Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/Kazy.mekml.1 - Hab schon die OTL logfiles, wie komme ich weiter

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 21.04.2011, 16:27   #1
phoviste
 
TR/Kazy.mekml.1 - Hab schon die OTL logfiles, wie komme ich weiter - Standard

TR/Kazy.mekml.1 - Hab schon die OTL logfiles, wie komme ich weiter



Hallo
Ich hab mich über diesen Virus informiert und sehe dass mein Computer unter die gleichen Symptomen leidet. Also hab ich das mit OTL gemacht und hab beide Textdateien vor mir. Ich weiss ab jetzt nicht mehr was ich weiter tun soll und wäre froh wenn mir jemand weiter helfen könnte.
Vor dem ich "Run Scan" geklickt habe, habe ich folgendes eingestellt (wie bei einem anderen Thread erklärt):

Output: Minimal Output
Extra Registry: Use SafeList
LOP Check: angekreuzt
Purity Check: angekreuzt

Sonst hab ich alles wie es steht gelassen.

Ich bedanke mich schon im voraus für eure Hilfe.

Hier mal die beide Logfiles:

______________________
OTL Extras Lofile:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 21.04.2011 16:20:18 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\phoebe\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,95 Gb Total Space | 84,89 Gb Free Space | 29,48% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,57 Gb Free Space | 45,74% Space Free | Partition Type: NTFS
Drive E: | 4,17 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: LOLA | User Name: phoebe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4B61B9C8-2BB9-4827-BBDF-2CA6DD8D01DB}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{56B67FCC-399E-46B6-8268-C8A97F5ED093}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{872699D6-5F04-4760-9A80-B041756BD51A}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{B5E863F1-25AA-44C5-AAFE-B91E1814D976}" = lport=22 | protocol=6 | dir=in | name=ssh | 
"{BC4E987E-59B0-4013-8839-21037567A32A}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{D948290F-2AD5-457F-B0FE-14B2CFE7FB59}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003A76CB-D213-46F3-938A-9784CE7751E7}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{0141DED5-26AC-4C95-A84B-7496E7CCE303}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{02FAD7C9-BA88-4CA0-BA32-5046239CBABF}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | 
"{0598D4EE-E999-4A44-9378-239161E3F462}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0A4719F4-A5BD-4811-8799-493E4BE03122}" = protocol=17 | dir=in | app=c:\windows\temp\inode_config.exe | 
"{168BDD1E-F695-4ABB-9CB4-470CAB8BD8E7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1F3A04FE-45AD-494E-94EB-EF829FB50D18}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{25008F06-51F4-4032-9688-13D988DDF99C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2F4A5C85-0ABE-4216-912F-E5A5A8F7BC5B}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe | 
"{2F7523AD-4438-45B4-A96C-EC86B71EB3DE}" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 14\archicad.exe | 
"{332A6A2F-23F1-4992-B849-97F22740BD55}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe | 
"{38D5B699-F49E-4B31-A56A-DC51DDCAEC0E}" = protocol=6 | dir=in | app=c:\windows\temp\inode_config.exe | 
"{579BF796-ABE1-46F6-9888-5D0CF320C42A}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe | 
"{6348C8F8-2DC9-43F8-A793-F2385161E98D}" = protocol=17 | dir=in | app=c:\users\phoebe\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6A8D7EA9-E1BE-40B4-AD27-A8E58FA6C2DB}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe | 
"{8C8FD454-2E1B-4623-9EFB-FEDFBE52E20A}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe | 
"{9E8D4868-F879-46A8-B51D-7AC6D6F1A778}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | 
"{B77722EE-8325-4211-A0C3-7C0AD40A7C34}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B96B6A81-96B3-4E11-9BC5-44B15532E986}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe | 
"{C416F4C8-045C-402A-A6B7-67EBD98D65A5}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{C4800F00-188F-4D6B-ADBE-EF82EF2B6ACB}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{D5A4524E-9550-49D7-8EDA-1F42B707952E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{E4DE8905-F292-440E-86AF-54559C691F10}" = protocol=6 | dir=in | app=c:\users\phoebe\appdata\roaming\dropbox\bin\dropbox.exe | 
"{ECE8680B-F91A-4E27-8FCA-3FDDC1C30C98}" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 14\archicad.exe | 
