Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
TR/Kazy.mekml.1 eingefangen

TR/Kazy.mekml.1 eingefangen


Log-Analyse und Auswertung: TR/Kazy.mekml.1 eingefangen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 1 von 3 1 23
Alt 22.04.2011, 16:52   #1
matze1179
 
TR/Kazy.mekml.1 eingefangen - Böse

TR/Kazy.mekml.1 eingefangen


Hallo in die Runde,

Seit heute morgen zeigt mir Antivir an, dass der Trojaner „TP/Kazy.mekml.1“ gefunden wurde.
Hinzu kommen noch Meldungen, dass meine Festplatte beschädigt sei (kritischer Fehler), dass der RAM-Speicher gescheitert ist, usw.
Der Bildschirmhintergrund ist schwarz und ich kann nicht auf meine Dateien zugreifen.

Das ist die identische Fehlerbeschreibung eines Leidensgenossen.

Ich habe hier schon einiges gelesen und versucht vorzubereiten.

- Load.exe geladen und durchlaufen lassen (Symbole auf dem Desktop verschwinden wieder nach dem Neustart!?!)
-ebenso wie OTL und erun...
-Malewarebytes ist durchgelaufen, find nur die Log-Datei nicht wieder.

In diesen Dingen bin ich leider ein Laie und benötige eine nachvollziehbare Anleitung

Bitte um dringende HILFE!!

Vielen Dank.

gruß
Matze1179

Hier die entsprechende OTL.TxtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.04.2011 18:12:55 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\matze\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 67,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 366,72 Gb Total Space | 224,23 Gb Free Space | 61,14% Space Free | Partition Type: NTFS
Drive H: | 550,13 Gb Total Space | 536,90 Gb Free Space | 97,60% Space Free | Partition Type: NTFS
 
Computer Name: MATZE-PC | User Name: matze | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\matze\Desktop\OTL(4).exe (OldTimer Tools)
PRC - C:\ProgramData\GoWNKtoBbTfMqRQ.exe (WinTrust)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
PRC - C:\Program Files (x86)\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\attrib.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\matze\Desktop\OTL(4).exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\Temp\logishrd\LVPrcInj01.dll (Logitech Inc.)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe (Logitech Inc.)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (eDataSecurity Service) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software GmbH)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys ()
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys ()
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys ()
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\Drivers\AnyDVD.sys ()
DRV:64bit: - (psdvdisk) -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys ()
DRV:64bit: - (PSDNServ) -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys ()
DRV:64bit: - (PSDFilter) -- C:\Windows\SysNative\DRIVERS\psdfilter.sys ()
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys ()
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\DRIVERS\lvrs64.sys ()
DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS ()
DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\DRIVERS\lv302a64.sys ()
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys ()
DRV:64bit: - (gwfilt64) -- C:\Windows\SysNative\drivers\gwfilt64.sys ()
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys ()
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)
DRV - (ElbyCDIO) -- C:\Windows\SysWOW64\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (ElbyDelay) -- C:\Windows\SysWOW64\drivers\ElbyDelay.sys (Elaborate Bytes AG)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com Worldwide - Select your local country or region [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Acer.com Worldwide - Select your local country or region [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.27 18:55:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.30 20:16:06 | 000,000,000 | ---D | M]
 
