|
Plagegeister aller Art und deren Bekämpfung: TR/Kazy.mekml.1Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
22.04.2011, 20:54 | #1 |
| TR/Kazy.mekml.1 Moin, derLaptop meiner Freundin hat seit heute anscheinend einen Trojaner. Ich bekomme beim Anmelden immer die Meldung, dass der Trojaner TR/Kazy.mekml.1 auf dem Rechner ist und das alle Daten gefährdet sind. Zudem sind viele Unterlagen auf dem Desktop sowie das Hintergrundbild nicht mehr da. Wenn ich unhide laufen lasse kommen diese jedoch wieder. Bei´m Scan mit OTL erhalte ich folgenden Extras.Txt: OTL Extras logfile created on: 22.04.2011 21:44:11 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Andrea\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,97 Gb Total Space | 82,71 Gb Free Space | 55,52% Space Free | Partition Type: NTFS Drive E: | 147,66 Gb Total Space | 142,39 Gb Free Space | 96,43% Space Free | Partition Type: NTFS Computer Name: ANDREA-PC | User Name: Andrea1 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{086450C7-FB18-4B05-A872-1A5885A513B6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{33F1130D-06AF-4FF9-9E57-4FDB62CE1706}" = lport=139 | protocol=6 | dir=in | app=system | "{356D9BC7-7E1B-42CA-8799-F718C5F9043D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{53852064-3670-4063-ADB7-EFA2580DA6F5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{55B8FB4F-4A71-42C4-8747-E3A08CBCFC95}" = rport=445 | protocol=6 | dir=out | app=system | "{57669D3A-7C80-4D3D-BCAA-E7D32145A251}" = lport=445 | protocol=6 | dir=in | app=system | "{62B33F70-A522-4A40-98FD-5A62F9CE749D}" = rport=139 | protocol=6 | dir=out | app=system | "{758F3786-A41D-4EA7-BABA-B48F90D7468D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{75D1E3B1-D6E1-4608-8F60-6E9E7F6C81D3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{7FBEE97B-EEDA-4A57-B0D0-09C0774563C7}" = lport=137 | protocol=17 | dir=in | app=system | "{A79E88D7-4522-4812-9ADB-B816BF87116F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{A9C90BFD-12E2-4A44-BA81-68E289B85D65}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{AD349D8E-EC61-42A3-AEE7-2DD9D37C664C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{BD50C701-A3E4-422A-B67F-117CB6D5C1E3}" = lport=138 | protocol=17 | dir=in | app=system | "{D9BAE7F0-8AD2-4505-B32D-87DA937F2A47}" = rport=137 | protocol=17 | dir=out | app=system | "{EFAF438D-B37A-4FAB-A1CB-2964F00B4D20}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F27E365F-DDCB-49CD-9CA1-3C7918ED3515}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F3D9FF2F-3C79-4971-995B-29C4401A1F5C}" = rport=138 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0DBFA28F-8F3F-4BEF-981E-CAA5DE845E2A}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | "{1C725F8F-B010-49BB-99B0-797370A61D38}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | "{275D31F0-4A75-4760-9B97-C07344DF977B}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | "{32AD75AE-1E37-4E30-BDB0-A1F1815477B2}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{378FF86F-890E-422A-B4CE-D797B2DE3F87}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | "{42437B29-3EE1-44B9-ABEE-A5378B67E0EA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4B968062-5AE0-4382-9B56-AEED7AF579C3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{559F2720-5B49-4E80-A6E5-E9CA0B85EB0B}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe | "{59B7B195-44C0-47A1-B94E-EE8105CC6471}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | "{804CE5A1-4BF8-47E4-8DFA-EFD4A1A0746A}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | "{850D89F1-6161-4D91-BEEA-A758EBA054A0}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{863B0C3B-AB8C-4875-BC81-5FAD643105F8}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{895B9336-F104-44F0-AC5B-46762939C60C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9108C2FA-1674-489C-B28C-9485D6CB8AD6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{97E5C94E-60FA-4558-A38C-699687D926C6}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{9B6AB200-65E9-4EA3-914F-6667333D6D58}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | "{A13B1D05-626B-4F90-A65C-57EADC9DF58D}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | "{AF42372F-5EC9-4944-BD3B-B55B823CE949}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | "{BEC5F8D6-02E7-4F3E-B55C-49A704F4247E}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | "{C0F6F161-78A1-4483-89A7-F14FC7605BA6}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | "{D1EF1BFB-36F8-4C00-BCFA-B1712E3E78A0}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe | "{D79F9AF7-AE32-4B61-B2EB-488E1A1B0524}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{E0757288-CBBC-4347-B000-92912D547470}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{E3600A7D-337D-4B54-928B-7CDC406B27D8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{E500B1BD-BC1A-47F3-957F-3BB878EA6B97}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | "{F59B719A-8E86-4628-A797-0B55D87D4A0E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "TCP Query User{04EFC5B4-6CAF-41C0-B78C-B1BDF71BCC4C}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "TCP Query User{1A46F5CB-FADF-4034-8C60-F733F39D7D25}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "TCP Query User{3FBBD732-CB40-422A-92A8-572ED03CBC2E}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "TCP Query User{52417E9E-737A-4499-B759-58BAE0F719C9}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{660046E7-F2F0-4AF8-9AF5-FA7A46165620}E:\spiele\counterstrike an wilkespc (192.168.0.55)\hl2.exe" = protocol=6 | dir=in | app=e:\spiele\counterstrike an wilkespc (192.168.0.55)\hl2.exe | "TCP Query User{776B2270-4922-4B43-A5D1-2DB4F09A468C}E:\spiele\mohaa\mohaa.exe" = protocol=6 | dir=in | app=e:\spiele\mohaa\mohaa.exe | "TCP Query User{9E2877AA-85FA-4F47-A0BF-F7CD9FFB9099}E:\spiele\cod 4\iw3mp.exe" = protocol=6 | dir=in | app=e:\spiele\cod 4\iw3mp.exe | "TCP Query User{B5BBB869-FD73-4F57-B332-B044704DE0EC}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{C7C808ED-439F-4F9B-A5E3-CC18D4297637}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | "TCP Query User{D8C1F7DE-E6D6-4040-BCD2-87AF73DF3E23}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | "UDP Query User{01224E14-4F3A-40C6-ADCB-0C7C484F12B7}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | "UDP Query User{3F7B55C9-DD98-4252-9682-445C33D09DA5}E:\spiele\mohaa\mohaa.exe" = protocol=17 | dir=in | app=e:\spiele\mohaa\mohaa.exe | "UDP Query User{47604929-AABE-4AE3-B713-2D1694D97A09}E:\spiele\counterstrike an wilkespc (192.168.0.55)\hl2.exe" = protocol=17 | dir=in | app=e:\spiele\counterstrike an wilkespc (192.168.0.55)\hl2.exe | "UDP Query User{71F8BA21-4EB5-4B93-8785-2F7638F5D9E1}E:\spiele\cod 4\iw3mp.exe" = protocol=17 | dir=in | app=e:\spiele\cod 4\iw3mp.exe | "UDP Query