"{F5EF69D8-9FCF-41A1-8D44-148B3A64F15A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{329DF8A0-208C-4690-BA5A-56A49437594C}C:\program files\graphisoft\archicad 13\archicad.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 13\archicad.exe | 
"TCP Query User{4EDCC1EE-C501-4446-9398-CDAE3D5930E3}C:\program files\graphisoft\archicad 14\archicad.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 14\archicad.exe | 
"TCP Query User{A50843ED-11D0-4D4F-80F5-D21C3F6B12B5}C:\program files\graphisoft\archicad 14\gsreport.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 14\gsreport.exe | 
"TCP Query User{A60DA297-02D9-471B-9E87-1288C1E89F5D}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe | 
"TCP Query User{C77FC699-05E6-4F8F-8941-6DD816A41991}C:\program files\graphisoft\archicad 13\archicad.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 13\archicad.exe | 
"TCP Query User{DBC3DA58-E0BC-43C6-94AF-5D49584B30A7}C:\program files\graphisoft\archicad 12\archicad.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 12\archicad.exe | 
"TCP Query User{ECCC239C-AEB0-4A69-B9C6-B8C8B30C6511}C:\program files\graphisoft\archicad 12\archicad.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 12\archicad.exe | 
"UDP Query User{15EC4679-0B31-4A8B-9384-6718D6E1CC98}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe | 
"UDP Query User{68B232D5-8060-43FF-A9BD-0B2B49E49DBF}C:\program files\graphisoft\archicad 14\archicad.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 14\archicad.exe | 
"UDP Query User{9658FB90-1C1A-4A69-B38F-85DAE3CB2F68}C:\program files\graphisoft\archicad 12\archicad.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 12\archicad.exe | 
"UDP Query User{E526034D-80CF-4582-8630-2E08181772DF}C:\program files\graphisoft\archicad 13\archicad.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 13\archicad.exe | 
"UDP Query User{EDF92636-5842-40DF-A3EF-ED72E04599BC}C:\program files\graphisoft\archicad 13\archicad.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 13\archicad.exe | 
"UDP Query User{FAB03D31-6230-49D8-9F0E-B0E48680D0D7}C:\program files\graphisoft\archicad 14\gsreport.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 14\gsreport.exe | 
"UDP Query User{FBCFED77-3DD4-4E2F-A26C-80D10EDE5F0D}C:\program files\graphisoft\archicad 12\archicad.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 12\archicad.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0709B06B-82BC-6073-0E43-DE107DF1389C}" = Catalyst Control Center Localization Spanish
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11D03BF4-A66F-325E-7762-4F64586C673F}" = Catalyst Control Center Graphics Full New
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}" = BlackBerry Desktop Software 4.6
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15EB6A85-A28D-2ED8-C344-DEBC592F2E12}" = Catalyst Control Center Localization German
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{28C3CD30-2DF4-FEFA-3F4E-D6C1C3257FCE}" = ccc-core-static
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{32C2CBBB-4540-E526-206D-B7BC7932D82F}" = CCC Help Danish
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft VC80 Support DLLs
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{425819E1-D68E-8CE1-85D5-CDBA64E82DDE}" = CCC Help Japanese
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4392E2AF-1643-29DA-E873-C94D547467D7}" = Catalyst Control Center Localization Swedish
"{44FDDB51-0E97-DD4A-9FB2-8D394DBEE47F}" = CCC Help Dutch
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{48C86A94-A6C0-D2D0-1649-ECB00D2DF4DE}" = Catalyst Control Center Localization Norwegian
"{48CC1AD8-2013-82B3-284F-E0253195664F}" = Catalyst Control Center Localization French
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{496C34BF-9DE5-9628-48CC-052DD6A8453E}" = Catalyst Control Center Core Implementation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A4D109A-D9C4-E460-4F9A-0252F581D600}" = CCC Help Swedish
"{4CA09BF7-1CFC-44B8-80EA-7B4D15D12DC5}" = Catalyst Control Center - Branding
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57847CB0-95DA-D785-B170-1F00FC79B860}" = Catalyst Control Center Localization Chinese Traditional
"{5A72A2C4-9D4A-0718-DA28-95B73C2270DA}" = Catalyst Control Center Localization Danish
"{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}" = Rhinoceros 4.0
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682FED0E-738E-0048-F448-B3EE427978CC}" = Catalyst Control Center Localization Japanese