[2009.05.11 20:35:49 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\matze\AppData\Roaming\mozilla\Extensions
[2011.04.22 11:34:32 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\matze\AppData\Roaming\mozilla\Firefox\Profiles\nn0n8bpp.default\extensions
[2010.09.21 18:37:32 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\matze\AppData\Roaming\mozilla\Firefox\Profiles\nn0n8bpp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.10 15:41:21 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\matze\AppData\Roaming\mozilla\Firefox\Profiles\nn0n8bpp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.11.18 15:04:40 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\matze\AppData\Roaming\mozilla\Firefox\Profiles\nn0n8bpp.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.04.18 18:27:38 | 000,000,950 | -H-- | M] () -- C:\Users\matze\AppData\Roaming\Mozilla\Firefox\Profiles\nn0n8bpp.default\searchplugins\icqplugin-1.xml
[2010.12.13 20:59:48 | 000,000,950 | -H-- | M] () -- C:\Users\matze\AppData\Roaming\Mozilla\Firefox\Profiles\nn0n8bpp.default\searchplugins\icqplugin-2.xml
[2011.03.18 20:48:28 | 000,000,950 | -H-- | M] () -- C:\Users\matze\AppData\Roaming\Mozilla\Firefox\Profiles\nn0n8bpp.default\searchplugins\icqplugin-3.xml
[2011.03.27 18:55:12 | 000,000,950 | -H-- | M] () -- C:\Users\matze\AppData\Roaming\Mozilla\Firefox\Profiles\nn0n8bpp.default\searchplugins\icqplugin-4.xml
[2010.11.10 15:41:21 | 000,000,168 | -H-- | M] () -- C:\Users\matze\AppData\Roaming\Mozilla\Firefox\Profiles\nn0n8bpp.default\searchplugins\icqplugin.gif
[2010.11.10 15:41:21 | 000,000,618 | -H-- | M] () -- C:\Users\matze\AppData\Roaming\Mozilla\Firefox\Profiles\nn0n8bpp.default\searchplugins\icqplugin.src
[2010.06.21 17:35:24 | 000,001,042 | -H-- | M] () -- C:\Users\matze\AppData\Roaming\Mozilla\Firefox\Profiles\nn0n8bpp.default\searchplugins\icqplugin.xml
[2010.11.10 15:41:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.05.11 22:06:35 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.05.16 19:35:25 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Program Files (x86)\mozilla firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2009.05.16 19:35:26 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files (x86)\mozilla firefox\extensions\search@searchsettings.com
[2010.04.15 13:15:47 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.18 20:48:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.03.18 20:48:00 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.18 20:48:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.03.18 20:48:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.18 20:48:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files (x86)\Logitech\QuickCam\Quickcam.exe ()
O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [GoWNKtoBbTfMqRQ] C:\ProgramData\GoWNKtoBbTfMqRQ.exe (WinTrust)
O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WMPNSCFG]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\matze\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\matze\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ebcad9e3-27ba-11df-b7d3-002268494d71}\Shell\AutoRun\command - "" = K:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.22 18:11:49 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\matze\Desktop\OTL(4).exe
[2011.04.22 17:35:54 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\matze\Desktop\OTL(3).exe
[2011.04.22 17:29:19 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\matze\Desktop\OTL(2).exe
[2011.04.22 17:19:36 | 000,791,393 | -H-- | C] (Lars Hederer                                                ) -- C:\Users\matze\Desktop\Erunt-setup.exe
[2011.04.22 17:19:36 | 000,446,464 | -H-- | C] (OldTimer Tools) -- C:\Users\matze\Desktop\TFC.exe
[2011.04.22 15:18:07 | 010,464,584 | -H-- | C] (SUPERAntiSpyware.com) -- C:\Users\matze\Desktop\SUPERAntiSpyware-4.49.1000.exe
[2011.04.22 15:18:07 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\matze\Desktop\OTL.exe
[2011.04.22 14:09:21 | 000,000,000 | -H-D | C] -- C:\Users\matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.04.22 12:10:53 | 000,565,248 | -H-- | C] (WinTrust) -- C:\ProgramData\GoWNKtoBbTfMqRQ.exe
[2011.04.16 11:08:29 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.04.16 11:08:03 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011.04.16 11:08:02 | 000,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.04.16 11:08:00 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011.04.16 11:07:59 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.04.16 11:07:59 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.04.16 11:07:59 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.04.16 11:07:59 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011.04.16 11:07:59 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2011.04.16 11:07:51 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011.04.16 11:07:50 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011.04.16 11:07:48 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011.04.16 11:07:48 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011.04.16 11:07:45 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011.04.09 16:40:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft
[2011.04.09 16:40:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer
[2008.11.02 02:15:06 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.22 18:11:50 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\matze\Desktop\OTL(4).exe
[2011.04.22 17:59:02 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.22 17:57:30 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.22 17:54:46 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.22 17:54:46 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.22 17:54:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.22 17:53:47 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.04.22 17:36:04 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\matze\Desktop\OTL(3).exe
[2011.04.22 17:29:39 | 000,377,260 | -H-- | M] () -- C:\Users\matze\Desktop\Load.exe
[2011.04.22 17:29:20 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\matze\Desktop\OTL(2).exe
[2011.04.22 17:22:03 | 000,487,424 | -H-- | M] () -- C:\ProgramData\45735688.exe
[2011.04.22 17:19:43 | 000,791,393 | -H-- | M] (Lars Hederer                                                ) -- C:\Users\matze\Desktop\Erunt-setup.exe
[2011.04.22 17:19:39 | 000,446,464 | -H-- | M] (OldTimer Tools) -- C:\Users\matze\Desktop\TFC.exe
[2011.04.22 17:16:19 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2011.04.22 17:10:17 | 001,453,974 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.04.22 17:10:17 | 000,632,014 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.04.22 17:10:17 | 000,598,702 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.04.22 17:10:17 | 000,127,258 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.04.22 17:10:17 | 000,104,716 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.04.22 14:12:56 | 000,000,870 | -H-- | M] () -- C:\Users\matze\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.22 14:09:53 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~45604616
[2011.04.22 14:09:50 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~45604616r
[2011.04.22 14:08:59 | 000,000,344 | -H-- | M] () -- C:\ProgramData\45604616
[2011.04.22 13:42:22 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\matze\Desktop\OTL.exe
[2011.04.22 13:35:36 | 010,464,584 | -H-- | M] (SUPERAntiSpyware.com) -- C:\Users\matze\Desktop\SUPERAntiSpyware-4.49.1000.exe
[2011.04.22 13:11:02 | 000,504,657 | -H-- | M] () -- C:\Users\matze\Desktop\unhide.exe
[2011.04.22 12:10:53 | 000,565,248 | -H-- | M] (WinTrust) -- C:\ProgramData\GoWNKtoBbTfMqRQ.exe
[2011.04.17 19:54:22 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib
[2011.04.16 15:23:55 | 002,309,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.04.14 20:40:43 | 1995,911,889 | -H-- | M] () -- C:\Users\matze\NAVIGON EU v1.8.0.ipa
[2011.04.09 16:40:17 | 000,000,982 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2011.03.30 20:16:06 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
 