User{8FDFA437-ECCE-4908-8652-75243A054693}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{A3E26B06-C4C2-4AFA-86C5-15F17ABCAFAC}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{BE51F503-6D8C-4A12-B7C4-4985D2FDB78C}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{BEEC8CE4-91C5-4C82-8F0C-5219A47EFE07}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{CB6B70EF-9C05-43A2-9C35-9F01FBA72834}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | "UDP Query User{F4145CA6-DBA5-4C9B-83F6-98839812BEB2}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library "{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24 "{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision "{364EC092-93CF-4DDC-9D7A-7278452028E0}" = Logitech QuickCam "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc "{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password "{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4 "{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder "{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax "{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista "{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B "{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0 "{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{F1568757-E564-4cb5-8980-9333119A4384}" = F300 "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA "{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Azureus" = Azureus "CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP "ElsterFormular für Privatanwender und Unternehmer 12.1.1.6214k" = ElsterFormular für Privatanwender und Unternehmer "EPSON BX525WD Series" = EPSON BX525WD Series Printer Uninstall "EPSON BX525WD Series Manual" = EPSON BX525WD Series Handbuch "EPSON BX525WD Series Network Guide" = EPSON BX525WD Series Netzwerk-Handbuch "EPSON Scanner" = EPSON Scan "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "FreePDF_XP" = FreePDF (Remove only) "GPL Ghostscript 8.70" = GPL Ghostscript 8.70 "HDMI" = Intel(R) Graphics Media Accelerator Driver "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "HPOCR" = HP OCR Software 8.0 "ICQToolbar" = ICQ Toolbar "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder "InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "myphotobook" = myphotobook 3.5 "Picasa2" = Picasa 2 "QcDrv" = Logitech® Camera-Treiber "Redirection Port Monitor" = RedMon - Redirection Port Monitor "SynTPDeinstKey" = Synaptics Pointing Device Driver "Uninstall_is1" = Uninstall 1.0.0.1 "Winamp" = Winamp "Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox "Windows Media Encoder 9" = Windows Media Encoder 9-Reihe "ZonerPhotoStudio11_EN_is1" = Zoner Photo Studio 11 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 28.02.2011 13:32:05 | Computer Name = Andrea-PC | Source = WinMgmt | ID = 10 Description = Error - 05.03.2011 04:01:09 | Computer Name = Andrea-PC | Source = WinMgmt | ID = 10 Description = Error - 06.03.2011 18:09:45 | Computer Name = Andrea-PC | Source = WinMgmt | ID = 10 Description = Error - 11.03.2011 04:47:02 | Computer Name = Andrea-PC | Source = Avira AntiVir | ID = 4118 Description = AUSNAHMEFEHLER beim Aufruf der Funktion <Scan> für die Datei C:\Users\Andrea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4L51TFM3\CAYJ7KN0CAYKQ3RFCA5J32EQCAOV0WJGCAG164EVCAERHD8BCACU7GQ3CAZZZBN2CA9121C8CA90ZA0TCAZAZ1O7CA36S1ZECAADK3LOCA3SBFDICA202VU 9CAFS1CFMCAC4PCM5CASBKAZHCAO5F403.jpg. [ACCESS_VIOLATION Exception!! EIP = 0x1c32288] Bitte Avira informieren und die obige Datei übersenden! Error - 13.03.2011 16:58:46 | Computer Name = Andrea-PC | Source = WinMgmt | ID = 10 Description = Error - 14.03.2011 15:42:27 | Computer Name = Andrea-PC | Source = WinMgmt | ID = 10 Description = Error - 18.03.2011 10:31:26 | Computer Name = Andrea-PC | Source = WinMgmt | ID = 10 Description = Error - 18.03.2011 10:31:54 | Computer Name = Andrea-PC | Source = Windows Search Service | ID = 3013 Description = Error - 18.03.2011 10:31:54 | Computer Name = Andrea-PC | Source = Windows Search Service | ID = 3013 Description = Error - 20.03.2011 17:48:07 | Computer Name = Andrea-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 22.04.2011 11:44:27 | Computer Name = Andrea-PC | Source = DCOM | ID = 10010 Description = Error - 22.04.2011 13:26:53 | Computer Name = Andrea-PC | Source = DCOM | ID = 10016 Description = Error - 22.04.2011 13:26:53 | Computer Name = Andrea-PC | Source = DCOM | ID = 10016 Description = Error - 22.04.2011 13:35:53 | Computer Name = Andrea-PC | Source = DCOM | ID = 10010 Description = Error - 22.04.2011 15:00:35 | Computer Name = Andrea-PC | Source = DCOM | ID = 10016 Description = Error - 22.04.2011 15:00:35 | Computer Name = Andrea-PC | Source = DCOM | ID = 10016 Description = Error - 22.04.2011 15:17:58 | Computer Name = Andrea-PC | Source = DCOM | ID = 10016 Description = Error - 22.04.2011 15:17:58 | Computer Name = Andrea-PC | Source = DCOM | ID = 10016 Description = Error - 22.04.2011 15:26:56 | Computer Name = Andrea-PC | Source = DCOM | ID = 10016 Description = Error - 22.04.2011 15:26:59 | Computer Name = Andrea-PC | Source = DCOM | ID = 10016 Description = < End of report > Der OTL.Txt lautet folgendermaßen: OTL logfile created on: 22.04.2011 21:44:11 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Andrea\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,97 Gb Total Space | 82,71 Gb Free Space | 55,52% Space Free | Partition Type: NTFS Drive E: | 147,66 Gb Total Space | 142,39 Gb Free Space | 96,43% Space Free | Partition Type: NTFS Computer Name: ANDREA-PC | User Name: Andrea1 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Andrea\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGAU.EXE (SEIKO EPSON CORPORATION) PRC - C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Internet Explorer\ieuser.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Winamp\winampa.exe () PRC - C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe () PRC - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) PRC - c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\Logitech\QuickCam\Quickcam.exe () PRC - C:\Programme\Common Files\logishrd\LComMgr\Communications_Helper.exe () PRC - C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe (Logitech Inc.) PRC - C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programme\Common Files\logishrd\LVCOMSER\LVComSer.exe (Logitech Inc.) PRC - C:\Programme\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA) PRC - C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Andrea\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\Common Files\logishrd\LVMVFM\LVPrcInj.dll (Logitech Inc.) ========== Win32 Services (SafeList) ========== SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TosCoSrv) -- c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (TOSHIBA SMART Log Service) -- c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (LVSrvLauncher) -- C:\Programme\Common Files\logishrd\SrvLnch\SrvLnch.exe (Logitech Inc.) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) SRV - (EpsonBidirectionalService) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.) DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation ) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.) DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys (Logitech Inc.) DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4195781533-2231758657-602456709-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de IE - HKU\S-1-5-21-4195781533-2231758657-602456709-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKU\S-1-5-21-4195781533-2231758657-602456709-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-4195781533-2231758657-602456709-1001\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-4195781533-2231758657-602456709-1001\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-4195781533-2231758657-602456709-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4195781533-2231758657-602456709-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de IE - HKU\S-1-5-21-4195781533-2231758657-602456709-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de IE - HKU\S-1-5-21-4195781533-2231758657-602456709-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-4195781533-2231758657-602456709-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKU\S-1-5-21-4195781533-2231758657-602456709-1001\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe () O4 - HKLM..\Run: [NDSTray.exe] File not found O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] File not found O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-4195781533-2231758657-602456709-1001..\Run: [Epson Stylus Office BX525WD(Netzwerk)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGAU.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-4195781533-2231758657-602456709-1001..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-4195781533-2231758657-602456709-1001..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe () O4 - HKU\S-1-5-21-4195781533-2231758657-602456709-1001..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4195781533-2231758657-602456709-1004..\Run: [EPSON BX525WD Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGAU.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-4195781533-2231758657-602456709-1004..\Run: [Epson Stylus Office BX525WD(Netzwerk)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGAU.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-4195781533-2231758657-602456709-1004..\Run: [EPSON670282 (Epson Stylus Office BX525WD)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGAU.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-4195781533-2231758657-602456709-1004..\Run: [TOSCDSPD] File not found O4 - HKU\S-1-5-21-4195781533-2231758657-602456709-1004..\Run: [tPaGgPbDdnkYyE] C:\ProgramData\tPaGgPbDdnkYyE.exe (WinTrust) O4 - HKU\S-1-5-21-4195781533-2231758657-602456709-1004..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Andrea1\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Andrea1\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.22 19:48:16 | 000,000,000 | ---D | C] -- C:\Users\Andrea1\AppData\Local\PackageAware [2011.04.22 17:17:46 | 000,569,344 | ---- | C] (WinTrust) -- C:\ProgramData\tPaGgPbDdnkYyE.exe [2011.04.16 03:04:53 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.16 03:04:53 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.16 03:04:44 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.16 03:04:44 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.16 03:04:20 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.16 03:04:01 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.16 03:04:01 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.16 03:04:01 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.16 03:04:01 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.16 03:04:00 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2011.04.16 03:03:59 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.16 03:03:09 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.16 03:02:54 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.16 03:02:53 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.08 12:32:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.4 [2011.04.08 12:31:26 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.4 [2011.04.04 20:34:10 | 000,000,000 | ---D | C] -- C:\Users\Andrea1\AppData\Roaming\elsterformular [2011.04.04 20:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular [2011.04.04 20:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.22 21:31:31 | 000,679,420 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.22 21:31:31 | 000,638,542 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.22 21:31:31 | 000,148,770 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.22 21:31:31 | 000,121,908 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.22 21:26:14 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.22 21:26:14 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.22 21:25:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.22 21:25:40 | 2136,961,024 | -HS- | M] () -- C:\hiberfil.sys [2011.04.22 17:17:45 | 000,569,344 | ---- | M] (WinTrust) -- C:\ProgramData\tPaGgPbDdnkYyE.exe [2011.04.18 22:11:25 | 000,319,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.08 12:32:15 | 000,001,614 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.4.lnk [2011.04.04 20:32:49 | 000,000,527 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.08 12:32:15 | 000,001,614 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.4.lnk [2011.04.04 20:32:49 | 000,000,527 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2010.11.15 17:30:15 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2010.11.15 17:10:14 | 000,058,163 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2010.01.06 17:40:15 | 000,164,284 | ---- | C] () -- C:\Windows\hpoins19.dat [2010.01.06 17:39:54 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat [2009.11.10 11:45:26 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2009.11.10 11:45:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2009.10.20 18:49:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.20 18:49:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008.09.20 18:24:10 | 000,000,095 | ---- | C] () -- C:\Users\Andrea1\AppData\Local\fusioncache.dat [2008.09.01 16:00:34 | 000,000,016 | ---- | C] () -- C:\Users\Andrea1\AppData\Roaming\mxfilerelatedcache.mxc2 [2008.09.01 16:00:30 | 000,000,016 | ---- | C] () -- C:\Users\Andrea1\AppData\Local\mxfilerelatedcache.mxc2 [2008.08.08 23:40:53 | 000,007,168 | ---- | C] () -- C:\Users\Andrea1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.08.06 