| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Kazy.mekml.1 und jetzt?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.04.2011, 21:05
| #1 |
| |  TR/Kazy.mekml.1 und jetzt? hallo haben seit heut auch den TR/Kazy.mekml.1 und nachdem ich hier schon n bisschen gelesen hab, den OTL runtergeladen und einen scan durchlaufen lassen. hier die ergebnisse: OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.04.2011 21:05:41 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\pablo\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 216,41 Gb Total Space | 24,01 Gb Free Space | 11,09% Space Free | Partition Type: NTFS Drive D: | 107,22 Gb Total Space | 89,70 Gb Free Space | 83,66% Space Free | Partition Type: NTFS Drive O: | 245,59 Mb Total Space | 245,03 Mb Free Space | 99,77% Space Free | Partition Type: FAT Computer Name: PABLO-PC | User Name: pablo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.21 20:59:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\pablo\Desktop\OTL.exe PRC - [2011.04.21 14:18:25 | 000,569,344 | ---- | M] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe PRC - [2011.04.08 17:17:40 | 000,176,848 | ---- | M] (iWin Inc.) -- C:\Programme\iWin Games\iWinTrusted.exe PRC - [2010.09.16 18:36:40 | 000,328,568 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\uTorrent\uTorrent.exe PRC - [2010.09.01 08:39:18 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010.07.06 16:01:16 | 002,634,048 | ---- | M] (Veoh Networks) -- C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe PRC - [2010.03.28 21:47:44 | 001,692,440 | ---- | M] (ParetoLogic) -- C:\Programme\ParetoLogic\FileCure\FileCure.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.10.30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTLite.exe PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.04.17 10:01:48 | 000,366,849 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\guardgui.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.02.13 08:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFME.EXE PRC - [2008.07.21 15:07:44 | 002,752,512 | -H-- | M] (Electronic Arts) -- C:\Programme\Electronic Arts\EADM\Core.exe PRC - [2008.06.10 20:26:28 | 000,222,456 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2008.05.27 19:35:30 | 000,040,960 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Programme\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe PRC - [2008.02.26 17:24:06 | 004,939,776 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.10.23 14:52:26 | 002,764,800 | ---- | M] () -- C:\RecInfo\RecInfo.exe PRC - [2007.10.12 15:00:12 | 000,180,224 | ---- | M] (hablamax) -- C:\ProgramData\Web.de\adminsvc.exe PRC - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2007.05.17 23:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe PRC - [2007.04.10 23:46:52 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe PRC - [2006.12.08 10:52:04 | 000,204,800 | -H-- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe PRC - [2006.11.02 11:44:50 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe PRC - [2006.10.25 00:08:40 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccApp.exe PRC - [2006.10.25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) -- c:\Programme\Common Files\Symantec Shared\ccSvcHst.exe PRC - [2006.09.20 20:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) -- c:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe ========== Modules (SafeList) ========== MOD - [2011.04.21 20:59:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\pablo\Desktop\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.04.08 17:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Programme\iWin Games\iWinTrusted.exe -- (iWinTrusted) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.06.10 20:26:28 | 000,222,456 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2008.04.02 03:26:27 | 001,174,152 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) SRV - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.10.12 15:00:12 | 000,180,224 | ---- | M] (hablamax) [Auto | Running] -- C:\ProgramData\Web.de\adminsvc.exe -- (AdminSVC) SRV - [2007.09.26 10:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler) SRV - [2007.05.17 23:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2006.12.08 10:52:04 | 000,204,800 | -H-- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) SRV - [2006.10.27 02:18:36 | 000,080,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc) SRV - [2006.10.25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex) SRV - [2006.10.25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2006.10.25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2006.10.25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2006.10.13 17:29:12 | 000,049,296 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost) SRV - [2006.09.20 20:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore) ========== Driver Services (SafeList) ========== DRV - [2010.01.29 16:16:51 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010.01.29 16:16:50 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.01.28 22:20:23 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.12.07 21:09:28 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.03.27 10:03:00 | 007,738,816 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2008.04.02 03:27:05 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2008.02.14 15:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.07.02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32) DRV - [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32) DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID) DRV - [2007.04.10 23:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000) DRV - [2006.11.06 12:14:10 | 001,119,616 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32) DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.10.24 15:40:22 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI) DRV - [2006.10.24 15:40:22 | 000,144,784 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW) DRV - [2006.10.24 15:40:22 | 000,038,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS) DRV - [2006.10.24 15:40:22 | 000,037,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV) DRV - [2006.10.24 15:40:22 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV) DRV - [2006.10.24 15:40:22 | 000,011,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS) DRV - [2006.10.20 06:10:16 | 000,202,872 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys -- (IDSvix86) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://go.web.de/tab2 [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/home IE - HKLM\..\URLSearchHook: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Programme\iWin\tbiWin.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://go.web.de/tab2 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/home IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Programme\iWin\tbiWin.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13" FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2008.11.13 21:49:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\PROGRA~1\Mozilla Firefox\components [2010.12.27 20:40:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\PROGRA~1\Mozilla Firefox\plugins [2010.09.15 10:49:28 | 000,000,000 | ---D | M] [2008.11.06 23:44:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\pablo\AppData\Roaming\mozilla\Extensions [2008.11.06 23:44:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\pablo\AppData\Roaming\mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241} [2010.12.19 16:38:13 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions [2009.09.26 14:19:15 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008.11.06 23:47:26 | 000,000,000 | -H-D | M] ("I ♥ Miro") -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions\{216ec66d-214a-43ea-92f0-5373f8405c88} [2008.10.30 00:30:26 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009.12.08 22:56:24 | 000,000,000 | -H-D | M] (DVDVideoSoft Toolbar) -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2010.01.28 22:21:05 | 000,000,000 | -H-D | M] ("DAEMON Tools Toolbar") -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions\DTToolbar@toolbarnet.com [2009.12.08 22:56:44 | 000,000,873 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\conduit.xml [2010.01.28 22:20:55 | 000,002,055 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\daemon-search.xml [2010.12.19 04:48:16 | 000,000,950 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\icqplugin-1.xml [2008.10.28 23:54:08 | 000,000,950 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\icqplugin-2.xml [2008.11.24 21:53:42 | 000,000,950 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\icqplugin-3.xml [2009.10.15 20:04:51 | 000,000,950 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\icqplugin-4.xml [2008.10.28 19:12:41 | 000,000,962 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\icqplugin.xml [2008.09.27 14:09:54 | 000,000,273 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\search.xml [2010.11.29 17:50:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2008.10.28 19:16:01 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.10.13 19:58:33 | 000,000,000 | ---D | M] (Talkback) -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org [2008.10.28 19:16:01 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07} [2009.10.02 17:06:22 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\{B13721C7-F507-4982-B2E5-502A71474FED} [2008.10.29 10:35:04 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [2010.01.17 16:59:41 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2009.10.13 19:58:33 | 000,000,000 | ---D | M] (Talkback) -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\TALKBACK@MOZILLA.ORG [2008.11.13 21:49:39 | 000,000,000 | ---D | M] (iWinGames Plugin) -- C:\PROGRAMDATA\IWIN GAMES\FIREFOX [2009.10.13 19:58:23 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jar50.dll [2009.10.13 19:58:23 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jsd3250.dll [2009.10.13 19:58:23 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\myspell.dll [2009.10.13 19:58:24 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\spellchk.dll [2009.10.13 19:58:24 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\xpinstal.dll [2009.01.06 21:16:47 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Programme\Mozilla Firefox\plugins\npgcplug.dll [2005.04.27 22:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Programme\Mozilla Firefox\plugins\npracplug.dll [2009.10.13 19:58:31 | 000,001,525 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.10.13 19:58:31 | 000,001,063 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.10.13 19:58:31 | 000,000,998 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.10.13 19:58:31 | 000,000,815 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation) O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Programme\iWin Games\iWinGamesHookIE.dll (iWin Inc.) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Programme\iWin\tbiWin.dll (Conduit Ltd.) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Programme\iWin\tbiWin.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (iWin Toolbar) - {CE0C2586-DA36-452B-ACDB-320D9BCB19BF} - C:\Programme\iWin\tbiWin.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [osCheck] c:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation) O4 - HKLM..\Run: [recinfo369] c:\RecInfo\RecInfo.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts) O4 - HKCU..\Run: [EPSON PX650 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFME.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [MRtPNAFMRSnT] C:\ProgramData\MRtPNAFMRSnT.exe (WinTrust) O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Privacy Tray.lnk = C:\Programme\GnuPT\WPT\WinPT.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldde-de.cab (MSN Photo Upload Tool) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1222761945 (Image Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\pablo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\pablo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{e274f267-0c4a-11df-973a-002421046f5f}\Shell - "" = AutoRun O33 - MountPoints2\{e274f267-0c4a-11df-973a-002421046f5f}\Shell\AutoRun\command - "" = K:\SETUP.EXE -autorun O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.21 21:05:23 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\pablo\Desktop\OTL.exe [2011.04.21 14:18:26 | 000,569,344 | -H-- | C] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe [2011.04.20 01:49:01 | 000,000,000 | -H-D | C] -- C:\Users\pablo\Desktop\Neuer Ordner (5) [2011.04.19 22:41:44 | 000,000,000 | -H-D | C] -- C:\Users\pablo\AppData\Roaming\Rovio [2011.04.19 21:44:44 | 000,000,000 | -H-D | C] -- C:\Users\pablo\AppData\Local\Babylon [2011.04.19 21:44:43 | 000,000,000 | -H-D | C] -- C:\Users\pablo\AppData\Roaming\Babylon [2011.04.19 21:44:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Babylon [2011.04.19 21:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2011.04.19 17:10:45 | 000,000,000 | -H-D | C] -- C:\Users\pablo\Desktop\Neuer Ordner (4) [2011.04.13 18:01:40 | 000,000,000 | -H-D | C] -- C:\Users\pablo\Bookworm Adventures [2011.04.13 18:01:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zylom [2011.04.13 18:01:07 | 000,000,000 | ---D | C] -- C:\Programme\RealArcade [2011.04.12 23:55:47 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.12 23:55:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.12 23:55:44 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.12 23:55:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.12 23:55:43 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.12 23:55:43 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.12 23:55:43 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.12 23:55:43 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.12 23:55:42 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.12 23:55:42 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.12 23:55:42 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.12 23:55:41 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.12 23:55:41 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.12 23:55:41 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.12 23:55:41 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.12 23:55:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.12 23:55:40 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.12 23:55:39 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.12 23:55:39 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.12 23:49:55 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011.04.12 23:29:12 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.04.12 23:29:12 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.04.12 23:29:10 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.12 23:29:10 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.12 23:29:05 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.12 23:28:53 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.12 23:28:51 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2011.04.12 23:28:48 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.12 23:28:48 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.12 23:26:57 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.04.12 23:26:57 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011.04.12 23:26:57 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011.04.12 23:26:57 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2009.01.06 21:16:49 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\RngInterstitial.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.21 21:19:03 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.04.21 21:08:06 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.21 21:08:06 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.21 21:08:06 | 000,122,442 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.21 21:08:06 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.21 21:04:55 | 000,487,424 | -H-- | M] () -- C:\ProgramData\45539080.exe [2011.04.21 21:04:34 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.21 21:04:33 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\FileCure Startup.job [2011.04.21 21:04:24 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2011.04.21 21:04:24 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.21 21:04:24 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.21 21:04:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.21 21:04:14 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys [2011.04.21 20:59:00 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\pablo\Desktop\OTL.exe [2011.04.21 14:59:08 | 000,320,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.21 14:18:25 | 000,569,344 | -H-- | M] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe [2011.04.21 13:57:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.21 10:28:01 | 000,000,240 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job [2011.04.19 21:45:12 | 000,002,053 | ---- | M] () -- C:\Users\Public\Desktop\Babylon.lnk [2011.04.19 18:00:00 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job [2011.04.18 22:04:52 | 000,171,520 | -H-- | M] () -- C:\Users\pablo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.18 20:45:57 | 000,017,408 | -H-- | M] () -- C:\Users\pablo\AppData\Local\WebpageIcons.db [2011.04.16 04:25:01 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job [2011.04.16 03:41:02 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\FileCure Default.job [2011.04.13 18:02:15 | 000,000,772 | -H-- | M] () -- C:\Users\pablo\Desktop\Bookworm Adventures.lnk [2011.04.13 18:01:40 | 000,000,133 | -H-- | M] () -- C:\Users\pablo\Desktop\Zylom.url [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.21 21:04:54 | 000,487,424 | -H-- | C] () -- C:\ProgramData\45539080.exe [2011.04.21 14:58:19 | 2146,689,024 | -HS- | C] () -- C:\hiberfil.sys [2011.04.19 21:44:44 | 000,002,053 | ---- | C] () -- C:\Users\Public\Desktop\Babylon.lnk [2011.04.13 18:02:15 | 000,000,772 | -H-- | C] () -- C:\Users\pablo\Desktop\Bookworm Adventures.lnk [2011.04.13 18:01:40 | 000,000,133 | -H-- | C] () -- C:\Users\pablo\Desktop\Zylom.url [2011.04.13 01:14:45 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job [2010.11.15 18:40:24 | 000,050,344 | ---- | C] () -- C:\Programme\Uninstall Mini Balla 2006.exe [2010.09.13 17:52:38 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe [2010.06.27 16:32:50 | 000,017,408 | -H-- | C] () -- C:\Users\pablo\AppData\Local\WebpageIcons.db [2010.03.24 16:43:15 | 000,001,682 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2010.03.24 16:43:15 | 000,000,056 | RHS- | C] () -- C:\Windows\System32\9E63D8604E.sys [2010.01.29 16:16:51 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.01.29 16:16:50 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.01.28 03:09:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.10.13 17:28:27 | 000,000,120 | ---- | C] () -- C:\Windows\CMRGDB01.INI [2009.10.13 17:28:23 | 000,004,779 | ---- | C] () -- C:\Windows\CMRGUNST.INI [2009.10.02 17:10:08 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.08.07 22:33:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.07 22:33:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.07 22:33:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.05.30 02:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.05.30 02:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.04.16 21:29:32 | 000,000,552 | -H-- | C] () -- C:\Users\pablo\AppData\Local\d3d8caps.dat [2009.04.16 21:28:04 | 000,001,356 | -H-- | C] () -- C:\Users\pablo\AppData\Local\d3d9caps.dat [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.09.23 12:23:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.09.10 12:23:50 | 000,000,464 | -H-- | C] () -- C:\Users\pablo\AppData\Roaming\wklnhst.dat [2008.09.09 21:29:05 | 000,000,000 | ---- | C] () -- C:\Windows\PhEdit.INI [2008.09.09 21:04:18 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2008.09.09 21:04:18 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2008.09.09 21:04:18 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2008.09.09 21:04:18 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2008.09.09 21:04:18 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2008.09.09 21:04:18 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2008.09.09 21:04:18 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2008.09.09 21:04:18 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2008.09.09 21:04:18 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2008.09.09 21:04:18 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2008.09.09 21:04:18 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2008.09.09 21:04:18 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2008.09.09 21:04:18 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2008.09.09 21:04:18 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2008.09.09 21:04:18 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2008.09.09 21:04:18 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2008.09.09 21:04:18 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2008.09.09 21:04:18 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2008.09.09 21:04:18 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2008.09.09 16:17:14 | 000,171,520 | -H-- | C] () -- C:\Users\pablo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.05.30 19:41:07 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini [2007.09.04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2007.04.10 23:46:52 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini [2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.11.02 17:33:31 | 000,618,204 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,122,442 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,320,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,586,980 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,101,052 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2004.09.01 17:49:17 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:6533A988 @Alternate Data Stream - 64 bytes -> C:\Users\pablo\Tracy Chapman - For My Lover (Album Version).avi:TOC.WMV @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:8AEA12E8 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:A1128200 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:75C2528D @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:EB79041A @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:32758ED6 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:1E3035E2 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:DCBD0AC7 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:CB5C4185 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:C04C48D4 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:6F71E822 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E091E936 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:698B483C @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:DF236465 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C4870D32 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:290A724C @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E6B3E318 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5F280981 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:77CE0242 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:581B0446 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E73AD533 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:77CF9481 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4B970D7A @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:257AC7F8 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:98E4FEC6 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:472EB08A @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:F0E52E4F @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:5F3235B3 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:2A6BF249 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:EAD1940E @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:B7F727B8 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AED4FFF5 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5BA6D27E @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4F09946C @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:FF333535 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:53B47F8A @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:EFD52482 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:2702A8B3 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:0E1DD4C5 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:34B9286E @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6972373C @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:93CEB973 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:E868CDC2 @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:CF185254 @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:429EC15A @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:08AC8A76 @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:24E8169B @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:CDCE26D3 < End of report > und noch das zweite: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.04.2011 21:05:41 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\pablo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,41 Gb Total Space | 24,01 Gb Free Space | 11,09% Space Free | Partition Type: NTFS
Drive D: | 107,22 Gb Total Space | 89,70 Gb Free Space | 83,66% Space Free | Partition Type: NTFS
Drive O: | 245,59 Mb Total Space | 245,03 Mb Free Space | 99,77% Space Free | Partition Type: FAT
Computer Name: PABLO-PC | User Name: pablo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\ParetoLogic\FileCure\FileCure_noapp.exe %1 (ParetoLogic)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AAE4AB9-05D7-44F7-9B0F-94249DB8EC47}" = lport=445 | protocol=6 | dir=in | app=system |
"{66F7F48E-1EF9-4D99-B1B2-24FF7176F6CC}" = lport=138 | protocol=17 | dir=in | app=system |
"{A3C40E56-03E7-4E48-9339-279EA860CFF5}" = rport=139 | protocol=6 | dir=out | app=system |
"{B88766C4-751B-4FCF-93D8-CEAE2ABED598}" = rport=137 | protocol=17 | dir=out | app=system |
"{CAAE537E-E1F3-4C43-B5E6-D4EE0C4C76B5}" = rport=445 | protocol=6 | dir=out | app=system |
"{D4E5EEFA-9CF7-4D84-9AD7-18CC826D3B74}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DDDA2D15-314C-4942-9075-B77A7B0C7FDB}" = rport=138 | protocol=17 | dir=out | app=system |
"{E97FF89D-EF31-4A14-B0C8-38E644F3B83F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F2734FBB-279B-4F13-B971-F34FE5F0FFAF}" = lport=137 | protocol=17 | dir=in | app=system |
"{F4D18BDB-0629-4755-A488-192138FAFE93}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0025EB18-6632-42A0-99C4-0D57BA884102}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0CE7BC3D-84DF-4E14-8137-7A2EED505350}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{2D87E381-7EDF-4B42-B358-6D912B621F97}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{3D1A72F6-2AE0-44FD-AAB7-CB613D487D7B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3EE36C16-EE41-4B38-894E-6C55D75850BF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4EA490CF-CFDB-495B-A4A1-9773506408B6}" = protocol=6 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{50E7BB67-AB1D-46A4-AC08-E7FB9962BC77}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{57607F00-89D5-4459-BD1A-8D43E66AA417}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{789A518F-0A1B-4E51-A96B-22B4D951A654}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{7F6C9084-4608-4A81-AF17-4A68B89E051F}" = protocol=17 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{80616181-E9ED-4D76-906D-971AAB03432F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{843E9780-BBEB-41BC-98C4-D57CDC83A772}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{9563085C-E533-4F12-BDB7-07AD9116B6DD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{989D6816-DDA6-4F84-A584-703284E5D44D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AFED63F6-8614-4D9E-99DE-DB673C7F7593}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B4732F6A-8916-4F89-87B1-01AD2B12FB4A}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B5FFCCCC-584E-40CA-8C99-E09C3049BAD0}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{D042E2CF-7CC5-49B9-9A72-A561621E406F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D12973E1-D033-449D-8F90-1FC48BBC8A69}" = protocol=6 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{D29B898F-892B-41B1-901A-BE07D1225A36}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D54450AC-98E8-4FE1-BABB-A4C300379E46}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DA3E266F-7B7F-42DC-B7D4-50E139290603}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E8E5316E-7A42-47D7-A815-FA0C59002F4D}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{F1E87292-7997-4E5B-9B3C-DF51B0C06D9D}" = protocol=17 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{F56E6D8B-F4C2-407D-915E-F1406C97A293}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{2DCDD54C-BCA3-41F4-9E63-FA9D8F92ADA3}C:\program files\mmtoolz\internettv\internettv.exe" = protocol=6 | dir=in | app=c:\program files\mmtoolz\internettv\internettv.exe |
"TCP Query User{401E4E8D-2292-4C8F-809E-FF311300BE0E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{4CEFCADF-11FD-4990-A01A-165AD7555F83}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{89F323A6-7814-4014-B694-FAFEE8597B45}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"TCP Query User{8DC620BA-1A0F-46C5-A13B-C83DD4443E2C}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{A0FD5B02-540A-4DEB-822C-62A8C23C940D}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{D8711A72-9E5E-44E8-8BED-C725E07B1C64}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{E8EE1298-42D7-4E2B-AF43-E7471134FA79}C:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe |
"UDP Query User{19C83C63-742B-402B-9658-A60397120121}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{37830EE0-65C7-4235-AE83-29858670C94E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{4945DB64-B1FA-405C-A4DC-47FC398EBB66}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{955C5B4D-0C77-4FAD-BA02-FE0D1BF8D4A9}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{956CF4FC-F375-48CA-BD3C-2A2C49884ABA}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{9C6FF2DF-655C-49C8-AA2C-CAD995FAD5DA}C:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe |
"UDP Query User{C9D290DB-2C3D-432F-ABED-60704579EEFF}C:\program files\mmtoolz\internettv\internettv.exe" = protocol=17 | dir=in | app=c:\program files\mmtoolz\internettv\internettv.exe |
"UDP Query User{E844DACC-CBB4-4A73-9B47-371E82E06F29}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D00CD3F-AEDC-45F1-A2DD-DADF74407D7B}_is1" = Edna Bricht Aus 6.3
"{0E77B4E0-0D8B-4F93-B419-29CE8498E6B6}" = Simon the Sorcerer - Wer will schon Kontakt?
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 17
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4E5459A7-20FC-44D6-8832-80AE5A8D2B47}_is1" = GnuPT Version 3.6.7
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{726DBFE3-BE2B-4FFA-9787-D6495765CFD2}" = Microsoft LifeCam
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DB77BE4-629D-458D-BD68-9F36667C2177}" = TubeBox!
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BD009869-6498-4CF9-9016-E9EA6E3742B2}" = The Whispered World
"{C1C441C4-57FA-4950-BDBA-BABFBAA2AA39}" = ParetoLogic FileCure
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1031}" = Nero 7 Essentials
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"10 Days To Save The World" = 10 Days To Save The World (nur deinstallation)
"87f22455ae2e457413fab5f880d72f9a" = Bookworm Adventures
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"AlawarGameBox" = Alawar Game Box
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Be A King" = Be A King (nur deinstallation)
"BFG-Bookworm Deluxe" = Bookworm Deluxe
"BFGC" = Big Fish Games: Game Manager
"BFG-Ice Cream Craze - Tycoon Takeover" = Ice Cream Craze: Tycoon Takeover
"BGroom" = BGroom
"Big Fish Games Center" = Big Fish Games Center (remove only)
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"Boggle_is1" = Boggle
"Bookworm Adventures Deluxe" = Bookworm Adventures Deluxe
"Bookworm Adventures Vol. 2" = Bookworm Adventures Vol. 2
"Cheatbook 05.2009" = Cheatbook 05.2009
"Coconut Queen" = Coconut Queen (nur deinstallation)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Dirty Split" = Dirty Split (remove only)
"DivX Setup.divx.com" = DivX-Setup
"Drakensang_is1" = Drakensang (Patch Version 1.02)
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"Eco Rescue: Project Rainforest" = Eco Rescue: Project Rainforest (nur deinstallation)
"Epson Printer Software Downloader" = Epson Printer Software Downloader
"EPSON PX650 Series" = Druckerdeinstallation für EPSON PX650 Series
"EPSON Scanner" = EPSON Scan
"Epson Stylus Photo PX650_TX650 Benutzerhandbuch" = Epson Stylus Photo PX650_TX650 Handbuch
"Fairy Godmother Tycoon" = Fairy Godmother Tycoon (nur deinstallation)
"Farm Frenzy 3" = Farm Frenzy 3 (nur deinstallation)
"Farm Frenzy 3 ." = Farm Frenzy 3 .