========== Files Created - No Company Name ==========
 
[2011.04.22 17:29:38 | 000,377,260 | -H-- | C] () -- C:\Users\matze\Desktop\Load.exe
[2011.04.22 17:22:02 | 000,487,424 | -H-- | C] () -- C:\ProgramData\45735688.exe
[2011.04.22 15:18:08 | 000,504,657 | -H-- | C] () -- C:\Users\matze\Desktop\unhide.exe
[2011.04.22 14:12:56 | 000,000,870 | -H-- | C] () -- C:\Users\matze\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.22 14:09:50 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~45604616
[2011.04.22 14:09:50 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~45604616r
[2011.04.22 14:08:59 | 000,000,344 | -H-- | C] () -- C:\ProgramData\45604616
[2011.04.20 22:03:25 | 1995,911,889 | -H-- | C] () -- C:\Users\matze\NAVIGON EU v1.8.0.ipa
[2011.04.16 11:08:50 | 001,075,600 | ---- | C] () -- C:\Windows\SysNative\winload.efi
[2011.04.16 11:08:50 | 001,062,800 | ---- | C] () -- C:\Windows\SysNative\winload.exe
[2011.04.16 11:08:50 | 000,990,096 | ---- | C] () -- C:\Windows\SysNative\winresume.efi
[2011.04.16 11:08:50 | 000,979,344 | ---- | C] () -- C:\Windows\SysNative\winresume.exe
[2011.04.16 11:08:50 | 000,020,880 | ---- | C] () -- C:\Windows\SysNative\kdusb.dll
[2011.04.16 11:08:50 | 000,018,832 | ---- | C] () -- C:\Windows\SysNative\kd1394.dll
[2011.04.16 11:08:50 | 000,018,320 | ---- | C] () -- C:\Windows\SysNative\kdcom.dll
[2011.04.16 11:08:33 | 000,461,312 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2011.04.16 11:08:32 | 000,176,128 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2011.04.16 11:08:32 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2011.04.16 11:08:30 | 000,753,152 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2011.04.16 11:08:30 | 000,603,648 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2011.04.16 11:08:25 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2011.04.16 11:08:25 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2011.04.16 11:08:25 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2011.04.16 11:08:25 | 000,090,624 | ---- | C] () -- C:\Windows\SysNative\drivers\bowser.sys
[2011.04.16 11:08:22 | 000,975,872 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2011.04.16 11:08:15 | 002,760,704 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2011.04.16 11:08:07 | 005,697,536 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2011.04.16 11:08:04 | 001,426,944 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2011.04.16 11:08:02 | 007,015,424 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2011.04.16 11:08:02 | 000,758,784 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2011.04.16 11:08:01 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2011.04.16 11:08:01 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2011.04.16 11:08:00 | 000,590,848 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2011.04.16 11:08:00 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2011.04.16 11:08:00 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2011.04.16 11:08:00 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2011.04.16 11:07:59 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2011.04.16 11:07:59 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2011.04.16 11:07:59 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2011.04.16 11:07:59 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2011.04.16 11:07:59 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
[2011.04.16 11:07:59 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2011.04.16 11:07:58 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2011.04.16 11:07:51 | 000,367,616 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2011.04.16 11:07:50 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2011.04.16 11:07:49 | 001,360,384 | ---- | C] () -- C:\Windows\SysNative\mfc42u.dll
[2011.04.16 11:07:48 | 001,398,784 | ---- | C] () -- C:\Windows\SysNative\mfc42.dll
[2011.04.16 11:07:45 | 000,221,184 | ---- | C] () -- C:\Windows\SysNative\dnsapi.dll
[2011.04.16 11:07:45 | 000,117,760 | ---- | C] () -- C:\Windows\SysNative\dnsrslvr.dll
[2011.04.16 11:07:45 | 000,028,672 | ---- | C] () -- C:\Windows\SysNative\dnscacheugc.exe