16:55:21 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.08.05 14:34:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.08.04 17:22:07 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2008.08.04 17:22:07 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2008.08.04 17:22:07 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2008.08.04 17:22:07 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2008.08.04 17:18:47 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll [2008.02.22 11:34:00 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2008.02.18 17:58:18 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.02.18 17:44:09 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2008.02.18 17:44:09 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2008.02.18 17:44:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2008.02.18 17:44:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2008.02.18 17:44:09 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2008.02.18 17:44:09 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2008.02.18 16:57:01 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.02.18 16:55:43 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2008.02.18 16:55:43 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2008.02.18 16:55:43 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll [2008.02.18 16:55:43 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2008.01.21 09:15:58 | 000,679,420 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,148,770 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.07.18 18:42:42 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,319,616 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,638,542 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,121,908 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2010.12.28 10:40:47 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Epson [2011.04.19 17:52:59 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\ICQ [2010.05.18 17:57:25 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\myphotobook [2010.10.11 10:35:01 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Zoner [2011.04.04 20:34:17 | 000,000,000 | ---D | M] -- C:\Users\Andrea1\AppData\Roaming\elsterformular [2011.03.17 23:14:36 | 000,000,000 | ---D | M] -- C:\Users\Andrea1\AppData\Roaming\Epson [2011.04.08 12:33:49 | 000,000,000 | ---D | M] -- C:\Users\Andrea1\AppData\Roaming\ICQ [2008.09.18 11:27:01 | 000,000,000 | ---D | M] -- C:\Users\Andrea1\AppData\Roaming\ICQ Toolbar [2010.01.06 19:59:27 | 000,000,000 | ---D | M] -- C:\Users\Andrea1\AppData\Roaming\Image Zone Express [2009.09.02 15:08:04 | 000,000,000 | ---D | M] -- C:\Users\Andrea1\AppData\Roaming\myphotobook [2010.01.06 18:40:17 | 000,000,000 | ---D | M] -- C:\Users\Andrea1\AppData\Roaming\Printer Info Cache [2008.08.04 18:53:43 | 000,000,000 | ---D | M] -- C:\Users\Andrea1\AppData\Roaming\Toshiba [2011.04.22 21:24:58 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Kann da jemand helfen? |
25.04.2011, 14:46 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekml.1 Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
25.04.2011, 21:41 | #3 |
| TR/Kazy.mekml.1 Hey,
__________________ich habe einige Programme aktualisiert (Internet Explorer, Acrobat Reader und auch AntiVir) und habe AntiVir sowie Malewarebyte durchlaufen lassen. Dort wurde der Trojaner gefunden. Ich habe ihn in ausfindig gemacht und anschließend in den Papierkorb gehauen und diesen geleert. Anschließend habe ich Mailwarebyte nochmals durchlaufen lassen, und es wird kein Trojaner mehr gefunden. Der Log sieht folgendermaßen aus: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6441 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 25.04.2011 22:27:14 mbam-log-2011-04-25 (22-27-14).txt Scan type: Quick scan Objects scanned: 133481 Time elapsed: 8 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Ich hoffe, dass jetzt wieder alles clean ist, oder muss ich noch was beachten? Besten Dank! |
26.04.2011, 10:07 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekml.1Zitat:
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
27.04.2011, 19:03 | #5 |
| TR/Kazy.mekml.1 Hier der Log aus dem Vollscan mit Malewarebytes. Ältere Logs sind nicht vorhanden. Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Database version: 6441 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 26.04.2011 23:48:31 mbam-log-2011-04-26 (23-48-31).txt Scan type: Full scan (C:\|E:\|) Objects scanned: 265273 Time elapsed: 1 hour(s), 10 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) |
27.04.2011, 19:31 | #6 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekml.1Zitat:
__________________ --> TR/Kazy.mekml.1 |
28.04.2011, 20:48 | #7 |
| TR/Kazy.mekml.1 So, hier also nochmal, mit einem tagesaktuellem Update der Log: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6464 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 28.04.2011 20:16:06 mbam-log-2011-04-28 (20-16-06).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Durchsuchte Objekte: 298749 Laufzeit: 1 Stunde(n), 45 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
28.04.2011, 21:00 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekml.1 Poste bitte frische OTL-Logs: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
30.04.2011, 08:57 | #9 |
| TR/Kazy.mekml.1 Hier der OTL.Txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.04.2011 09:43:04 - Run 3 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Andrea\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,97 Gb Total Space | 81,87 Gb Free Space | 54,96% Space Free | Partition Type: NTFS Drive E: | 147,66 Gb Total Space | 142,39 Gb Free Space | 96,43% Space Free | Partition Type: NTFS Computer Name: ANDREA-PC | User Name: Andrea1 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Users\Andrea\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGAU.EXE (SEIKO EPSON CORPORATION) PRC - C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Winamp\winampa.exe () PRC - C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe () PRC - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) PRC - c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\Logitech\QuickCam\Quickcam.exe () PRC - C:\Programme\Common Files\logishrd\LComMgr\Communications_Helper.exe () PRC - C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe (Logitech Inc.) PRC - C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programme\Common Files\logishrd\LVCOMSER\LVComSer.exe (Logitech Inc.) PRC - C:\Programme\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA) PRC - C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Andrea\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\Common Files\logishrd\LVMVFM\LVPrcInj.dll (Logitech Inc.) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TosCoSrv) -- c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (TOSHIBA SMART Log Service) -- c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (LVSrvLauncher) -- C:\Programme\Common Files\logishrd\SrvLnch\SrvLnch.exe (Logitech Inc.) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) SRV - (EpsonBidirectionalService) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.) DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation ) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.) DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys (Logitech Inc.) DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Google IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4195781533-2231758657-602456709-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Google IE - HKU\S-1-5-21-4195781533-2231758657-602456709-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-4195781533-2231758657-602456709-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-4195781533-2231758657-602456709-1001\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-4195781533-2231758657-602456709-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4195781533-2231758657-602456709-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Google IE - HKU\S-1-5-21-4195781533-2231758657-602456709-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-4195781533-2231758657-602456709-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-4195781533-2231758657-602456709-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKU\S-1-5-21-4195781533-2231758657-602456709-1001\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKU\S-1-5-21-4195781533-2231758657-602456709-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NDSTray.exe] File not found O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] File not found O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-4195781533-2231758657-602456709-1001..\Run: [Epson Stylus Office BX525WD(Netzwerk)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGAU.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-4195781533-2231758657-602456709-1001..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe () O4 - HKU\S-1-5-21-4195781533-2231758657-602456709-1001..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4195781533-2231758657-602456709-1004..\Run: [EPSON BX525WD Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGAU.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-4195781533-2231758657-602456709-1004..\Run: [Epson Stylus Office BX525WD(Netzwerk)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGAU.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-4195781533-2231758657-602456709-1004..\Run: [EPSON670282 (Epson Stylus Office BX525WD)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGAU.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-4195781533-2231758657-602456709-1004..\Run: [swg] File not found O4 - HKU\S-1-5-21-4195781533-2231758657-602456709-1004..\Run: [TOSCDSPD] File not found O4 - HKU\S-1-5-21-4195781533-2231758657-602456709-1004..\Run: [tPaGgPbDdnkYyE] File not found O4 - HKU\S-1-5-21-4195781533-2231758657-602456709-1004..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Andrea1\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Andrea1\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.25 20:17:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.04.25 18:26:03 | 000,000,000 | ---D | C] -- C:\Users\Andrea1\AppData\Roaming\Avira [2011.04.25 18:17:18 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.04.25 18:17:18 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.25 18:17:17 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.04.25 18:17:17 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.04.25 18:17:17 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.04.25 18:17:17 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.04.25 18:17:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.25 18:17:16 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.25 18:17:15 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.04.25 18:17:15 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.25 18:17:15 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.25 18:17:15 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.04.25 18:17:15 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.04.25 18:17:15 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.25 18:17:14 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.25 18:17:14 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.25 18:17:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.04.25 18:17:14 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.04.25 18:17:14 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.25 18:17:14 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.25 18:17:14 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.25 18:17:13 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.25 18:17:13 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.25 18:17:13 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.04.25 18:17:13 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.04.25 18:17:12 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.25 18:17:12 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.04.25 18:17:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.25 18:17:12 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.04.25 18:17:12 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.04.25 18:17:11 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.04.25 18:17:11 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.25 18:17:11 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.04.25 18:17:11 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.25 18:17:11 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.04.25 18:17:10 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.04.25 18:17:10 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.04.25 18:17:10 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.25 18:17:10 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.25 17:21:44 | 000,000,000 | ---D | C] -- C:\Users\Andrea1\AppData\Roaming\Malwarebytes [2011.04.25 17:21:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.25 17:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.25 17:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.25 17:21:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.25 17:21:21 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.22 19:48:16 | 000,000,000 | ---D | C] -- C:\Users\Andrea1\AppData\Local\PackageAware [2011.04.16 03:04:53 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.16 03:04:53 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.16 03:04:44 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.16 03:04:44 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.16 03:04:20 