"Farm Frenzy 3 Ice Age 1.00" = Farm Frenzy 3 Ice Age 1.00
"Farm Frenzy: Gone Fishing!" = Farm Frenzy: Gone Fishing! (nur deinstallation)
"Farm Mania 2" = Farm Mania 2 (nur deinstallation)
"Fever Frenzy" = Fever Frenzy (remove only)
"Fiona Finch and the Finest Flowers" = Fiona Finch and the Finest Flowers (nur deinstallation)
"Fishdom: Frosty Splash" = Fishdom: Frosty Splash (nur deinstallation)
"Free Studio_is1" = Free Studio version 4.2
"GNU Backgammon_is1" = GNU Backgammon (MAIN branch, 20081113 code)
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"InternetTV_is1" = InternetTV 7.12
"IrfanView" = IrfanView (remove only)
"Island Realms" = Island Realms (nur deinstallation)
"iWin Toolbar" = iWin Toolbar
"iWinArcade" = iWin Games (remove only)
"Jewel Quest II" = Jewel Quest II (nur deinstallation)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Luxor Amun Rising" = Luxor Amun Rising (remove only)
"Mah Jong Quest III" = Mah Jong Quest III (nur deinstallation)
"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mini Balla 2006" = Mini Balla 2006
"Mini-Mäuse" = Mini-Mäuse
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"My Free Mahjong_is1" = My Free Mahjong
"My Tribe" = My Tribe (nur entfernen)
"My Tribe 1.00" = My Tribe 1.00
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"Photo Mania" = Photo Mania (nur entfernen)
"Picasa 3" = Picasa 3
"Poker Superstars II" = Poker Superstars II (remove only)
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"QuickSFV" = QuickSFV (Remove only)
"RealArcade 1.2" = RealArcade
"RollerCoaster Tycoon Setup" = Roll
"Royal Trouble" = Royal Trouble (nur deinstallation)
"Sanitarium" = Sanitarium
"SKIP BO Castaway Caper1.0" = SKIP BO Castaway Caper
"SKIP¯BO Castaway Caper" = SKIP¯BO Castaway Caper (nur deinstallation)
"Sprill & Rithies Adventures In Time" = Sprill & Rithies Adventures In Time (nur deinstallation)
"Super Granny 5" = Super Granny 5 (nur deinstallation)
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"Tahiti Hidden Pearls" = Tahiti Hidden Pearls (nur deinstallation)
"The Clumsys" = The Clumsys (nur entfernen)
"The Enchanting Islands" = The Enchanting Islands (nur deinstallation)
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Veoh Web Player Beta" = Veoh Web Player
"WEB.DE IE7 Browser Update" = WEB.DE IE7 Browser Update
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = WinRAR
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Farm Frenzy 2 Deluxe" = Farm Frenzy 2 Deluxe
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"SKIP-BO Castaway Caper(TM)" = SKIP-BO Castaway Caper(TM)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 20.04.2011 04:17:44 | Computer Name = pablo-PC | Source = RasClient | ID = 20227
Description =
Error - 20.04.2011 04:19:05 | Computer Name = pablo-PC | Source = RasClient | ID = 20227
Description =
Error - 20.04.2011 13:23:50 | Computer Name = pablo-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 21.04.2011 02:32:01 | Computer Name = pablo-PC | Source = RasClient | ID = 20227
Description =
Error - 21.04.2011 02:33:22 | Computer Name = pablo-PC | Source = RasClient | ID = 20227
Description =
Error - 21.04.2011 06:46:36 | Computer Name = pablo-PC | Source = RasClient | ID = 20227
Description =
Error - 21.04.2011 06:47:57 | Computer Name = pablo-PC | Source = RasClient | ID = 20227
Description =
Error - 21.04.2011 06:49:18 | Computer Name = pablo-PC | Source = RasClient | ID = 20227
Description =
Error - 21.04.2011 08:20:09 | Computer Name = pablo-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.6001.19048 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 1764 Anfangszeit: 01cbffea8f121339 Zeitpunkt
der Beendigung: 19
Error - 21.04.2011 08:55:57 | Computer Name = pablo-PC | Source = EventSystem | ID = 4609
Description =
[ Media Center Events ]
Error - 18.06.2010 14:21:46 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 23.06.2010 07:48:12 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 11.07.2010 08:08:18 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 17.07.2010 03:59:38 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 17.07.2010 13:00:42 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 27.07.2010 17:06:37 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 28.07.2010 17:17:17 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 29.01.2011 08:00:48 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 15.02.2011 05:05:13 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 13.04.2011 15:14:35 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
[ System Events ]
Error - 21.04.2011 08:56:30 | Computer Name = pablo-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 21.04.2011 08:56:30 | Computer Name = pablo-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 21.04.2011 08:56:34 | Computer Name = pablo-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 21.04.2011 08:56:34 | Computer Name = pablo-PC | Source = DCOM | ID = 10005
Description =
Error - 21.04.2011 08:56:36 | Computer Name = pablo-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 21.04.2011 08:56:43 | Computer Name = pablo-PC | Source = DCOM | ID = 10005
Description =
Error - 21.04.2011 09:04:37 | Computer Name = pablo-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 21.04.2011 10:29:17 | Computer Name = pablo-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 21.04.2011 10:36:09 | Computer Name = pablo-PC | Source = DCOM | ID = 10010
Description =
Error - 21.04.2011 15:09:31 | Computer Name = pablo-PC | Source = Service Control Manager | ID = 7022
Description =
< End of report >
bitte sagt uns was wir damit anfangen können? danke und frohe ostern |
|
21.04.2011, 22:41
| #2 | |||
| /// Helfer-Team    | TR/Kazy.mekml.1 und jetzt? Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Fixen mit OTL
Code:
ATTFilter :OTL
PRC - [2011.04.21 14:18:25 | 000,569,344 | ---- | M] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
[2011.04.21 21:04:55 | 000,487,424 | -H-- | M] () -- C:\ProgramData\45539080.exe
@Alternate Data Stream - 64 bytes -> C:\Users\pablo\Tracy Chapman - For My Lover (Album Version).avi:TOC.WMV
:Commands
[purity]
[emptytemp]
2. Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
3. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool Ccleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein 4. Erneut ein OTL-Log erstellen und posten:-> OTL-Anleitung Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußCoverflow
__________________ |
|
22.04.2011, 20:49
| #3 |
| | TR/Kazy.mekml.1 und jetzt? hallo
__________________und vielen dank für deine hilfe haben jetzt deine anweisungen befolgt also hier erst mal die ergebnisse: 1. otl-log: Code:
ATTFilter All processes killed
========== OTL ==========
No active process named MRtPNAFMRSnT.exe was found!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
File C:\ProgramData\45539080.exe not found.
ADS C:\Users\pablo\Tracy Chapman - For My Lover (Album Version).avi:TOC.WMV deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: pablo
->Temp folder emptied: 2742601026 bytes
->Temporary Internet Files folder emptied: 665770250 bytes
->Java cache emptied: 29438732 bytes
->FireFox cache emptied: 20430512 bytes
->Google Chrome cache emptied: 8976536 bytes
->Flash cache emptied: 100663 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 331776 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 193500262 bytes
RecycleBin emptied: 152120179 bytes
Total Files Cleaned = 3.637,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04222011_125137
Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP0000003DE0019F04D92893A8 not found!
Registry entries deleted on Reboot...
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6418
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048
22.04.2011 21:13:20
mbam-log-2011-04-22 (21-13-20).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|O:\|)
Durchsuchte Objekte: 377885
Laufzeit: 1 Stunde(n), 44 Minute(n), 29 Sekunde(n)
Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4
Infizierte Speicherprozesse:
c:\programdata\mrtpnafmrsnt.exe (Trojan.FakeAlert) -> 1384 -> Unloaded process successfully.