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B00208E-2844-7480-5F50-6515A5907F0B}" = CCC Help Norwegian
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E12A66-1AEC-3816-E75A-330998F2D40C}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79FBDD2E-DD2B-141A-DCF0-B8C125B5A008}" = Catalyst Control Center Graphics Previews Vista
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C63DFEB-6176-C3F1-AA83-F997E32B44EA}" = Catalyst Control Center Localization Portuguese
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84557D91-D8C7-D7A4-1393-3AB3A16106C7}" = CCC Help Chinese Traditional
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{9266D931-C05C-86F5-B74A-B1A382249916}" = Catalyst Control Center Localization Italian
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94333A1C-DC4A-E70F-FA92-16AB6F2443D6}" = Catalyst Control Center Graphics Full Existing
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{974BBAF1-048D-4230-2254-62FEA00B18E9}" = Skins
"{99484975-321E-495B-8171-2797B82392DD}" = inode FTP
"{998D91BE-65FE-8B9D-5C6E-1D52401EAAA1}" = CCC Help English
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB377EE-454D-374C-C309-D2DFA9AB535B}" = CCC Help Italian
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A4874CD2-6942-E7A7-3690-277B9CB56DF5}" = Catalyst Control Center Graphics Light
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B578DD15-CB17-CBB8-611E-D1AE7D5568AC}" = Catalyst Control Center Graphics Previews Common
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC5C42B3-CE50-8D5E-A495-6C48C0FF6336}" = CCC Help Portuguese
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BEFFB92B-8238-E6B7-E9D4-494BA407E593}" = Catalyst Control Center Localization Korean
"{BFC19AEE-8C4D-65BF-3BAE-729D1252E86C}" = Catalyst Control Center InstallProxy
"{C177F7FD-C061-003B-47F6-41483424517B}" = Catalyst Control Center Localization Chinese Standard
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3171626-2269-7CF9-82AC-7BFC534A0E6A}" = ccc-utility
"{D86C72D4-57DB-D59E-1FE3-9ED8819B28C4}" = Catalyst Control Center Localization Russian
"{DAD207CE-44D2-0C73-198B-8DD3B4F27426}" = CCC Help Spanish
"{E1ED3247-902C-9B94-31AB-81572A6D77AA}" = Catalyst Control Center Localization Dutch
"{E374F278-E64E-D574-332F-AE9241580749}" = CCC Help Chinese Standard
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E60E58A1-6093-3DFC-C382-3702EFB40F0E}" = CCC Help French
"{E87A027B-8051-4323-1B8D-34CB90A9EEBE}" = CCC Help German
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EAD1C99F-6325-E477-C94C-58B2DB656959}" = Catalyst Control Center Localization Finnish
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6377647-81AF-41C0-BC7E-06CF37E204AB}" = Roxio Media Manager
"{F688B66F-AC95-809B-0056-154AF871D5EF}" = CCC Help Finnish
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FC41BB0E-F005-F0B8-9040-18E935D752E7}" = CCC Help Russian
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"001FFF1FFF13FF00FF0901F00F02F000-R1" = ArchiCAD 13 AUT
"001FFF1FFF14FF00FF0901F01F02F000-R1" = ArchiCAD 14 AUT
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_5445c5ddd9a5c69582d3c1e2bba18f7" = Adobe Creative Suite 4 Master Collection
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BlackBerry_{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}" = BlackBerry Desktop Software 4.6
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OA001" = Integrated Webcam Driver (1.05.02.1227) 
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"EPSON S21 Series" = EPSON S21 Series Printer Uninstall
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Audio Dub_is1" = Free Audio Dub version 1.5
"Free YouTube Download_is1" = Free YouTube Download version 2.10.33.324
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"GoToAssist" = GoToAssist 8.0.0.514
"inode FTP" = inode FTP
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"ScanQuery" = ScanQuery 1.0 build 121 powered by FIRST SEARCHBAR
"Security Task Manager" = Security Task Manager 1.8c
"ShopperReportsSA" = ShopperReports
"Sibelius 6 Demo_is1" = Sibelius 6.1.0.3 Demo
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.3
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 18.04.2011 02:51:08 | Computer Name = lola | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 18.04.2011 02:51:08 | Computer Name = lola | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 25569
 