[2011.04.09 16:54:58 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.09 16:54:58 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.09 16:40:17 | 000,000,982 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2011.03.30 20:16:06 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011.03.30 20:16:06 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2010.07.17 09:50:59 | 000,004,096 | -H-- | C] () -- C:\Users\matze\AppData\Local\keyfile3.drm
[2010.03.07 12:40:23 | 000,000,221 | -H-- | C] () -- C:\Windows\NCLogConfig.ini
[2009.11.17 11:49:22 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.10.02 12:31:38 | 000,001,058 | -H-- | C] () -- C:\Windows\wiso.ini
[2009.09.30 10:47:19 | 000,007,700 | -H-- | C] () -- C:\Users\matze\AppData\Local\d3d9caps.dat
[2009.08.19 15:37:19 | 000,164,329 | -H-- | C] () -- C:\Windows\hpoins19.dat
[2009.08.19 15:37:06 | 000,026,952 | -H-- | C] () -- C:\Windows\hpomdl19.dat
[2009.07.14 19:05:48 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.06.19 18:41:50 | 000,000,331 | -H-- | C] () -- C:\Windows\game.ini
[2009.06.10 19:24:25 | 000,000,159 | -H-- | C] () -- C:\Users\matze\AppData\Roaming\default.rss
[2009.06.10 19:21:52 | 000,000,069 | -H-- | C] () -- C:\Windows\NeroDigital.ini
[2009.05.29 18:21:46 | 001,448,408 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.05.29 18:14:45 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.05.19 21:55:15 | 000,189,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009.05.19 21:55:14 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009.05.19 21:55:13 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2009.05.16 13:49:25 | 000,048,640 | -H-- | C] () -- C:\Users\matze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.11 20:35:49 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2009.02.21 12:22:30 | 000,000,044 | -H-- | C] () -- C:\Windows\Acer(Normal).ini
[2009.02.21 12:22:30 | 000,000,042 | -H-- | C] () -- C:\Windows\Acer(Wide).ini
[2009.02.21 11:55:48 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.02.21 11:55:48 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008.11.01 18:24:51 | 000,001,024 | R--- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll
[2008.11.01 18:24:51 | 000,001,024 | R--- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008.01.21 04:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005.12.07 11:31:00 | 000,202,752 | R--- | C] () -- C:\Windows\SysWow64\CddbCdda.dll
[2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll
[2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll
[2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll
[2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2009.06.20 00:13:43 | 000,000,000 | -HSD | M] -- C:\Users\matze\AppData\Roaming\.#
[2008.11.01 18:30:21 | 000,000,000 | -H-D | M] -- C:\Users\matze\AppData\Roaming\Acer GameZone Console
[2009.06.12 21:03:59 | 000,000,000 | -H-D | M] -- C:\Users\matze\AppData\Roaming\Ashampoo
[2009.10.02 12:32:27 | 000,000,000 | -H-D | M] -- C:\Users\matze\AppData\Roaming\Buhl Data Service
[2009.05.19 21:20:14 | 000,000,000 | -H-D | M] -- C:\Users\matze\AppData\Roaming\DAEMON Tools
[2009.09.30 10:44:26 | 000,000,000 | -H-D | M] -- C:\Users\matze\AppData\Roaming\DAEMON Tools Lite
[2009.05.29 18:23:58 | 000,000,000 | -H-D | M] -- C:\Users\matze\AppData\Roaming\Datalayer
[2010.11.18 14:13:33 | 000,000,000 | -H-D | M] -- C:\Users\matze\AppData\Roaming\DVDVideoSoft
[2009.05.14 19:26:37 | 000,000,000 | -H-D | M] -- C:\Users\matze\AppData\Roaming\eSobi
[2009.05.29 18:32:45 | 000,000,000 | -H-D | M] -- C:\Users\matze\AppData\Roaming\Gearbox Software
[2011.03.29 21:46:34 | 000,000,000 | -H-D | M] -- C:\Users\matze\AppData\Roaming\ICQ
[2009.05.12 18:58:07 | 000,000,000 | -H-D | M] -- C:\Users\matze\AppData\Roaming\Leadertech
[2009.05.29 18:20:43 | 000,000,000 | -H-D | M] -- C:\Users\matze\AppData\Roaming\Nokia
[2009.07.02 21:01:36 | 000,000,000 | -H-D | M] -- C:\Users\matze\AppData\Roaming\Nokia Multimedia Player
[2011.01.17 21:09:38 | 000,000,000 | -H-D | M] -- C:\Users\matze\AppData\Roaming\Ohfaa
[2009.05.29 18:23:31 | 000,000,000 | -H-D | M] -- C:\Users\matze\AppData\Roaming\PC Suite
[2009.07.14 18:57:39 | 000,000,000 | -H-D | M] -- C:\Users\matze\AppData\Roaming\TuneUp Software
[2011.01.17 19:30:15 | 000,000,000 | -H-D | M] -- C:\Users\matze\AppData\Roaming\Upebav
[2011.04.22 17:16:19 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2011.04.22 17:53:47 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 72 bytes -> C:\Windows:4797B8233B9EBDB5
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:FEBEC560
 