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.16 03:03:09 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.04 20:34:10 | 000,000,000 | ---D | C] -- C:\Users\Andrea1\AppData\Roaming\elsterformular [2011.04.04 20:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular [2011.04.04 20:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.30 09:37:45 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.30 09:36:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.30 03:02:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.29 23:27:28 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.29 23:27:28 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.28 10:57:11 | 000,679,420 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.28 10:57:11 | 000,638,542 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.28 10:57:11 | 000,148,770 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.28 10:57:11 | 000,121,908 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.25 22:31:38 | 2136,961,024 | -HS- | M] () -- C:\hiberfil.sys [2011.04.25 20:18:43 | 000,000,680 | ---- | M] () -- C:\Users\Andrea1\AppData\Local\d3d9caps.dat [2011.04.25 20:17:26 | 000,002,078 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2011.04.25 18:27:00 | 000,007,680 | ---- | M] () -- C:\Users\Andrea1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.25 18:17:37 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011.04.25 18:17:37 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011.04.25 18:17:18 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.04.25 18:17:18 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.25 18:17:17 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.04.25 18:17:17 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.04.25 18:17:17 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.04.25 18:17:17 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.04.25 18:17:16 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.25 18:17:16 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.25 18:17:15 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.04.25 18:17:15 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.25 18:17:15 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.25 18:17:15 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.04.25 18:17:15 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.04.25 18:17:15 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.25 18:17:14 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.25 18:17:14 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.25 18:17:14 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.04.25 18:17:14 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.04.25 18:17:14 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.25 18:17:14 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.04.25 18:17:14 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.25 18:17:14 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.25 18:17:13 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.25 18:17:13 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.25 18:17:13 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.04.25 18:17:13 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.04.25 18:17:12 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.25 18:17:12 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.04.25 18:17:12 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.25 18:17:12 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.04.25 18:17:12 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.04.25 18:17:11 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.04.25 18:17:11 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.25 18:17:11 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.04.25 18:17:11 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.25 18:17:11 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.04.25 18:17:10 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.04.25 18:17:10 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.04.25 18:17:10 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.25 18:17:10 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.25 18:10:02 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.04.25 18:03:59 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.04.25 17:21:30 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.18 22:11:25 | 000,319,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.25 20:18:43 | 000,000,680 | ---- | C] () -- C:\Users\Andrea1\AppData\Local\d3d9caps.dat [2011.04.25 20:17:26 | 000,002,078 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2011.04.25 20:14:48 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.25 20:14:44 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.25 18:17:14 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.04.25 18:03:59 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.04.25 18:03:59 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.04.25 17:21:30 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.15 17:30:15 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2010.11.15 17:10:14 | 000,058,163 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2010.01.06 17:40:15 | 000,164,284 | ---- | C] () -- C:\Windows\hpoins19.dat [2010.01.06 17:39:54 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat [2009.11.10 11:45:26 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2009.11.10 11:45:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2009.10.20 18:49:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.20 18:49:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008.09.20 18:24:10 | 000,000,095 | ---- | C] () -- C:\Users\Andrea1\AppData\Local\fusioncache.dat [2008.09.01 16:00:34 | 000,000,016 | ---- | C] () -- C:\Users\Andrea1\AppData\Roaming\mxfilerelatedcache.mxc2 [2008.09.01 16:00:30 | 000,000,016 | ---- | C] () -- C:\Users\Andrea1\AppData\Local\mxfilerelatedcache.mxc2 [2008.08.08 23:40:53 | 000,007,680 | ---- | C] () -- C:\Users\Andrea1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.08.06 16:55:21 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.08.05 14:34:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.08.04 17:22:07 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2008.08.04 17:22:07 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2008.08.04 17:22:07 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2008.08.04 17:22:07 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2008.08.04 17:18:47 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll [2008.02.22 11:34:00 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2008.02.18 17:58:18 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.02.18 17:44:09 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2008.02.18 17:44:09 