Error - 18.04.2011 02:51:08 | Computer Name = lola | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 25569
 
Error - 18.04.2011 05:29:19 | Computer Name = lola | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 18.04.2011 05:29:19 | Computer Name = lola | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1389
 
Error - 18.04.2011 05:29:19 | Computer Name = lola | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1389
 
Error - 18.04.2011 05:29:20 | Computer Name = lola | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 18.04.2011 05:29:20 | Computer Name = lola | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2418
 
Error - 18.04.2011 05:29:20 | Computer Name = lola | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2418
 
Error - 18.04.2011 05:29:21 | Computer Name = lola | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
[ System Events ]
Error - 21.04.2011 04:26:32 | Computer Name = lola | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden.
 
Error - 21.04.2011 04:26:32 | Computer Name = lola | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden.
 
Error - 21.04.2011 04:26:32 | Computer Name = lola | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden.
 
Error - 21.04.2011 04:26:32 | Computer Name = lola | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden.
 
Error - 21.04.2011 08:29:59 | Computer Name = lola | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 21.04.2011 09:49:56 | Computer Name = lola | Source = HTTP | ID = 15016
Description = 
 
Error - 21.04.2011 09:51:00 | Computer Name = lola | Source = DCOM | ID = 10016
Description = 
 
Error - 21.04.2011 09:51:18 | Computer Name = lola | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.04.2011 09:51:18 | Computer Name = lola | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 21.04.2011 10:00:17 | Computer Name = lola | Source = Service Control Manager | ID = 7022
Description = 
 
 
< End of report >
         
--- --- ---
_______________________________________

OTL Logfile:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.04.2011 16:20:18 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\phoebe\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,95 Gb Total Space | 84,89 Gb Free Space | 29,48% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,57 Gb Free Space | 45,74% Space Free | Partition Type: NTFS
Drive E: | 4,17 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: LOLA | User Name: phoebe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\phoebe\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\cygwin\usr\sbin\sshd.exe ()
PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Programme\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Programme\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFAE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Programme\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
PRC - C:\cygwin\bin\cygrunsrv.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\phoebe\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (ScanQuery Service) -- File not found
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (sshd) -- C:\cygwin\bin\cygrunsrv.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (OA001Ufd) -- C:\Windows\System32\drivers\OA001Ufd.sys (Creative Technology Ltd.)
DRV - (OA001Vid) -- C:\Windows\System32\drivers\OA001Vid.sys (Creative Technology Ltd.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. )
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=at&l=de&s=gen
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "www.google.at"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 49
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}:1.0
FF - prefs.js..extensions.enabledItems: ShopperReports@ShopperReports.com:3.0.517.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
 
FF - HKLM\software\mozilla\Firefox\Extensions\\ShopperReports@ShopperReports.com: C:\Program Files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions [2011.04.19 21:59:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.30 02:24:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.19 22:07:51 | 000,000,000 | ---D | M]
 