< End of report >
--- --- ---


..und hier die Extras.TxtOTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 22.04.2011 18:12:55 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\matze\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 67,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 366,72 Gb Total Space | 224,23 Gb Free Space | 61,14% Space Free | Partition Type: NTFS
Drive H: | 550,13 Gb Total Space | 536,90 Gb Free Space | 97,60% Space Free | Partition Type: NTFS
 
Computer Name: MATZE-PC | User Name: matze | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3063F928-F892-4129-8B3E-F4DF118BD660}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{5C9E0860-9180-44A1-8C25-D07C3BE2ED10}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8F56C14A-85C7-465E-A26C-F2A3F7D8F99E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0141A656-698F-45BE-BACE-D99853390B29}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{0510D1A0-3D60-4A7A-9A12-A98BEA470671}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{0E11A761-8F06-4967-9BC9-CB319BB1E08C}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{0F259A4A-FFD5-4865-9799-590FD8AF6D43}" = dir=in | app=c:\program files (x86)\acer arcade live\acer videomagician\acer videomagician.exe | 
"{126C2BD5-830D-4CB5-A3CB-B27AEAF7D92A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{15DD727A-B5BB-41F5-96C5-7D69C5723273}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{1BF145E0-CD1F-4192-957D-480E2B3BA488}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{1F7200B6-861E-46D1-A4CD-BAA33A919459}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{20ABAC37-8F0A-4369-BB63-AAD8D8A88FE3}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{22C012B4-C2EA-4A5D-A0D3-47799822BF54}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{27B0CCD7-ECE7-481C-A0C8-884A221CB18F}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{2822797D-6AF4-40AD-AFD1-E05572094B30}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dv magician\acer dv magician.exe | 
"{295049DA-2EC4-4B93-AB99-6FF457FBD760}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{2F9E01B9-31E0-409C-AC6E-F73523A0536D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{3A796A12-8953-4A63-B617-5CFB4F57E650}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{42F1C0D0-B81D-40F0-9A9F-3F5A97D5158C}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia\acer homemedia.exe | 
"{483F0B91-778F-4089-B5FC-89B406EBB227}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{4B5E0829-7555-46EC-B20E-9AF2D2054C3A}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{4D2ADC22-FD23-42AC-809E-5118406682A4}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{4DE6B761-FC28-4CA4-A42A-E5A48DA096CD}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe | 
"{50141318-6B47-46F3-AE7F-305802C2728E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{5055EA3D-E755-45D5-9377-D0CF3181EA59}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{5438F06B-7410-4DBB-896E-82C7F413C721}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe | 
"{5763A13F-DC5B-43F5-8C21-8C422A3843FE}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{59347CC7-D8B8-43DE-936C-A636BFA18B44}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe | 
"{5CF4E20B-2E0C-49C2-9F92-51E59B458D3A}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{5F3FB66C-2D64-49F1-8687-E0DF7C8710E1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{60DC62CA-9D41-41D1-BAC4-E3DD80690168}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{6367AF85-967F-45F3-8FAB-436EDF5B6A16}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{66D6AF3A-5598-4958-80D6-2759277AC1BC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"{681A1985-5F8C-402E-AB1B-2ABD89F3B05B}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{6BCEEE6B-6951-4ACD-9214-C427E8A0EBA7}" = dir=in | app=c:\program files (x86)\acer arcade live\acer arcade live main page\acer arcade live.exe | 
"{6C3A857E-8A90-4536-8D20-9A0E95DC0AF1}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | 
"{6E4D4F84-CAC8-495A-BF25-0E2D24080E13}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{712A8248-624F-439D-A8BC-85605F39B363}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{72EABF01-1CE6-4AD0-8D86-141C206ABD90}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe | 
"{73D9BF11-4782-4DA3-9000-AE8DAA511887}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{75E2B5CE-6876-47A5-B15B-B7B6B5729960}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{834E99EF-8515-4B7C-A7F2-DE7F56C7E00C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{86EC2B8C-A9A2-4506-884F-979DDABFE627}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe | 
"{8B06FFCA-8ABF-4579-9550-6D366726EFD7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{8DE650C9-F116-4C4E-8049-4371A535933D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"{94440732-F1D5-4F72-942E-F1ED6120616D}" = dir=in | app=c:\program files (x86)\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | 
"{94FE809A-2318-4851-9FE1-D5EDC7EE48FB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{97F3B93F-0C8C-418D-A969-A164B2A95026}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{9AF4B5B7-E2F9-4683-A2C6-12E5E604BDA1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{9C8E78DA-40FD-4994-96BC-9EEEA8849D69}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{9FCB212C-76A9-4867-8BB7-7DCE4D2C3E48}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{A13B25C2-0344-46AB-A662-8382FF8C696E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{AD6005D6-FFA5-468F-BCED-55959C14A0E1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{B0385344-6921-4823-8AB8-4550F3B0EFF4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{B0C8DAD5-CF7B-461E-ADF6-49F9F02D96EA}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{B8A59FA9-4B55-4B22-8FC3-63AF8B6E6D39}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{BA2010D2-BF5D-4519-83E6-18390EA8C0F5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{BE618B1B-5EB6-4EF0-BC3C-9B82253222D5}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe | 