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2008.02.18 17:44:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2008.02.18 17:44:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2008.02.18 17:44:09 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2008.02.18 17:44:09 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2008.02.18 16:57:01 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.02.18 16:55:43 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2008.02.18 16:55:43 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2008.02.18 16:55:43 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll [2008.02.18 16:55:43 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2008.01.21 09:15:58 | 000,679,420 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,148,770 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.07.18 18:42:42 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,319,616 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,638,542 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,121,908 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat < End of report > |
30.04.2011, 08:58 | #10 |
| TR/Kazy.mekml.1 Und hier der Extras.Txt:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.04.2011 09:43:04 - Run 3 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Andrea\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,97 Gb Total Space | 81,87 Gb Free Space | 54,96% Space Free | Partition Type: NTFS Drive E: | 147,66 Gb Total Space | 142,39 Gb Free Space | 96,43% Space Free | Partition Type: NTFS Computer Name: ANDREA-PC | User Name: Andrea1 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{086450C7-FB18-4B05-A872-1A5885A513B6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{33F1130D-06AF-4FF9-9E57-4FDB62CE1706}" = lport=139 | protocol=6 | dir=in | app=system | "{356D9BC7-7E1B-42CA-8799-F718C5F9043D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{53852064-3670-4063-ADB7-EFA2580DA6F5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{55B8FB4F-4A71-42C4-8747-E3A08CBCFC95}" = rport=445 | protocol=6 | dir=out | app=system | "{57669D3A-7C80-4D3D-BCAA-E7D32145A251}" = lport=445 | protocol=6 | dir=in | app=system | "{62B33F70-A522-4A40-98FD-5A62F9CE749D}" = rport=139 | protocol=6 | dir=out | app=system | "{758F3786-A41D-4EA7-BABA-B48F90D7468D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{75D1E3B1-D6E1-4608-8F60-6E9E7F6C81D3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{7FBEE97B-EEDA-4A57-B0D0-09C0774563C7}" = lport=137 | protocol=17 | dir=in | app=system | "{A79E88D7-4522-4812-9ADB-B816BF87116F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{A9C90BFD-12E2-4A44-BA81-68E289B85D65}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{AD349D8E-EC61-42A3-AEE7-2DD9D37C664C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{BD50C701-A3E4-422A-B67F-117CB6D5C1E3}" = lport=138 | protocol=17 | dir=in | app=system | "{D9BAE7F0-8AD2-4505-B32D-87DA937F2A47}" = rport=137 | protocol=17 | dir=out | app=system | "{EFAF438D-B37A-4FAB-A1CB-2964F00B4D20}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F27E365F-DDCB-49CD-9CA1-3C7918ED3515}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F3D9FF2F-3C79-4971-995B-29C4401A1F5C}" = rport=138 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1C725F8F-B010-49BB-99B0-797370A61D38}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | "{275D31F0-4A75-4760-9B97-C07344DF977B}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | "{32AD75AE-1E37-4E30-BDB0-A1F1815477B2}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{42437B29-3EE1-44B9-ABEE-A5378B67E0EA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4B968062-5AE0-4382-9B56-AEED7AF579C3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{559F2720-5B49-4E80-A6E5-E9CA0B85EB0B}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe | "{59B7B195-44C0-47A1-B94E-EE8105CC6471}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | "{850D89F1-6161-4D91-BEEA-A758EBA054A0}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{863B0C3B-AB8C-4875-BC81-5FAD643105F8}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{895B9336-F104-44F0-AC5B-46762939C60C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9108C2FA-1674-489C-B28C-9485D6CB8AD6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{97E5C94E-60FA-4558-A38C-699687D926C6}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{9B6AB200-65E9-4EA3-914F-6667333D6D58}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | "{A13B1D05-626B-4F90-A65C-57EADC9DF58D}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | "{BEC5F8D6-02E7-4F3E-B55C-49A704F4247E}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | "{C0F6F161-78A1-4483-89A7-F14FC7605BA6}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | "{D1EF1BFB-36F8-4C00-BCFA-B1712E3E78A0}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe | "{D79F9AF7-AE32-4B61-B2EB-488E1A1B0524}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{E0757288-CBBC-4347-B000-92912D547470}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{E3600A7D-337D-4B54-928B-7CDC406B27D8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{E500B1BD-BC1A-47F3-957F-3BB878EA6B97}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | "{F59B719A-8E86-4628-A797-0B55D87D4A0E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "TCP Query User{04EFC5B4-6CAF-41C0-B78C-B1BDF71BCC4C}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "TCP Query User{1A46F5CB-FADF-4034-8C60-F733F39D7D25}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "TCP Query User{3FBBD732-CB40-422A-92A8-572ED03CBC2E}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "TCP Query User{434C120E-0E9A-43E9-AF2C-CF51AF22FDED}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{52417E9E-737A-4499-B759-58BAE0F719C9}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{660046E7-F2F0-4AF8-9AF5-FA7A46165620}E:\spiele\counterstrike an wilkespc (192.168.0.55)\hl2.exe" = protocol=6 | dir=in | app=e:\spiele\counterstrike an wilkespc (192.168.0.55)\hl2.exe | "TCP Query User{776B2270-4922-4B43-A5D1-2DB4F09A468C}E:\spiele\mohaa\mohaa.exe" = protocol=6 | dir=in | app=e:\spiele\mohaa\mohaa.exe | "TCP Query User{9E2877AA-85FA-4F47-A0BF-F7CD9FFB9099}E:\spiele\cod 4\iw3mp.exe" = protocol=6 | dir=in | app=e:\spiele\cod 4\iw3mp.exe | "TCP Query User{B5BBB869-FD73-4F57-B332-B044704DE0EC}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{C7C808ED-439F-4F9B-A5E3-CC18D4297637}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | "TCP Query User{D8C1F7DE-E6D6-4040-BCD2-87AF73DF3E23}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | "UDP Query User{01224E14-4F3A-40C6-ADCB-0C7C484F12B7}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | "UDP Query User{3F7B55C9-DD98-4252-9682-445C33D09DA5}E:\spiele\mohaa\mohaa.exe" = protocol=17 | dir=in | app=e:\spiele\mohaa\mohaa.exe | "UDP Query