[2009.07.08 22:10:15 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\phoebe\AppData\Roaming\mozilla\Extensions
[2011.04.20 17:21:21 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\phoebe\AppData\Roaming\mozilla\Firefox\Profiles\funpck7m.default\extensions
[2011.04.20 18:45:48 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\phoebe\AppData\Roaming\mozilla\Firefox\Profiles\funpck7m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.20 18:45:48 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\phoebe\AppData\Roaming\mozilla\Firefox\Profiles\funpck7m.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.20 18:45:48 | 000,000,000 | -H-D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\phoebe\AppData\Roaming\mozilla\Firefox\Profiles\funpck7m.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.03.29 00:20:24 | 000,000,873 | -H-- | M] () -- C:\Users\phoebe\AppData\Roaming\Mozilla\Firefox\Profiles\funpck7m.default\searchplugins\conduit.xml
[2011.04.19 21:59:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.06 15:51:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.04.19 21:59:39 | 000,000,000 | ---D | M] (ScanQuery) -- C:\Programme\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}
[2009.08.05 16:55:01 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009.11.28 15:34:35 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.07.06 15:51:22 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.04.19 21:59:39 | 000,000,000 | ---D | M] (ScanQuery) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}
[2011.04.19 21:59:18 | 000,000,000 | ---D | M] (ShopperReports) -- C:\PROGRAM FILES\SHOPPERREPORTS3\BIN\3.0.517.0\FIREFOX\FIREFOXTOOLBAR\EXTENSIONS
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.07 18:38:19 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.07 18:38:19 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.07 18:38:19 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.07 18:38:19 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.07 18:38:19 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ares] File not found
O4 - HKCU..\Run: [bMDKqKPoEawbT] C:\ProgramData\bMDKqKPoEawbT.exe (BitSprx)
O4 - HKCU..\Run: [EPSON S21 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\phoebe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B5 00 00 00 [binary data]
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube Download - C:\Users\phoebe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\phoebe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.07.24 01:23:12 | 000,000,077 | R--- | M] () - E:\AUTORUN.INF -- [ UDF ]
O32 - AutoRun File - [2008.09.09 20:31:36 | 000,000,000 | R--D | M] - E:\Autoplay -- [ UDF ]
O32 - AutoRun File - [2008.08.06 07:23:05 | 000,189,808 | R--- | M] (Adobe Systems Incorporated) - E:\Autoplay.exe -- [ UDF ]
O33 - MountPoints2\{3d10c91a-14d1-11de-9b19-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3d10c91a-14d1-11de-9b19-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autoplay.exe -- [2008.08.06 07:23:05 | 000,189,808 | R--- | M] (Adobe Systems Incorporated)
O33 - MountPoints2\{a137c6e4-e0df-11df-8fa0-002219e3205b}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O33 - MountPoints2\{b0f6d438-5871-11de-9217-002219e3205b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{b0f6d43b-5871-11de-9217-002219e3205b}\Shell - "" = AutoRun
O33 - MountPoints2\{b0f6d43b-5871-11de-9217-002219e3205b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{b0f6d44e-5871-11de-9217-002219e3205b}\Shell\AutoRun\command - "" = WDSetup.exe
O33 - MountPoints2\{bf529b39-4ad0-11de-b111-002219e3205b}\Shell\AutoRun\command - "" = xp32.exe
O33 - MountPoints2\{bf529b39-4ad0-11de-b111-002219e3205b}\Shell\explore\Command - "" = xp32.exe
O33 - MountPoints2\{bf529b39-4ad0-11de-b111-002219e3205b}\Shell\open\Command - "" = xp32.exe
O33 - MountPoints2\{fdb9ed85-9fd5-11de-bc41-002219e3205b}\Shell - "" = AutoRun
O33 - MountPoints2\{fdb9ed85-9fd5-11de-bc41-002219e3205b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.21 14:26:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\SecTaskMan
[2011.04.21 14:25:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2011.04.21 14:24:45 | 000,000,000 | ---D | C] -- C:\Programme\Security Task Manager
[2011.04.19 23:09:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011.04.19 22:57:46 | 000,000,000 | -H-D | C] -- C:\Users\phoebe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.04.19 22:47:40 | 000,569,344 | -H-- | C] (BitSprx) -- C:\ProgramData\bMDKqKPoEawbT.exe