"{C4BEE35A-BF37-4442-BF3E-5B6D6F3B5FCE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{C6067BA4-A434-41A6-8006-50E9A3ECD155}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dvdivine\acer dvdivine.exe | 
"{CD9C5A91-B92D-447F-AFB5-E3075EA8BE0C}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\acer homemedia connect.exe | 
"{D0D7BA41-8748-4956-A83B-E9BA9A23506E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{D4676D16-2E2A-4E16-939F-2A8006063CCB}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{E309D758-ABBF-434A-B22B-072F7E6201F7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe | 
"{E803A12C-17E1-44A1-A0DD-8FD04E0732B2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{F5BA9C1D-BE86-4054-8172-AC82833CF659}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{F6564CA5-8A9A-48EA-AEEF-7F24FC961B17}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"TCP Query User{16CFB216-CD30-445B-BF48-F3BF11559BA8}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"TCP Query User{3906EF4C-9E31-4877-A7D4-B905F16A0FF3}C:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"TCP Query User{4C0BCAB2-019E-42E5-B385-397ED9D0DB7D}C:\users\matze\appdata\roaming\ohfaa\gaez.exe" = protocol=6 | dir=in | app=c:\users\matze\appdata\roaming\ohfaa\gaez.exe | 
"TCP Query User{55780B20-13D7-4C44-9089-088E7D96C733}C:\program files (x86)\ea games\battlefield 2\bf2_w32ded.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2_w32ded.exe | 
"TCP Query User{59851C55-6094-435F-823D-C1FAEAFE74E7}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe | 
"TCP Query User{93693459-7B22-4AE5-B6CE-8C8695B639E4}C:\users\matze\appdata\roaming\ohfaa\gaez.exe" = protocol=6 | dir=in | app=c:\users\matze\appdata\roaming\ohfaa\gaez.exe | 
"UDP Query User{0E170311-181B-45BE-916F-C31C86396179}C:\users\matze\appdata\roaming\ohfaa\gaez.exe" = protocol=17 | dir=in | app=c:\users\matze\appdata\roaming\ohfaa\gaez.exe | 
"UDP Query User{4F230573-5F9B-46BA-8079-8BCE825AF951}C:\users\matze\appdata\roaming\ohfaa\gaez.exe" = protocol=17 | dir=in | app=c:\users\matze\appdata\roaming\ohfaa\gaez.exe | 
"UDP Query User{82D6EF3D-4136-4AD4-9938-33A4A8D2C44E}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"UDP Query User{AB9E0807-32DD-4C6F-837B-37629C3ABBA8}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe | 
"UDP Query User{B964CEB8-3A99-42B4-A421-EBE3D4C38A83}C:\program files (x86)\ea games\battlefield 2\bf2_w32ded.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2_w32ded.exe | 
"UDP Query User{D807D6FD-87B2-4EC5-A399-54C717BEE5E0}C:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06FF213F-78F3-4E38-AFC2-69FD9D70DEE2}" = Nokia Phone Browser 64-bit
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{17E02F38-FF2D-4c3d-83DF-ECE2A1D20A5E}" = AIO_CDB_ToolboxIni64
"{249E9ED4-1C67-4DA5-9E39-F0F09AFD93B7}" = Logitech QuickCam
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel(R) Network Connections 13.1.33.0
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E5961659-16A2-47A7-BB7B-7B951F2B0BB3}" = PC Connectivity Solution 64-bit components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"lvdrivers_11.80" = Logitech QuickCam-Treiberpaket
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"PROSetDX" = Intel(R) Network Connections 13.1.33.0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Sparbuch 2009
"{02091327-B124-4216-9D71-58C0E24F5392}" = Nokia PC Suite
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}" = PC Connectivity Solution
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09F25F86-F957-4051-8AB2-0E0D948BBB5D}" = 1310
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BFFC6B8-4EC0-4240-858C-998FD4077983}" = Nokia Connectivity Cable Driver
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57634571-FD82-4BEC-B822-A1ED7765474F}_is1" = SmartLauncher
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59991D18-A988-45AB-B1BF-5ADE6E64CD3F}" = SnagIt 9
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4553DF-2095-4D10-92C0-17934733B51D}" = 1310_Help
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6D7E031C-4C05-4265-854A-FE9FDEA9984D}" = 1310Trb
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.0
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1973A71-BC23-4A8C-A0A0-2B0497B7EAF4}" = WISO Sparbuch 2008
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B7BD291B-D415-4484-89A4-82077504BE93}_is1" = SmartCopy
"{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}" = pdfforge Toolbar v1.0
"{B9B02A9E-8074-4C3F-AAE5-311528F34FED}" = NTI Photo Maker Hot Fix
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDA223A7-627F-4173-9CA4-A9C531BCBB62}" = NTI JewelCase Maker Hot Fix
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"AnyDVD" = AnyDVD
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.03
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BrothersInArms" = Brothers In Arms
"CloneDVD2" = CloneDVD2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 3.2.10
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{B9B02A9E-8074-4C3F-AAE5-311528F34FED}" = NTI Photo Maker Hot Fix
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{DDA223A7-627F-4173-9CA4-A9C531BCBB62}" = NTI JewelCase Maker Hot Fix
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"PunkBusterSvc" = PunkBuster Services
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16.04.2011 05:47:07 | Computer Name = Matze-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 16.04.2011 05:47:08 | Computer Name = Matze-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 16.04.2011 05:47:31 | Computer Name = Matze-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 16.04.2011 05:47:32 | Computer Name = Matze-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 16.04.2011 05:47:33 | Computer Name = Matze-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 16.04.2011 05:47:44 | Computer Name = Matze-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 16.04.2011 05:49:20 | Computer Name = Matze-PC | Source = Windows Search Service | ID = 3006
Description = 
 