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MRtPNAFMRSnT (Trojan.FakeAlert) -> Value: MRtPNAFMRSnT -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Value: *.securewebinfo.com -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Value: *.safetyincludes.com -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Value: *.securemanaging.com -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\programdata\mrtpnafmrsnt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\Games\My Tribe\MyTribe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\pablo\favorites\antivirus scan.url (Rogue.Link) -> Quarantined and deleted successfully.
c:\Users\pablo\documents\my documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
Code:
ATTFilter 10 Days To Save The World (nur deinstallation) 17.07.2010 87,2MB
Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 29.05.2008 14,0MB
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 13.09.2010 10.1.82.76
Adobe Flash Player Plugin Adobe Systems Incorporated 10.10.2008 9.0.124.0
Adobe Reader 8.1.2 - Deutsch Adobe Systems Incorporated 01.04.2008 99,6MB 8.1.2
Alawar Game Box 28.10.2008 2,71MB
Apple Application Support Apple Inc. 01.10.2009 32,2MB 1.0
Apple Mobile Device Support Apple Inc. 01.10.2009 40,4MB 2.6.0.32
Apple Software Update Apple Inc. 18.09.2008 2,16MB 2.1.1.116
Avira AntiVir Personal - Free Antivirus Avira GmbH 12.10.2009 134,3MB
AVS Update Manager 1.0 Online Media Technologies Ltd. 23.03.2010 10,4MB
AVS Video Converter 6 Online Media Technologies Ltd. 23.03.2010 34,1MB
AVS4YOU Software Navigator 1.4 Online Media Technologies Ltd. 23.03.2010 8,74MB
Be A King (nur deinstallation) 22.07.2009 28,8MB
BGroom 28.06.2010 11,3MB
Big Fish Games Center (remove only) 29.05.2008 172,3MB
Big Fish Games Sudoku (remove only) 29.05.2008 172,3MB
Big Fish Games: Game Manager 23.04.2010 6,64MB 1.5.1.0
Boggle 13.12.2009 34,7MB
Bonjour Apple Inc. 01.10.2009 0,49MB 1.0.106
Bookworm Adventures 12.04.2011 32,2MB
Bookworm Adventures Deluxe GameHouse, Inc. 23.04.2010 31,9MB
Bookworm Adventures Vol. 2 PopCap Games 15.10.2009 74,6MB
Bookworm Deluxe 15.10.2009 12,8MB
CCleaner Piriform 21.04.2011 3,60MB 3.05
Cheatbook 05.2009 25.01.2010 7,55MB
Coconut Queen (nur deinstallation) 17.07.2010 107,6MB
Compatibility Pack für 2007 Office System Microsoft Corporation 12.04.2011 56,2MB 12.0.6425.1000
DAEMON Tools Toolbar DT Soft Ltd 27.01.2010 2,46MB 1.1.1.0014
Dirty Split (remove only) 22.01.2010 225MB
DivX-Setup DivX, Inc. 12.09.2010 2,34MB 2.0.4.2
Drakensang (Patch Version 1.02) dtp AG 16.09.2010 4.809MB
Driver Detective PC Drivers HeadQuarters 28.01.2010 5,35MB 8.0.1
Druckerdeinstallation für EPSON PX650 Series SEIKO EPSON Corporation 12.07.2010
DVDVideoSoft Toolbar 07.12.2009 69,1MB
EA Download Manager Electronic Arts 26.12.2010 6,61MB 4.0.0.396
Eco Rescue: Project Rainforest (nur deinstallation) 14.09.2009 134,2MB
Edna Bricht Aus 6.3 02.03.2010 6.887MB
Epson Easy Photo Print 2 SEIKO EPSON CORPORATION 12.07.2010 98,9MB 2.1.0.0
Epson Print CD SEIKO EPSON CORPORATION 12.07.2010 26,9MB 2.00.00
Epson Printer Software Downloader 12.07.2010
EPSON Scan 12.07.2010 15,8MB
Epson Stylus Photo PX650_TX650 Handbuch 12.07.2010 8,17MB
Fairy Godmother Tycoon (nur deinstallation) 03.04.2010 50,1MB
Farm Frenzy 2 Deluxe Zylom Games 04.01.2009 38,7MB 1.0.0
Farm Frenzy 3 (nur deinstallation) 11.09.2009 92,8MB
Farm Frenzy 3 . 25.02.2010 98,9MB
Farm Frenzy 3 Ice Age 1.00 21.04.2010 92,9MB
Farm Frenzy: Gone Fishing! (nur deinstallation) 27.10.2010 88,4MB
Farm Mania 2 (nur deinstallation) 08.01.2010 227MB
Fever Frenzy (remove only) 04.01.2009 46,5MB
Fiona Finch and the Finest Flowers (nur deinstallation) 13.12.2010 125,1MB
FirstSteps Diagnostics Fujitsu Siemens Computers 01.04.2008 4,67MB 1.00
Fishdom: Frosty Splash (nur deinstallation) 28.11.2009 57,6MB
Free Studio version 4.2 DVDVideoSoft Limited. 07.12.2009 66,7MB
FSCLounge Fujitsu Siemens Computers 29.05.2008 8,47MB 1.0.0
GIMP 2.6.7 14.10.2009 87,0MB
GNU Backgammon (MAIN branch, 20081113 code) Free Software Foundation 07.12.2010 41,8MB
GnuPT Version 3.6.7 GnuPT - Protect Your Data 05.04.2010 6,14MB 3.6.7
Google Chrome Google Inc. 05.03.2010 157,9MB 10.0.648.205
Google Desktop Google 29.05.2008 8,57MB -
Google Earth Google 28.09.2010 85,4MB 5.2.1.1588
Google Toolbar for Internet Explorer Google Inc. 12.04.2011 44,7MB
Google Updater Google Inc. 12.10.2008 3,96MB 2.4.1368.5602
Ice Cream Craze: Tycoon Takeover 23.04.2010 50,7MB
ICQ Toolbar ICQ 27.10.2008 3.0.0
ICQ6 ICQ 27.10.2008 42,5MB 6.00.0000
InternetTV 7.12 MMToolz, Inc. 19.10.2008 1,14MB
IrfanView (remove only) 14.10.2009 1,85MB
Island Realms (nur deinstallation) 06.06.2010 48,2MB
iTunes Apple Inc. 01.10.2009 132,4MB 9.0.1.8
iWin Games (remove only) 21.07.2009 2,69MB
iWin Toolbar 12.11.2008 1,90MB
Java(TM) 6 Update 17 Sun Microsystems, Inc. 28.10.2008 94,4MB 6.0.170
Jewel Quest II (nur deinstallation) 06.09.2009 36,2MB
LiveUpdate 3.2 (Symantec Corporation) Symantec Corporation 22.09.2008 8,56MB 3.2.0.68
LiveUpdate Notice (Symantec Corporation) Symantec Corporation 22.09.2008 7,59MB 1.4.5
Luxor Amun Rising (remove only) 29.05.2008 18,1MB
Mah Jong Quest III (nur deinstallation) 09.01.2010 96,3MB
Mahjong Towers Eternity EU (remove only) 29.05.2008 15,7MB
Malwarebytes' Anti-Malware Malwarebytes Corporation 21.04.2011 4,80MB
McAfee Security Scan Plus McAfee, Inc. 14.09.2010 9,10MB 2.0.181.2
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 06.08.2009 27,8MB
Microsoft LifeCam Microsoft 01.10.2009 57,7MB 1.40.164.0
Microsoft Office Home and Student 2007 Microsoft Corporation 23.10.2010 297MB 12.0.6425.1000
Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 12.04.2011 51,0MB 12.0.6425.1000
Microsoft Silverlight Microsoft Corporation 21.04.2011 79,9MB 4.0.60310.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 23.03.2010 0,33MB 8.0.59193
Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Corporation 12.04.2011 0,29MB 8.0.51011
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 22.10.2010 0,19MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 12.04.2011 0,58MB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 12.10.2009 0,58MB 9.0.30729
Microsoft Works Microsoft Corporation 16.12.2010 377MB 9.7.0621
Mini Balla 2006 14.11.2010 4,47MB
Mini-Mäuse 12.10.2009 5,05MB
Move Networks Media Player for Internet Explorer 02.10.2009 1,09MB
Mozilla Firefox (2.0.0.20) Mozilla 12.10.2009 24,5MB 2.0.0.20 (de)
MSXML 4.0 SP2 (KB936181) Microsoft Corporation 01.11.2008 1,27MB 4.20.9848.0
MSXML 4.0 SP2 (KB941833) Microsoft Corporation 01.04.2008 1,27MB 4.20.9849.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 12.11.2008 1,28MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 25.11.2009 1,34MB 4.20.9876.0
My Free Mahjong MyPlayCity, Inc. 08.01.2010 7,00MB 1.0
My Tribe (nur entfernen) 22.01.2010 60,1MB
My Tribe 1.00 23.01.2010 60,2MB
Mystery Case Files - Prime Suspects (remove only) 29.05.2008 39,3MB
Nero 7 Essentials Nero AG 18.03.2010 2.644MB 7.03.1152
Norton Internet Security (Symantec Corporation) Symantec Corporation 29.05.2008 26,9MB 10.1.0.26
NVIDIA Drivers NVIDIA Corporation 19.04.2009 1.3
NVIDIA PhysX NVIDIA Corporation 19.04.2009 119,9MB 9.09.0203
OpenOffice.org 3.2 OpenOffice.org 16.05.2010 356MB 3.2.9483
ParetoLogic FileCure ParetoLogic, Inc. 14.04.2010 4,08MB 1.1.1.0
Photo Mania (nur entfernen) 04.01.2009 19,9MB
PHOTOfunSTUDIO -viewer- Panasonic 08.09.2008 59,1MB 2.01.000
Picasa 3 Google, Inc. 27.07.2010 74,3MB 3.6
Poker Superstars II (remove only) 29.05.2008 30,3MB
ProtectDisc Driver, Version 11 ProtectDisc Software GmbH 27.02.2011 100,00KB 11.0.0.12
QuickSFV (Remove only) 28.01.2010 0,27MB
QuickTime Apple Inc. 01.10.2009 76,5MB 7.64.17.73
RealArcade 05.01.2009 52,8MB
Realtek High Definition Audio Driver 01.04.2008
Roll 12.09.2010 152,9MB
Royal Trouble (nur deinstallation) 27.10.2010 147,6MB
Sanitarium 27.01.2010 84,0MB
Simon the Sorcerer - Wer will schon Kontakt? The Games Company 27.02.2011 2.282MB 1.0
SKIP BO Castaway Caper Adnan_Boy 2008 25.01.2010 18,5MB 1.0
SKIP-BO Castaway Caper(TM) Zylom Games 08.01.2010 68,5MB 1.0.0
SKIP¯BO Castaway Caper (nur deinstallation) 11.10.2009 21,5MB
Skype web features Skype Technologies S.A. 01.10.2009 4,34MB 1.0.3971
Skype™ 4.2 Skype Technologies S.A. 07.10.2010 31,7MB 4.2.187
SPORE™ Electronic Arts 26.12.2010 3.862MB 1.00.0000
Sprill & Rithies Adventures In Time (nur deinstallation) 21.06.2010 353MB
Super Granny 5 (nur deinstallation) 12.04.2011 73,7MB
Tahiti Hidden Pearls (nur deinstallation) 22.01.2010 45,0MB
The Clumsys (nur entfernen) 04.01.2009 90,8MB
The Enchanting Islands (nur deinstallation) 22.01.2010 40,0MB
The Whispered World Deep Silver 28.01.2010 2.525MB 1.00
TubeBox! Jens Lorek 01.12.2010 12,9MB 3.4.1
Uninstall 1.0.0.1 07.12.2009 39,5MB
Veoh Web Player Veoh Networks, Inc. 28.11.2010 30,5MB 1.1.2.0000
Vista Codec Package Shark007 16.02.2010 52,5MB 5.5.8
WEB.DE IE7 Browser Update WEB.DE 31.10.2008
WinRAR 28.01.2010 3,79MB
Zattoo 3.3.4 Beta Zattoo Inc. 19.07.2009 18,4MB 3.3.4 Beta
Zattoo4 4.0.5 Zattoo Inc. 26.06.2010 39,9MB 4.0.5
µTorrent 23.01.2010 0,31MB 1.8.5
OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.04.2011 21:05:41 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\pablo\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 216,41 Gb Total Space | 24,01 Gb Free Space | 11,09% Space Free | Partition Type: NTFS Drive D: | 107,22 Gb Total Space | 89,70 Gb Free Space | 83,66% Space Free | Partition Type: NTFS Drive O: | 245,59 Mb Total Space | 245,03 Mb Free Space | 99,77% Space Free | Partition Type: FAT Computer Name: PABLO-PC | User Name: pablo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.21 20:59:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\pablo\Desktop\OTL.exe PRC - [2011.04.21 14:18:25 | 000,569,344 | ---- | M] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe PRC - [2011.04.08 17:17:40 | 000,176,848 | ---- | M] (iWin Inc.) -- C:\Programme\iWin Games\iWinTrusted.exe PRC - [2010.09.16 18:36:40 | 000,328,568 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\uTorrent\uTorrent.exe PRC - [2010.09.01 08:39:18 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010.07.06 16:01:16 | 002,634,048 | ---- | M] (Veoh Networks) -- C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe PRC - [2010.03.28 21:47:44 | 001,692,440 | ---- | M] (ParetoLogic) -- C:\Programme\ParetoLogic\FileCure\FileCure.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.10.30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTLite.exe PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.04.17 10:01:48 | 000,366,849 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\guardgui.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.02.13 08:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFME.EXE PRC - [2008.07.21 15:07:44 | 002,752,512 | -H-- | M] (Electronic Arts) -- C:\Programme\Electronic Arts\EADM\Core.exe PRC - [2008.06.10 20:26:28 | 000,222,456 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2008.05.27 19:35:30 | 000,040,960 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Programme\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe PRC - [2008.02.26 17:24:06 | 004,939,776 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.10.23 14:52:26 | 002,764,800 | ---- | M] () -- C:\RecInfo\RecInfo.exe PRC - [2007.10.12 15:00:12 | 000,180,224 | ---- | M] (hablamax) -- C:\ProgramData\Web.de\adminsvc.exe PRC - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2007.05.17 23:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe PRC - [2007.04.10 23:46:52 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe PRC - [2006.12.08 10:52:04 | 000,204,800 | -H-- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe PRC - [2006.11.02 11:44:50 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe PRC - [2006.10.25 00:08:40 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccApp.exe PRC - [2006.10.25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) -- c:\Programme\Common Files\Symantec Shared\ccSvcHst.exe PRC - [2006.09.20 20:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) -- c:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe ========== Modules (SafeList) ========== MOD - [2011.04.21 20:59:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\pablo\Desktop\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.04.08 17:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Programme\iWin Games\iWinTrusted.exe -- (iWinTrusted) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.06.10 20:26:28 | 000,222,456 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2008.04.02 03:26:27 | 001,174,152 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) SRV - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.10.12 15:00:12 | 000,180,224 | ---- | M] (hablamax) [Auto | Running] -- C:\ProgramData\Web.de\adminsvc.exe -- (AdminSVC) SRV - [2007.09.26 10:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler) SRV - [2007.05.17 23:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2006.12.08 10:52:04 | 000,204,800 | -H-- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) SRV - [2006.10.27 02:18:36 | 000,080,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc) SRV - [2006.10.25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex) SRV - [2006.10.25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2006.10.25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2006.10.25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2006.10.13 17:29:12 | 000,049,296 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost) SRV - [2006.09.20 20:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore) ========== Driver Services (SafeList) ========== DRV - [2010.01.29 16:16:51 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010.01.29 16:16:50 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.01.28 22:20:23 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.12.07 21:09:28 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.03.27 10:03:00 | 007,738,816 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2008.04.02 03:27:05 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2008.02.14 15:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.07.02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32) DRV - [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32) DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID) DRV - [2007.04.10 23:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000) DRV - [2006.11.06 12:14:10 | 001,119,616 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32) DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.10.24 15:40:22 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI) DRV - [2006.10.24 15:40:22 | 000,144,784 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW) DRV - [2006.10.24 15:40:22 | 000,038,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS) DRV - [2006.10.24 15:40:22 | 000,037,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV) DRV - [2006.10.24 15:40:22 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV) DRV - [2006.10.24 15:40:22 | 000,011,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS) DRV - [2006.10.20 06:10:16 | 000,202,872 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys -- (IDSvix86) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://go.web.de/tab2 [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/home IE - HKLM\..\URLSearchHook: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Programme\iWin\tbiWin.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://go.web.de/tab2 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/home IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Programme\iWin\tbiWin.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13" FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2008.11.13 21:49:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\PROGRA~1\Mozilla Firefox\components [2010.12.27 20:40:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\PROGRA~1\Mozilla Firefox\plugins [2010.09.15 10:49:28 | 000,000,000 | ---D | M] [2008.11.06 23:44:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\pablo\AppData\Roaming\mozilla\Extensions [2008.11.06 23:44:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\pablo\AppData\Roaming\mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241} [2010.12.19 16:38:13 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions [2009.09.26 14:19:15 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008.11.06 23:47:26 | 000,000,000 | -H-D | M] ("I ♥ Miro") -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions\{216ec66d-214a-43ea-92f0-5373f8405c88} [2008.10.30 00:30:26 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009.12.08 22:56:24 | 000,000,000 | -H-D | M] (DVDVideoSoft Toolbar) -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2010.01.28 22:21:05 | 000,000,000 | -H-D | M] ("DAEMON Tools Toolbar") -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions\DTToolbar@toolbarnet.com [2009.12.08 22:56:44 | 000,000,873 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\conduit.xml [2010.01.28 22:20:55 | 000,002,055 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\daemon-search.xml [2010.12.19 04:48:16 | 000,000,950 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\icqplugin-1.xml [2008.10.28 23:54:08 | 000,000,950 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\icqplugin-2.xml [2008.11.24 21:53:42 | 000,000,950 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\icqplugin-3.xml [2009.10.15 20:04:51 | 000,000,950 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\icqplugin-4.xml [2008.10.28 19:12:41 | 000,000,962 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\icqplugin.xml [2008.09.27 14:09:54 | 000,000,273 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\search.xml [2010.11.29 17:50:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2008.10.28 19:16:01 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.10.13 19:58:33 | 000,000,000 | ---D | M] (Talkback) -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org [2008.10.28 19:16:01 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07} [2009.10.02 17:06:22 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\{B13721C7-F507-4982-B2E5-502A71474FED} [2008.10.29 10:35:04 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [2010.01.17 16:59:41 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2009.10.13 19:58:33 | 000,000,000 | ---D | M] (Talkback) -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\TALKBACK@MOZILLA.ORG [2008.11.13 21:49:39 | 000,000,000 | ---D | M] (iWinGames Plugin) -- C:\PROGRAMDATA\IWIN GAMES\FIREFOX [2009.10.13 19:58:23 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jar50.dll [2009.10.13 19:58:23 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jsd3250.dll [2009.10.13 19:58:23 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\myspell.dll [2009.10.13 19:58:24 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\spellchk.dll [2009.10.13 19:58:24 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\xpinstal.dll [2009.01.06 21:16:47 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Programme\Mozilla Firefox\plugins\npgcplug.dll [2005.04.27 22:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Programme\Mozilla Firefox\plugins\npracplug.dll [2009.10.13 19:58:31 | 000,001,525 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.10.13 19:58:31 | 000,001,063 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.10.13 19:58:31 | 000,000,998 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.10.13 19:58:31 | 000,000,815 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation) O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Programme\iWin Games\iWinGamesHookIE.dll (iWin Inc.) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Programme\iWin\tbiWin.dll (Conduit Ltd.) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Programme\iWin\tbiWin.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (iWin Toolbar) - {CE0C2586-DA36-452B-ACDB-320D9BCB19BF} - C:\Programme\iWin\tbiWin.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [osCheck] c:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation) O4 - HKLM..\Run: [recinfo369] c:\RecInfo\RecInfo.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts) O4 - HKCU..\Run: [EPSON PX650 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFME.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [MRtPNAFMRSnT] C:\ProgramData\MRtPNAFMRSnT.exe (WinTrust) O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Privacy Tray.lnk = C:\Programme\GnuPT\WPT\WinPT.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldde-de.cab (MSN Photo Upload Tool) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1222761945 (Image Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\pablo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\pablo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{e274f267-0c4a-11df-973a-002421046f5f}\Shell - "" = AutoRun O33 - MountPoints2\{e274f267-0c4a-11df-973a-002421046f5f}\Shell\AutoRun\command - "" = K:\SETUP.EXE -autorun O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.21 21:05:23 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\pablo\Desktop\OTL.exe [2011.04.21 14:18:26 | 000,569,344 | -H-- | C] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe [2011.04.20 01:49:01 | 000,000,000 | -H-D | C] -- C:\Users\pablo\Desktop\Neuer Ordner (5) [2011.04.19 22:41:44 | 000,000,000 | -H-D | C] -- C:\Users\pablo\AppData\Roaming\Rovio [2011.04.19 21:44:44 | 000,000,000 | -H-D | C] -- C:\Users\pablo\AppData\Local\Babylon [2011.04.19 21:44:43 | 000,000,000 | -H-D | C] -- C:\Users\pablo\AppData\Roaming\Babylon [2011.04.19 21:44:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Babylon [2011.04.19 21:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2011.04.19 17:10:45 | 000,000,000 | -H-D | C] -- C:\Users\pablo\Desktop\Neuer Ordner (4) [2011.04.13 18:01:40 | 000,000,000 | -H-D | C] -- C:\Users\pablo\Bookworm Adventures [2011.04.13 18:01:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zylom [2011.04.13 18:01:07 | 000,000,000 | ---D | C] -- C:\Programme\RealArcade [2011.04.12 23:55:47 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.12 23:55:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.12 23:55:44 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.12 23:55:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.12 23:55:43 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.12 23:55:43 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.12 23:55:43 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.12 23:55:43 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.12 23:55:42 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.12 23:55:42 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.12 23:55:42 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.12 23:55:41 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.12 23:55:41 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.12 23:55:41 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.12 23:55:41 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.12 23:55:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.12 23:55:40 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.12 23:55:39 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.12 23:55:39 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.12 23:49:55 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011.04.12 23:29:12 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.04.12 23:29:12 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.04.12 23:29:10 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.12 23:29:10 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.12 23:29:05 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.12 23:28:53 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.12 23:28:51 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2011.04.12 23:28:48 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.12 23:28:48 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.12 23:26:57 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.04.12 23:26:57 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011.04.12 23:26:57 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011.04.12 23:26:57 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2009.01.06 21:16:49 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\RngInterstitial.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.21 21:19:03 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.04.21 21:08:06 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.21 21:08:06 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.21 21:08:06 | 000,122,442 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.21 21:08:06 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.21 21:04:55 | 000,487,424 | -H-- | M] () -- C:\ProgramData\45539080.exe [2011.04.21 21:04:34 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.21 21:04:33 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\FileCure Startup.job [2011.04.21 21:04:24 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2011.04.21 21:04:24 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.21 21:04:24 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.21 21:04:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.21 21:04:14 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys [2011.04.21 20:59:00 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\pablo\Desktop\OTL.exe [2011.04.21 14:59:08 | 000,320,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.21 14:18:25 | 000,569,344 | -H-- | M] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe [2011.04.21 13:57:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.21 10:28:01 | 000,000,240 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job [2011.04.19 21:45:12 | 000,002,053 | ---- | M] () -- C:\Users\Public\Desktop\Babylon.lnk [2011.04.19 18:00:00 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job [2011.04.18 22:04:52 | 000,171,520 | -H-- | M] () -- C:\Users\pablo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.18 20:45:57 | 000,017,408 | -H-- | M] () -- C:\Users\pablo\AppData\Local\WebpageIcons.db [2011.04.16 04:25:01 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job [2011.04.16 03:41:02 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\FileCure Default.job [2011.04.13 18:02:15 | 000,000,772 | -H-- | M] () -- C:\Users\pablo\Desktop\Bookworm Adventures.lnk [2011.04.13 18:01:40 | 000,000,133 | -H-- | M] () -- C:\Users\pablo\Desktop\Zylom.url [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.21 21:04:54 | 000,487,424 | -H-- | C] () -- C:\ProgramData\45539080.exe [2011.04.21 14:58:19 | 2146,689,024 | -HS- | C] () -- C:\hiberfil.sys [2011.04.19 21:44:44 | 000,002,053 | ---- | C] () -- C:\Users\Public\Desktop\Babylon.lnk [2011.04.13 18:02:15 | 000,000,772 | -H-- | C] () -- C:\Users\pablo\Desktop\Bookworm Adventures.lnk [2011.04.13 18:01:40 | 000,000,133 | -H-- | C] () -- C:\Users\pablo\Desktop\Zylom.url [2011.04.13 01:14:45 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job [2010.11.15 18:40:24 | 000,050,344 | ---- | C] () -- C:\Programme\Uninstall Mini Balla 2006.exe [2010.09.13 17:52:38 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe [2010.06.27 16:32:50 | 000,017,408 | -H-- | C] () -- C:\Users\pablo\AppData\Local\WebpageIcons.db [2010.03.24 16:43:15 | 000,001,682 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2010.03.24 16:43:15 | 000,000,056 | RHS- | C] () -- C:\Windows\System32\9E63D8604E.sys [2010.01.29 16:16:51 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.01.29 16:16:50 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.01.28 03:09:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.10.13 17:28:27 | 000,000,120 | ---- | C] () -- C:\Windows\CMRGDB01.INI [2009.10.13 17:28:23 | 000,004,779 | ---- | C] () -- C:\Windows\CMRGUNST.INI [2009.10.02 17:10:08 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.08.07 22:33:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.07 22:33:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.07 22:33:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.05.30 02:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.05.30 02:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.04.16 