[2011.04.19 22:00:57 | 000,000,000 | -H-D | C] -- C:\Users\phoebe\AppData\Local\Ares
[2011.04.19 22:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares
[2011.04.19 21:59:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\ScanQuery
[2011.04.19 21:59:33 | 000,000,000 | ---D | C] -- C:\Programme\ScanQuery
[2011.04.19 21:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports
[2011.04.19 21:59:12 | 000,000,000 | -H-D | C] -- C:\Users\phoebe\AppData\Roaming\ShopperReports3
[2011.04.19 21:59:12 | 000,000,000 | ---D | C] -- C:\Programme\ShopperReports3
[2011.04.16 01:40:31 | 000,000,000 | -H-D | C] -- C:\Users\phoebe\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.14 08:15:59 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.14 08:15:59 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.14 08:15:48 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.14 08:15:48 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.14 08:15:37 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.14 08:15:30 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.14 08:15:28 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.14 08:15:28 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.14 08:15:28 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.14 08:15:28 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.14 08:15:28 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.14 08:15:28 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.04.14 08:15:28 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.14 08:15:28 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011.04.14 08:15:28 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.14 08:15:23 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.14 08:15:20 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.14 08:15:19 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.03.31 19:48:36 | 000,000,000 | -H-D | C] -- C:\Users\phoebe\myself
[2011.03.30 22:57:32 | 000,000,000 | RH-D | C] -- C:\Users\phoebe\Searches
[2011.03.30 22:42:42 | 000,000,000 | -H-D | C] -- C:\cygwin
[2009.08.06 16:03:57 | 008,653,312 | -H-- | C] (Dell, Inc. ) -- C:\Users\phoebe\AppData\Roaming\DataSafeDotNet.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.21 15:56:39 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.21 15:56:39 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.21 15:56:39 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.21 15:56:39 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.21 15:50:37 | 000,487,424 | ---- | M] () -- C:\ProgramData\41344776.exe
[2011.04.21 15:49:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 15:49:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 15:49:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.21 15:49:45 | 3213,774,848 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.19 22:57:47 | 000,000,192 | -H-- | M] () -- C:\ProgramData\~42458888
[2011.04.19 22:57:47 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~42458888r
[2011.04.19 22:57:46 | 000,000,585 | -H-- | M] () -- C:\Users\phoebe\Desktop\Windows Recovery.lnk
[2011.04.19 22:57:41 | 000,000,336 | -H-- | M] () -- C:\ProgramData\42458888
[2011.04.19 22:47:40 | 000,569,344 | -H-- | M] (BitSprx) -- C:\ProgramData\bMDKqKPoEawbT.exe
[2011.04.19 20:27:24 | 000,001,107 | -H-- | M] () -- C:\Users\phoebe\Desktop\Free YouTube Download.lnk
[2011.04.19 20:05:13 | 000,105,472 | -H-- | M] () -- C:\Users\phoebe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.19 17:05:32 | 000,872,844 | -H-- | M] () -- C:\Users\phoebe\Documents\IMGP5915.JPG
[2011.04.19 17:05:14 | 001,053,510 | -H-- | M] () -- C:\Users\phoebe\Documents\IMGP5914.JPG
[2011.04.19 17:04:58 | 000,913,609 | -H-- | M] () -- C:\Users\phoebe\Documents\IMGP5913.JPG
[2011.04.16 16:33:58 | 002,286,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.16 13:25:28 | 001,727,704 | -H-- | M] () -- C:\Users\phoebe\Mappe_2011_April.pdf
[2011.04.15 22:26:39 | 000,006,836 | -H-- | M] () -- C:\Users\phoebe\AppData\Local\d3d9caps.dat
[2011.04.12 23:41:25 | 000,013,738 | -H-- | M] () -- C:\Users\phoebe\736339_hFfWHrHa_b.jpg
[2011.04.12 23:41:17 | 000,011,734 | -H-- | M] () -- C:\Users\phoebe\080410-comb-jelly2-02.jpg
[2011.04.12 23:40:39 | 000,050,502 | -H-- | M] () -- C:\Users\phoebe\filtro.jpg
[2011.04.12 23:40:05 | 000,522,624 | -H-- | M] () -- C:\Users\phoebe\fuer phoebe.tiff
[2011.04.11 03:31:45 | 005,467,869 | -H-- | M] () -- C:\Users\phoebe\05 - Inflammatory Writ.mp3
[2011.03.23 20:33:15 | 000,220,475 | -H-- | M] () -- C:\Users\phoebe\Vorschlag Cover.jpg
 