Error - 16.04.2011 05:49:20 | Computer Name = Matze-PC | Source = Windows Search Service | ID = 3007
Description = 
 
Error - 16.04.2011 09:24:17 | Computer Name = Matze-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.04.2011 11:43:37 | Computer Name = Matze-PC | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 07.02.2010 12:16:12 | Computer Name = Matze-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8992
 seconds with 3300 seconds of active time.  This session ended with a crash.
 
Error - 22.05.2010 11:24:46 | Computer Name = Matze-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 568
 seconds with 360 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 22.04.2011 11:33:56 | Computer Name = Matze-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 22.04.2011 11:33:56 | Computer Name = Matze-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 22.04.2011 11:38:01 | Computer Name = Matze-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 22.04.2011 11:54:29 | Computer Name = Matze-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ElbyDelay.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 22.04.2011 11:54:33 | Computer Name = Matze-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ElbyDelay.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 22.04.2011 11:54:33 | Computer Name = Matze-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ElbyDelay.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 22.04.2011 11:54:33 | Computer Name = Matze-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ElbyDelay.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 22.04.2011 11:54:45 | Computer Name = Matze-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 22.04.2011 11:56:20 | Computer Name = Matze-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 22.04.2011 11:56:20 | Computer Name = Matze-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
--- --- ---


hier die Log Datei von Malwarebytes

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4052

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

22.04.2011 18:07:04
mbam-log-2011-04-22 (18-07-04).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 123015
Laufzeit: 4 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 25.04.2011, 14:36   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Kazy.mekml.1 eingefangen - Standard

TR/Kazy.mekml.1 eingefangen


Zitat:
Art des Suchlaufs: Quick-Scan
Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________

__________________
Alt 25.04.2011, 17:48   #3
matze1179
 
TR/Kazy.mekml.1 eingefangen - Standard

TR/Kazy.mekml.1 eingefangen


Hallo Arne,

vielen Dank für deine Hilfe.
Im Anhang findest du einen aktuellen Vollscan und einen Quickscan von heute Mittag.

Meine Antivir meldet zudem folgenden Fund:

In der Datei C:\ProgramData\42524424.exe wurde ein Virus oder unerwünschtes Programm TR/Kazy.mekml.1 gefunden

Vielen Dank.

Gruß Matze
__________________
Alt 25.04.2011, 20:32   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Kazy.mekml.1 eingefangen - Standard

TR/Kazy.mekml.1 eingefangen


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
PRC - C:\ProgramData\GoWNKtoBbTfMqRQ.exe (WinTrust)
@Alternate Data Stream - 72 bytes -> C:\Windows:4797B8233B9EBDB5
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:FEBEC560
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ebcad9e3-27ba-11df-b7d3-002268494d71}\Shell\AutoRun\command - "" = K:\Menu.exe
O4 - HKCU..\Run: [GoWNKtoBbTfMqRQ] C:\ProgramData\GoWNKtoBbTfMqRQ.exe (WinTrust)
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Searc
:Files
C:\ProgramData\~*
C:\ProgramData\4*
C:\ProgramData\GoWNKtoBbTfMqRQ.exe
C:\Users\matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 25.04.2011, 20:58   #5
matze1179
 
TR/Kazy.mekml.1 eingefangen - Standard

TR/Kazy.mekml.1 eingefangen


ich habe deine Anweisungen befolgt. Aber OTL hat "einen Fehler beim Erstellen der LogFiles"
Das System kann den angegebenen Pfad nicht finden!?!?

Mache ich was falsch?
Antivir ist aus..


Alt 26.04.2011, 07:32   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Kazy.mekml.1 eingefangen - Standard

TR/Kazy.mekml.1 eingefangen


Wiederhol den Fix bitte...
__________________
--> TR/Kazy.mekml.1 eingefangen

Alt 26.04.2011, 12:15   #7
matze1179
 
TR/Kazy.mekml.1 eingefangen - Standard

TR/Kazy.mekml.1 eingefangen


Hallo,

selbst der dritte Versuch ist fehlgeschlagen :-(
Ich bekomme immer den gleichen Fehler!?!?

Gruß
Matze

Alt 26.04.2011, 13:00   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Kazy.mekml.1 eingefangen - Standard

TR/Kazy.mekml.1 eingefangen


Du musst OTL per Rechtsklick als Admin ausführen. Machst du das?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.04.2011, 18:29   #9
matze1179
 
TR/Kazy.mekml.1 eingefangen - Standard

TR/Kazy.mekml.1 eingefangen


ich habe nun alles ausprobiert. Es bleibt bei der selben Fehlermeldung.
Das System kann den Pfad nicht finden...

Alt 26.04.2011, 18:58   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Kazy.mekml.1 eingefangen - Standard

TR/Kazy.mekml.1 eingefangen


Probiers mal mit diesem Script:

Code:
ATTFilter
:OTL
@Alternate Data Stream - 72 bytes -> C:\Windows:4797B8233B9EBDB5
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:FEBEC560
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ebcad9e3-27ba-11df-b7d3-002268494d71}\Shell\AutoRun\command - "" = K:\Menu.exe
O4 - HKCU..\Run: [GoWNKtoBbTfMqRQ] C:\ProgramData\GoWNKtoBbTfMqRQ.exe (WinTrust)
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Searc
:Files
C:\ProgramData\~*
C:\ProgramData\4*
C:\ProgramData\GoWNKtoBbTfMqRQ.exe
C:\Users\matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
:Commands
[purity]
[resethosts]
[emptytemp]
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.04.2011, 19:05   #11
matze1179
 
TR/Kazy.mekml.1 eingefangen - Standard

TR/Kazy.mekml.1 eingefangen


klappt leider immer noch nicht. gleicher Fehler :-(

Alt 26.04.2011, 19:23   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Kazy.mekml.1 eingefangen - Standard

TR/Kazy.mekml.1 eingefangen


Beschneiden wir es weiter.......probiers damit nochmal

Code:
ATTFilter
:OTL
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Searc
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ebcad9e3-27ba-11df-b7d3-002268494d71}\Shell\AutoRun\command - "" = K:\Menu.exe
O4 - HKCU..\Run: [GoWNKtoBbTfMqRQ] C:\ProgramData\GoWNKtoBbTfMqRQ.exe (WinTrust)
@Alternate Data Stream - 72 bytes -> C:\Windows:4797B8233B9EBDB5
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:FEBEC560
:Files
C:\ProgramData\~*
C:\ProgramData\4*
C:\ProgramData\GoWNKtoBbTfMqRQ.exe
C:\Users\matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.04.2011, 19:37   #13
matze1179
 