21:29:32 | 000,000,552 | -H-- | C] () -- C:\Users\pablo\AppData\Local\d3d8caps.dat [2009.04.16 21:28:04 | 000,001,356 | -H-- | C] () -- C:\Users\pablo\AppData\Local\d3d9caps.dat [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.09.23 12:23:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.09.10 12:23:50 | 000,000,464 | -H-- | C] () -- C:\Users\pablo\AppData\Roaming\wklnhst.dat [2008.09.09 21:29:05 | 000,000,000 | ---- | C] () -- C:\Windows\PhEdit.INI [2008.09.09 21:04:18 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2008.09.09 21:04:18 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2008.09.09 21:04:18 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2008.09.09 21:04:18 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2008.09.09 21:04:18 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2008.09.09 21:04:18 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2008.09.09 21:04:18 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2008.09.09 21:04:18 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2008.09.09 21:04:18 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2008.09.09 21:04:18 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2008.09.09 21:04:18 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2008.09.09 21:04:18 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2008.09.09 21:04:18 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2008.09.09 21:04:18 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2008.09.09 21:04:18 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2008.09.09 21:04:18 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2008.09.09 21:04:18 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2008.09.09 21:04:18 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2008.09.09 21:04:18 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2008.09.09 16:17:14 | 000,171,520 | -H-- | C] () -- C:\Users\pablo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.05.30 19:41:07 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini [2007.09.04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2007.04.10 23:46:52 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini [2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.11.02 17:33:31 | 000,618,204 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,122,442 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,320,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,586,980 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,101,052 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2004.09.01 17:49:17 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:6533A988 @Alternate Data Stream - 64 bytes -> C:\Users\pablo\Tracy Chapman - For My Lover (Album Version).avi:TOC.WMV @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:8AEA12E8 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:A1128200 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:75C2528D @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:EB79041A @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:32758ED6 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:1E3035E2 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:DCBD0AC7 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:CB5C4185 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:C04C48D4 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:6F71E822 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E091E936 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:698B483C @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:DF236465 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C4870D32 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:290A724C @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E6B3E318 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5F280981 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:77CE0242 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:581B0446 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E73AD533 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:77CF9481 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4B970D7A @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:257AC7F8 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:98E4FEC6 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:472EB08A @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:F0E52E4F @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:5F3235B3 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:2A6BF249 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:EAD1940E @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:B7F727B8 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AED4FFF5 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5BA6D27E @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4F09946C @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:FF333535 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:53B47F8A @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:EFD52482 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:2702A8B3 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:0E1DD4C5 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:34B9286E @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6972373C @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:93CEB973 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:E868CDC2 @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:CF185254 @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:429EC15A @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:08AC8A76 @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:24E8169B @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:CDCE26D3 < End of report > so, hoffe mal dass ichs bis hierhin richtig hab. bin wirklich dankbar für deine hilfe schönes wochenende |
|
23.04.2011, 00:01
| #4 | ||
| /// Helfer-Team | TR/Kazy.mekml.1 und jetzt? 1. Du hast deinen Rechner mit zwei Anti-Viren-Programmen generell `geschwächt`: Avira und Norton Wichtig: Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten! Mehr AV Programme bedeutet nicht mehr Sicherheit!Die Scanner behindern sich gegenseitig (bei beiden den On-Access Scan aktiviert bzw laufen ständig im Hintergrund) und ein Systemcrash kann die Folge sein oder im schlechtesten fall, kannst Du über eine komplette Neuinstallation freuen! Deinstalliere also eines der AV-Programme und lass nur noch eins auf deinem PC laufen. Zitat:
Je nachdem, wie Du Dich entscheidest ► Entweder Avira deinstallieren: unter Software, oder und noch das Tool Download Avira RegistryCleaner verwenden Norton Antivirus vollständig zu deinstallieren - gehe auf der Symantec-Webseite und suche nach den speziellen Deinstallations-Tools, mit denen die letzten Reste (auch) entfernt werden sollten:► Norton Removal Tool (für alle Produkte ab 2003 bis 2008) von hier herunterladen oder hier: ►Norton Removal Tool für alle Produkte ab 2003 bis 2010 / wintotal.de 2. Zitat:
lösche nur den Inhalt der Ordner, nicht die Ordner selbst! - Dateien, die noch in Benutzung sind,nicht löschbar. gib in der Suchleiste unter dem Windows Start Button folgendes ein: Code:
ATTFilter %temp%
- anschließend den Papierkorb leeren 3. reinige dein System mit Ccleaner:
[color=blue4.[/color] bin ich mir nicht sicher, ob Du absichtlich installiert hast, da oft mit andere Programm wird mitinstalliert bzw angeboten(vermutlich durch Adobe Reader): Code:
ATTFilter McAfee Security Scan Plus
5. Deine Javaversion ist nicht aktuell! Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen: → Systemsteuerung → Software → deinstallieren... → Rechner neu aufstarten → Downloade nun die Offline-Version von Java Version 6 Update 24 von Oracle herunter Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)! 6. Adobe Reader aktualisieren : Adobe Reader Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..." 7. gehört nicht auf ein sauberes System: unter `Systemsteuerung --> Programme und Funktionen Code:
ATTFilter DAEMON Tools Toolbar
9. - "Link:-> ESET Online Scanner >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.► [Sicherheit] Autorun Funktion für mehr Sicherheit auf allen Laufwerken deaktivieren /Avira Support Forum -> Führe dann einen Komplett-Systemcheck mit Eset/Nod32 durch - folgendes bitte anhaken > "Remove found threads" und "Scan archives" - die Scanergebnis als *.txt Dateien speichern) - meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt" Vor dem Scan Einstellungen im Internet Explorer: - "Extras→ Internetoptionen→ Sicherheit": - alles auf Standardstufe stellen - Active X erlauben - um den Scan zu starten: wenn du danach gefragt wirst (den Text in der Informationsleiste ) - ActiveX-Steuerelement installieren lassen ** Gibt es weitere Auffälligkeiten/Probleme mit dem Rechner?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu TR/Kazy.mekml.1 und jetzt? |
| alternate, antivir, avgntflt.sys, avira, bho, bonjour, browser update, conduit, entfernen, error, excel.exe, failed, fever, firefox, fishing, flash player, format, google, google chrome, google earth, home, iexplore.exe, install.exe, intranet, location, logfile, microsoft office word, mozilla, nvlddmkm.sys, office 2007, oldtimer, picasa, plug-in, realtek, registry, rundll, saver, scan, searchplugins, security, security scan, security update, senden, skype.exe, software, sptd.sys, start menu, studio, symantec, tubebox, udp, video converter, vista |
.
Linear-Darstellung