========== Files Created - No Company Name ==========
 
[2011.04.21 15:50:37 | 000,487,424 | ---- | C] () -- C:\ProgramData\41344776.exe
[2011.04.20 17:10:29 | 001,429,077 | -H-- | C] () -- C:\Users\phoebe\Desktop\P1050280.JPG
[2011.04.20 17:10:29 | 001,409,118 | -H-- | C] () -- C:\Users\phoebe\Desktop\P1050278.JPG
[2011.04.20 17:10:29 | 001,388,276 | -H-- | C] () -- C:\Users\phoebe\Desktop\P1050283.JPG
[2011.04.20 17:10:29 | 001,336,726 | -H-- | C] () -- C:\Users\phoebe\Desktop\P1050284.JPG
[2011.04.20 17:10:29 | 001,331,765 | -H-- | C] () -- C:\Users\phoebe\Desktop\P1050285.JPG
[2011.04.20 17:10:29 | 001,324,742 | -H-- | C] () -- C:\Users\phoebe\Desktop\P1050286.JPG
[2011.04.20 17:10:29 | 001,311,030 | -H-- | C] () -- C:\Users\phoebe\Desktop\P1050279.JPG
[2011.04.20 17:10:29 | 001,303,691 | -H-- | C] () -- C:\Users\phoebe\Desktop\P1050281.JPG
[2011.04.20 17:10:29 | 001,245,596 | -H-- | C] () -- C:\Users\phoebe\Desktop\P1050277.JPG
[2011.04.20 17:10:29 | 001,195,672 | -H-- | C] () -- C:\Users\phoebe\Desktop\P1050282.JPG
[2011.04.19 22:57:47 | 000,000,192 | -H-- | C] () -- C:\ProgramData\~42458888
[2011.04.19 22:57:47 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~42458888r
[2011.04.19 22:57:46 | 000,000,585 | -H-- | C] () -- C:\Users\phoebe\Desktop\Windows Recovery.lnk
[2011.04.19 22:57:41 | 000,000,336 | -H-- | C] () -- C:\ProgramData\42458888
[2011.04.19 20:27:24 | 000,001,107 | -H-- | C] () -- C:\Users\phoebe\Desktop\Free YouTube Download.lnk
[2011.04.19 17:04:34 | 001,053,510 | -H-- | C] () -- C:\Users\phoebe\Documents\IMGP5914.JPG
[2011.04.19 17:04:34 | 000,913,609 | -H-- | C] () -- C:\Users\phoebe\Documents\IMGP5913.JPG
[2011.04.19 17:04:34 | 000,872,844 | -H-- | C] () -- C:\Users\phoebe\Documents\IMGP5915.JPG
[2011.04.16 13:25:27 | 001,727,704 | -H-- | C] () -- C:\Users\phoebe\Mappe_2011_April.pdf
[2011.04.12 23:41:22 | 000,013,738 | -H-- | C] () -- C:\Users\phoebe\736339_hFfWHrHa_b.jpg
[2011.04.12 23:40:58 | 000,011,734 | -H-- | C] () -- C:\Users\phoebe\080410-comb-jelly2-02.jpg
[2011.04.12 23:40:31 | 000,050,502 | -H-- | C] () -- C:\Users\phoebe\filtro.jpg
[2011.04.12 23:39:36 | 000,522,624 | -H-- | C] () -- C:\Users\phoebe\fuer phoebe.tiff
[2011.04.11 03:28:11 | 005,467,869 | -H-- | C] () -- C:\Users\phoebe\05 - Inflammatory Writ.mp3
[2011.03.23 20:33:08 | 000,220,475 | -H-- | C] () -- C:\Users\phoebe\Vorschlag Cover.jpg
[2010.07.06 15:52:19 | 000,000,425 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2010.07.06 15:52:19 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.02.03 22:03:29 | 000,004,096 | -H-- | C] () -- C:\Users\phoebe\AppData\Local\keyfile3.drm
[2010.01.30 23:30:17 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.11.29 14:03:53 | 000,001,086 | -H-- | C] () -- C:\Users\phoebe\AppData\Local\F1C3C386.il
[2009.11.29 14:03:53 | 000,000,280 | -H-- | C] () -- C:\Users\phoebe\AppData\Local\IndexIE_F1C3C386.il
[2009.09.03 21:07:21 | 000,000,000 | ---- | C] () -- C:\Windows\PCFriend.INI
[2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.06.26 07:52:52 | 000,006,836 | -H-- | C] () -- C:\Users\phoebe\AppData\Local\d3d9caps.dat
[2009.03.28 14:05:31 | 000,004,716 | -H-- | C] () -- C:\Users\phoebe\AppData\Roaming\wklnhst.dat
[2009.03.27 17:59:45 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2009.03.27 17:43:43 | 000,105,472 | -H-- | C] () -- C:\Users\phoebe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.25 23:30:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.03.20 07:57:10 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009.03.20 07:57:10 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.03.20 07:57:10 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.03.20 07:57:10 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2009.03.20 07:53:36 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.03.20 07:53:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.03.20 00:06:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.03.19 23:33:49 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008.01.21 09:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 002,286,992 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002.05.16 01:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll
[2002.05.04 15:19:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\avisynthEx.dll
[1998.10.11 01:07:38 | 000,088,576 | ---- | C] () -- C:\Windows\System32\Iticheck.dll
 