TR/Kazy.mekml.1 eingefangen - Standard

TR/Kazy.mekml.1 eingefangen


jetzt kam sofort der Abbruch. vorher hat es immer ein paar Sekunden gedauert.
ist das richtig dass einmal "ICQ Search" und einmal "ICQ Searc steht?
Habe da ja keine Ahnung von :-)

in der Anlage habe ich dir mal die Benutzeroberseite von OTL gepostet wie die Einstellungen vorbelegt sind.
Miniaturansicht angehängter Grafiken
TR/Kazy.mekml.1 eingefangen-otl.jpg  

Alt 27.04.2011, 08:52   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Kazy.mekml.1 eingefangen - Standard

TR/Kazy.mekml.1 eingefangen


ICQ Search im Firefox. Das Teil war mal bei einem Bekannten sehr hartnäckig, deswegen fix ich das meistens. Betrifft nur die Suchleiste im Firefox.

Lief der Fix jetzt durch?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.04.2011, 18:15   #15
matze1179
 
TR/Kazy.mekml.1 eingefangen - Standard

TR/Kazy.mekml.1 eingefangen


ne der Fix bricht leider sofort ab. :-(

Antwort
Seite 1 von 3 1 23

Themen zu TR/Kazy.mekml.1 eingefangen
alternate, anleitung, antivir, avgntflt.sys, benötige, beschädigt, black, call of duty, dateien, desktop, diner dash, dinge, eingefangen, fehler, festplatte, festplatte beschädigt, geladen, gen, helper.exe, heute, hilfe!, ide, igoogle, install.exe, location, log datei, log-datei, meldungen, microsoft office word, morgen, neustart, office 2007, officejet, oldtimer, pdfforge toolbar, platte, runde, saver, sched.exe, schwarz, searchplugins, security scan, security update, shell32.dll, shortcut, sptd.sys, start menu, studio, symbole, syswow64, trojaner, usb 2.0, versucht, world at war


« TR/Crypt.Xpack.Gen3 gefunden :(((( | avgwdsvc.exe legte mein Notebook lahm »


Ähnliche Themen: TR/Kazy.mekml.1 eingefangen


  1. Habe mir ebenfalls TR/Kazy.mekml.1 eingefangen
    Log-Analyse und Auswertung - 08.06.2011 (18)
  2. Habe mir u. A. TR/Kazy.mekml.1 eingefangen
    Plagegeister aller Art und deren Bekämpfung - 30.05.2011 (22)
  3. Habe mir ebenfalls TR/Kazy.mekml.1 eingefangen
    Log-Analyse und Auswertung - 19.05.2011 (39)
  4. TR/kazy.mekml.1 eingefangen
    Log-Analyse und Auswertung - 19.05.2011 (18)
  5. TR/Kazy.mekml.1 eingefangen
    Plagegeister aller Art und deren Bekämpfung - 06.05.2011 (1)
  6. Hab mir auch den TR/Kazy.mekml.1 eingefangen
    Plagegeister aller Art und deren Bekämpfung - 06.05.2011 (23)
  7. TR/Kazy.mekml.1 eingefangen
    Plagegeister aller Art und deren Bekämpfung - 02.05.2011 (9)
  8. Kazy.mekml.1 eingefangen!
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (15)
  9. TR/Kazy.mekml.1 eingefangen
    Log-Analyse und Auswertung - 30.04.2011 (18)
  10. TR/Kazy.mekml.1 eingefangen! Und nun...?
    Log-Analyse und Auswertung - 29.04.2011 (6)
  11. Trojaner TR/Kazy.mekml.1 eingefangen
    Plagegeister aller Art und deren Bekämpfung - 29.04.2011 (5)
  12. TR/Kazy.mekml.1 am 21.4. leider eingefangen
    Log-Analyse und Auswertung - 28.04.2011 (19)
  13. Trojaner TR/kazy.mekml.1 eingefangen :-(
    Log-Analyse und Auswertung - 28.04.2011 (7)
  14. TR/Kazy.mekml.1 eingefangen - Logs erstellt
    Log-Analyse und Auswertung - 26.04.2011 (13)
  15. TR/Kazy.mekml.1 - auf welcher Seite habe ich ihn mir eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 26.04.2011 (1)
  16. Habe mir TR/Kazy.mekml.1 eingefangen, OTL+Malwarebytes anhängend
    Log-Analyse und Auswertung - 25.04.2011 (1)
  17. Virus TR/Kazy.mekml.1 eingefangen
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (13)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/Kazy.mekml.1 eingefangen - Hallo in die Runde, Seit heute morgen zeigt mir Antivir an, dass der Trojaner „TP/Kazy.mekml.1“ gefunden wurde. Hinzu kommen noch Meldungen, dass meine Festplatte beschädigt sei (kritischer Fehler), dass der - TR/Kazy.mekml.1 eingefangen...
Archiv
Du betrachtest: TR/Kazy.mekml.1 eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19