.2.9.0, Zeitstempel 
0x46e10001, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0xf50, Anwendungsstartzeit
 01cbac19603d732f.
 
Error - 11.02.2011 15:04:10 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung cledx.exe, Version 0.3.1412.777, Zeitstempel
 0x427ec9c6, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x004605d2,  Prozess-ID 0x678, Anwendungsstartzeit
 01cbca1e3cf7025a.
 
Error - 11.02.2011 15:21:26 | Computer Name = Basti-PC | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 11.02.2011 15:21:26 | Computer Name = Basti-PC | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 10.03.2011 05:09:23 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung cledx.exe, Version 0.3.1412.777, Zeitstempel
 0x427ec9c6, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x004605d2,  Prozess-ID 0xf14, Anwendungsstartzeit
 01cbdf02cd57eb7f.
 
Error - 27.03.2011 13:01:29 | Computer Name = Basti-PC | Source = Application Hang | ID = 1002
Description = Programm SETUP.EXE, Version 1.3.0.60 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 548  Anfangszeit: 01cbec9fc7cbe1ac  Zeitpunkt der Beendigung:
 0
 
[ Media Center Events ]
Error - 18.08.2010 14:28:43 | Computer Name = Basti-PC | Source = Mcx2Dvcs | ID = 401
Description = 
 
Error - 18.08.2010 14:35:02 | Computer Name = Basti-PC | Source = McrMgr | ID = 107
Description = 
 
Error - 24.08.2010 07:10:09 | Computer Name = Basti-PC | Source = McrMgr | ID = 107
Description = 
 
Error - 24.08.2010 07:18:24 | Computer Name = Basti-PC | Source = McrMgr | ID = 108
Description = 
 
Error - 24.08.2010 07:18:24 | Computer Name = Basti-PC | Source = McrMgr | ID = 108
Description = 
 
Error - 24.08.2010 07:18:39 | Computer Name = Basti-PC | Source = McrMgr | ID = 100
Description = 
 
Error - 24.08.2010 07:18:39 | Computer Name = Basti-PC | Source = McrMgr | ID = 107
Description = 
 
[ System Events ]
Error - 09.12.2009 12:26:04 | Computer Name = Basti-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 10.12.2009 12:58:37 | Computer Name = Basti-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 10.12.2009 16:48:17 | Computer Name = Basti-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 11.12.2009 08:39:29 | Computer Name = Basti-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 11.12.2009 09:06:37 | Computer Name = Basti-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 11.12.2009 09:09:25 | Computer Name = Basti-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 12.12.2009 07:18:20 | Computer Name = Basti-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 12.12.2009 11:42:49 | Computer Name = Basti-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 14.12.2009 02:35:30 | Computer Name = Basti-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 14.12.2009 10:37:16 | Computer Name = Basti-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 14.12.2009 um 08:49:03 unerwartet heruntergefahren.
 
 
< End of report >
Habe da ein paar im Auge, aber bin wahrlich kein Experte:
C:\ProgramData\UEBeSifOsb.exe
C:\Users\Basti\AppData\Local\d3d9caps.dat
C:\Users\Basti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\ProgramData\ezsidmv.dat

Bekomme außerdem ab und zu eine Meldung von Antivir, dass eine 40230664.exe zugreifen möchte.

Bin über jede Hilfe dankbar! Vielen Dank im Voraus!

 

Themen zu tr/kazy.mekml.1
32 bit, akamai, avgntflt.sys, avira, bho, bildschirm, c:\windows\system32\rundll32.exe, call of duty, canon, converter, cubase, error, excel.exe, festplatte, firefox, flash player, google, home, install.exe, intranet, kein zugriff auf eigene dateien, location, logfile, microsoft office word, mp3, msiinstaller, nvlddmkm.sys, object, office 2007, officejet, oldtimer, plug-in, realtek, saver, scan, schwarzer bildschirm, searchplugins, security, security update, senden, server, shell32.dll, shortcut, skype.exe, software, sptd.sys, start menu, svchost.exe, symantec, vista, world at war, wscript.exe


« KaZy.Mekml.1 , auch ich ... | TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart »


Ähnliche Themen: tr/kazy.mekml.1


  1. TR/Kazy.mekml.1 ; 'TR/FakeSysdef.A.621 ; 'TR/Kazy.22847'..
    Log-Analyse und Auswertung - 15.05.2011 (33)
  2. TR/Kazy.mekml.1 - was tun?
    Plagegeister aller Art und deren Bekämpfung - 12.05.2011 (5)
  3. TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 06.05.2011 (1)
  4. Tr/kazy.mekml.1
    Log-Analyse und Auswertung - 03.05.2011 (13)
  5. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 02.05.2011 (2)
  6. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (37)
  7. TR/Kazy.mekml.1 - OTL Fix?
    Log-Analyse und Auswertung - 01.05.2011 (17)
  8. TR/Kazy.mekml.1 ... SOS
    Plagegeister aller Art und deren Bekämpfung - 30.04.2011 (34)
  9. TR/kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 29.04.2011 (10)
  10. TR/kazy.mekml.1
    Mülltonne - 26.04.2011 (0)
  11. TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 26.04.2011 (1)
  12. Osterei: TR/Kazy.mekml.1 und TR/Kazy.20364
    Log-Analyse und Auswertung - 25.04.2011 (1)
  13. kazy.mekml.1
    Log-Analyse und Auswertung - 23.04.2011 (3)
  14. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (6)
  15. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (11)
  16. TR/kazy.mekml.1
    Log-Analyse und Auswertung - 20.04.2011 (16)
  17. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 18.04.2011 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema tr/kazy.mekml.1 - Hallo, habe mir wahrscheinlich auch den tr/kazy.mekml.1 eingefangen. Antivir spuckt diese Meldung aus, schwarzer Bildschirm, kein Zugriff auf eigene Dateien und ständige Fehlermeldungen meine Festplatte sei defekt! Hier meine OTL-Logs: - tr/kazy.mekml.1...
Archiv
Du betrachtest: tr/kazy.mekml.1 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19