< End of report >
         
--- --- ---

 

Themen zu TR/Kazy.mekml.1 - Hab schon die OTL logfiles, wie komme ich weiter
0x00000001, adobe after effects, avgntflt.sys, avira, bho, bonjour, c:\windows\system32\rundll32.exe, computer, conduit, desktop, error, excel, excel.exe, flash player, format, google, helper, home, hängen, install.exe, location, mozilla, mp3, oldtimer, otl.exe, pixel, plug-in, registry, rundll, saver, scan, sched.exe, searchplugins, security, security scan, server, shell32.dll, shortcut, skype.exe, software, start menu, sttray.exe, tcp, third party, virus, vista




Ähnliche Themen: TR/Kazy.mekml.1 - Hab schon die OTL logfiles, wie komme ich weiter


  1. sbcvvhost_win86 sperrt alles - wie komme ich an logfiles?
    Plagegeister aller Art und deren Bekämpfung - 30.12.2011 (8)
  2. TR/kazy.mekml.1 - OTL durchgeführt, wie gehts weiter
    Log-Analyse und Auswertung - 01.06.2011 (30)
  3. TR/Kazy.mekml.1 ; 'TR/FakeSysdef.A.621 ; 'TR/Kazy.22847'..
    Log-Analyse und Auswertung - 15.05.2011 (33)
  4. Kazy mekml 1 schon gelöscht aber.......
    Log-Analyse und Auswertung - 04.05.2011 (14)
  5. Trojaner Tr Kazy mekml 1 gefunden: Logfiles
    Log-Analyse und Auswertung - 02.05.2011 (14)
  6. TR/Kazy.mekml.1 eingefangen. OTL ist drüber, wie gehts weiter?
    Log-Analyse und Auswertung - 02.05.2011 (15)
  7. Auch Probleme mit TR/Kazy.mekml.1 (schon alles befolgt....
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (16)
  8. TR/Kazy.mekml.1 - Nach "Loeschung" weiter aktiv ?
    Plagegeister aller Art und deren Bekämpfung - 27.04.2011 (1)
  9. Frau in Not :-) logfiles tr/kazy.mekml.1
    Log-Analyse und Auswertung - 27.04.2011 (2)
  10. Trojanisches Pferd Kazy mekml 1 ( Windows 7 schon neu aufgesetzt) Berechtigungen ?
    Log-Analyse und Auswertung - 27.04.2011 (6)
  11. TR/kazy.mekml.1 Problem-Reporte schon erstellt
    Log-Analyse und Auswertung - 26.04.2011 (13)
  12. Osterei: TR/Kazy.mekml.1 und TR/Kazy.20364
    Log-Analyse und Auswertung - 25.04.2011 (1)
  13. Trojaner Kazy.mekml.1 OTL-File schon erstellt
    Plagegeister aller Art und deren Bekämpfung - 23.04.2011 (5)
  14. Ich komme nicht weiter
    Alles rund um Windows - 07.04.2011 (15)
  15. komme nicht weiter
    Log-Analyse und Auswertung - 20.07.2006 (3)
  16. Komme nicht weiter
    Plagegeister aller Art und deren Bekämpfung - 11.02.2006 (1)
  17. Komme nicht weiter ..............
    Log-Analyse und Auswertung - 02.02.2005 (5)

Zum Thema TR/Kazy.mekml.1 - Hab schon die OTL logfiles, wie komme ich weiter - Hallo Ich hab mich über diesen Virus informiert und sehe dass mein Computer unter die gleichen Symptomen leidet. Also hab ich das mit OTL gemacht und hab beide Textdateien vor - TR/Kazy.mekml.1 - Hab schon die OTL logfiles, wie komme ich weiter...
Archiv
Du betrachtest: TR/Kazy.mekml.1 - Hab schon die OTL logfiles, wie komme ich weiter auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.