User{47604929-AABE-4AE3-B713-2D1694D97A09}E:\spiele\counterstrike an wilkespc (192.168.0.55)\hl2.exe" = protocol=17 | dir=in | app=e:\spiele\counterstrike an wilkespc (192.168.0.55)\hl2.exe | "UDP Query User{71F8BA21-4EB5-4B93-8785-2F7638F5D9E1}E:\spiele\cod 4\iw3mp.exe" = protocol=17 | dir=in | app=e:\spiele\cod 4\iw3mp.exe | "UDP Query User{8FDFA437-ECCE-4908-8652-75243A054693}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{A3E26B06-C4C2-4AFA-86C5-15F17ABCAFAC}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{BE51F503-6D8C-4A12-B7C4-4985D2FDB78C}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{BEEC8CE4-91C5-4C82-8F0C-5219A47EFE07}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{CB6B70EF-9C05-43A2-9C35-9F01FBA72834}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | "UDP Query User{D5CBBE92-D331-4794-B257-490518B383DD}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{F4145CA6-DBA5-4C9B-83F6-98839812BEB2}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library "{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24 "{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision "{364EC092-93CF-4DDC-9D7A-7278452028E0}" = Logitech QuickCam "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc "{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password "{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder "{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax "{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista "{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator "{BE06114F-559D-11E0-B5A1-001D0926B1BF}" = Google Earth "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B "{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0 "{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{F1568757-E564-4cb5-8980-9333119A4384}" = F300 "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA "{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Azureus" = Azureus "CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP "EPSON BX525WD Series" = EPSON BX525WD Series Printer Uninstall "EPSON BX525WD Series Manual" = EPSON BX525WD Series Handbuch "EPSON BX525WD Series Network Guide" = EPSON BX525WD Series Netzwerk-Handbuch "EPSON Scanner" = EPSON Scan "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "FreePDF_XP" = FreePDF (Remove only) "GPL Ghostscript 8.70" = GPL Ghostscript 8.70 "HDMI" = Intel(R) Graphics Media Accelerator Driver "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "HPOCR" = HP OCR Software 8.0 "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder "InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "myphotobook" = myphotobook 3.5 "Picasa2" = Picasa 2 "QcDrv" = Logitech® Camera-Treiber "Redirection Port Monitor" = RedMon - Redirection Port Monitor "SynTPDeinstKey" = Synaptics Pointing Device Driver "Uninstall_is1" = Uninstall 1.0.0.1 "Winamp" = Winamp "Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox "Windows Media Encoder 9" = Windows Media Encoder 9-Reihe "ZonerPhotoStudio11_EN_is1" = Zoner Photo Studio 11 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 31.03.2011 12:50:31 | Computer Name = Andrea-PC | Source = WinMgmt | ID = 10 Description = Error - 04.04.2011 12:39:35 | Computer Name = Andrea-PC | Source = WinMgmt | ID = 10 Description = Error - 11.04.2011 13:24:15 | Computer Name = Andrea-PC | Source = WinMgmt | ID = 10 Description = Error - 17.04.2011 03:11:19 | Computer Name = Andrea-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6002.18005, Zeitstempel 0x49e01e78, fehlerhaftes Modul Flash10d.ocx, Version 10.0.42.34, Zeitstempel 0x4ae7baed, Ausnahmecode 0xc0000005, Fehleroffset 0x000b4234, Prozess-ID 0x1c90, Anwendungsstartzeit 01cbfcccb6cd0ad0. Error - 18.04.2011 16:11:45 | Computer Name = Andrea-PC | Source = WinMgmt | ID = 10 Description = Error - 22.04.2011 11:25:40 | Computer Name = Andrea-PC | Source = WinMgmt | ID = 10 Description = Error - 22.04.2011 11:26:38 | Computer Name = Andrea-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung tPaGgPbDdnkYyE.exe, Version 1.8.0.0, Zeitstempel 0x21475346, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18005, Zeitstempel 0x49e0380e, Ausnahmecode 0xc0000409, Fehleroffset 0x00065276, Prozess-ID 0xe84, Anwendungsstartzeit 01cc010172e0cbd8. Error - 22.04.2011 11:44:08 | Computer Name = Andrea-PC | Source = WinMgmt | ID = 10 Description = Error - 22.04.2011 11:44:09 | Computer Name = Andrea-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung LVPrcSrv.exe, Version 11.1.0.2021, Zeitstempel 0x46a05f1a, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f7d, Prozess-ID 0x15cc, Anwendungsstartzeit 01cc01041dae3906. Error - 22.04.2011 11:48:46 | Computer Name = Andrea-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung tPaGgPbDdnkYyE.exe, Version 1.8.0.0, Zeitstempel 0x21475346, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18005, Zeitstempel 0x49e0380e, Ausnahmecode 0xc0000409, Fehleroffset 0x00065276, Prozess-ID 0xf58, Anwendungsstartzeit 01cc01042f822066. [ System Events ] Error - 25.04.2011 16:15:17 | Computer Name = Andrea-PC | Source = Service Control Manager | ID = 7022 Description = Error - 25.04.2011 16:31:53 | Computer Name = Andrea-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002 Description = Error - 25.04.2011 16:32:58 | Computer Name = Andrea-PC | Source = DCOM | ID = 10016 Description = Error - 25.04.2011 16:32:59 | Computer Name = Andrea-PC | Source = DCOM | ID = 10016 Description = Error - 26.04.2011 11:20:15 | Computer Name = Andrea-PC | Source = DCOM | ID = 10010 Description = Error - 27.04.2011 14:00:30 | Computer Name = Andrea-PC | Source = DCOM | ID = 10010 Description = Error - 28.04.2011 12:28:43 | Computer Name = Andrea-PC | Source = Service Control Manager | ID = 7011 Description = Error - 28.04.2011 15:43:59 | Computer Name = Andrea-PC | Source = DCOM | ID = 10010 Description = Error - 29.04.2011 11:06:28 | Computer Name = Andrea-PC | Source = Service Control Manager | ID = 7011 Description = Error - 29.04.2011 17:27:54 | Computer Name = Andrea-PC | Source = DCOM | ID = 10010 Description = < End of report > |
01.05.2011, 12:18 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekml.1 Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O4 - HKU\S-1-5-21-4195781533-2231758657-602456709-1004..\Run: [tPaGgPbDdnkYyE] File not found :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu TR/Kazy.mekml.1 |
0x00000001, 32 bit, avgntflt.sys, avira, bho, browser, converter, desktop, ebay, error, excel, excel.exe, extras.txt, firefox, flash player, google, helper.exe, home, iexplore.exe, install.exe, location, logfile, mp3, object, officejet, oldtimer, otl.txt, picasa, plug-in, realtek, registry, saver, scan, sched.exe, security, server, shell32.dll, shortcut, skype.exe, software, start menu, svchost.exe, tr/kazy.mekml.1, unhide, usb, usb 2.0, vista |