Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
kazy.mekl Trojaner

kazy.mekl Trojaner


Log-Analyse und Auswertung: kazy.mekl Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Seite 1 von 2 1 2
Alt 06.05.2011, 19:29   #1
Pacitus
 
kazy.mekl Trojaner - Standard

kazy.mekl Trojaner


Hallo zusammen,

hab mir den Kazy.mekl eingefangen,leider nicht die erste Forenregel beachtet und die Schritte unternommen,die einem anderen User empfohlen wurden.Bin, was Computer angeht, leider unbedarft...
Ich bitte Euch um Hilfe!
Hier mein otl. scan:
OTL logfile created on: 23.04.2011 00:27:41 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Public
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,25 Gb Total Space | 51,83 Gb Free Space | 36,44% Space Free | Partition Type: NTFS
Drive D: | 6,80 Gb Total Space | 1,70 Gb Free Space | 25,02% Space Free | Partition Type: NTFS

Computer Name: PACITUS-PC | User Name: Pacitus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Public\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
PRC - C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
PRC - C:\Programme\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Users\Pacitus\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Napster\napster.exe (Napster)
PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - c:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - c:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
PRC - C:\Programme\Cleverlearn\CleverTrainer\CleverTrainer Desktop Tool\CLTDesktopTool.exe (Cleverlearn, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Public\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
SRV - (ISPwdSvc) -- c:\Program Files\Norton Internet Security\isPwdSvc.exe (Symantec Corporation)
SRV - (comHost) -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SymAppCore) -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (LVUVC) Logitech QuickCam E3500(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070430.018\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070430.018\NAVENG.SYS (Symantec Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070108.003\IDSvix86.sys (Symantec Corporation)
DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search-results.com?o=41648036&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Search-Results"
FF - prefs.js..browser.search.defaultenginename: "Search-Results"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.order.1: "Search-Results"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Search-Results"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.search-results.com?o=41648036&l=dis"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {C3947F4E-8894-4C04-98E0-DF182C706DDF}:1.1
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..keyword.URL: "hxxp://websearch.search-results.com/redirect?client=ff&src=kw&tb=STC-SRS&o=41648033&locale=de_DE&apn_uid=3E583D17-BE1E-4466-B700-361FBE572F8A&apn_ptnrs=96&apn_sauid=91C5242D-C615-40F1-B4B0-539F5FF03DD9&apn_dtid=YYYYYYYYDE&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.04.19 16:09:56 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010.12.30 00:54:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010.12.30 00:54:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.24 06:29:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 06:29:00 | 000,000,000 | ---D | M]

[2009.03.31 10:25:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Pacitus\AppData\Roaming\mozilla\Extensions
[2011.04.22 22:07:09 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Pacitus\AppData\Roaming\mozilla\Firefox\Profiles\zdvojdpi.default\extensions
[2011.04.19 16:10:40 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pacitus\AppData\Roaming\mozilla\Firefox\Profiles\zdvojdpi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.19 16:10:40 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\Pacitus\AppData\Roaming\mozilla\Firefox\Profiles\zdvojdpi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.04.19 16:10:41 | 000,000,000 | -H-D | M] (Webblog) -- C:\Users\Pacitus\AppData\Roaming\mozilla\Firefox\Profiles\zdvojdpi.default\extensions\{C3947F4E-8894-4C04-98E0-DF182C706DDF}
[2011.04.19 16:10:42 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\Pacitus\AppData\Roaming\mozilla\Firefox\Profiles\zdvojdpi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.04.19 16:10:40 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Users\Pacitus\AppData\Roaming\mozilla\Firefox\Profiles\zdvojdpi.default\extensions\moveplayer@movenetworks.com
[2011.04.19 23:18:35 | 000,000,000 | -H-D | M] (Softonic Toolbar) -- C:\Users\Pacitus\AppData\Roaming\mozilla\Firefox\Profiles\zdvojdpi.default\extensions\toolbar@ask.com
[2010.09.12 21:16:39 | 000,001,115 | -H-- | M] () -- C:\Users\Pacitus\AppData\Roaming\Mozilla\Firefox\Profiles\zdvojdpi.default\searchplugins\rapidshare-filefinder.xml
[2011.04.19 23:18:39 | 000,003,367 | -H-- | M] () -- C:\Users\Pacitus\AppData\Roaming\Mozilla\Firefox\Profiles\zdvojdpi.default\searchplugins\search-results.xml
[2010.12.28 15:17:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.11.15 18:23:46 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.08.30 09:15:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.28 15:17:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.12.30 00:54:49 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video&gt -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2010.12.30 00:54:50 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010.08.30 09:15:18 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.28 15:17:37 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.19 16:09:56 | 000,000,000 | -H-D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011.04.22 15:29:08 | 000,000,000 | -H-D | M] (No name found) -- C:\USERS\PACITUS\PROGRAM FILES\DNA
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.10.30 06:22:59 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.30 06:22:59 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.30 06:22:59 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.12.08 23:21:24 | 000,002,224 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\webblog.xml
[2010.10.30 06:22:59 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.30 06:22:59 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Webblog) - {C3947F4E-8894-4C04-98E0-DF182C706DDF} - C:\Programme\wbtooltb\wbtoolDx.dll ()
O2 - BHO: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Webblog) - {C3947F4E-8894-4C04-98E0-DF182C706DDF} - C:\Programme\wbtooltb\wbtoolDx.dll ()
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe (Symantec Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Pacitus\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [dlUnqaYBbo] File not found
O4 - HKCU..\Run: [msnmsgr] C:\Programme\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\HPSplash.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\HPSplash.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.04.23 00:16:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced PC Tweaker
[2011.04.23 00:16:50 | 000,000,000 | ---D | C] -- C:\Programme\Advanced PC Tweaker
[2011.04.20 00:15:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\MFAData
[2011.04.19 20:11:19 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com
[2011.04.19 20:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Data Recovery Wizard 5.0.1 Demo
[2011.04.19 20:09:33 | 000,000,000 | ---D | C] -- C:\Programme\EASEUS
[2011.04.19 20:08:42 | 003,856,864 | -H-- | C] (EASEUS ) -- C:\Users\Pacitus\Desktop\EaseusDataRecoveryWizard5.0.1.exe
[2011.04.17 10:34:21 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.04.17 10:34:19 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.17 10:34:18 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.04.17 10:34:17 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.17 10:34:17 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.04.17 10:34:17 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.04.17 10:34:17 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.04.17 10:34:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.17 10:34:14 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.17 10:34:14 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.04.17 10:34:14 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.04.17 10:34:13 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.04.17 10:34:13 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.17 10:34:13 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.17 10:34:13 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.17 10:34:12 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.17 10:34:12 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.17 10:34:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.04.17 10:34:12 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.17 10:34:11 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.04.17 10:34:11 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.17 10:34:10 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.17 10:34:10 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.04.17 10:34:10 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.04.17 10:34:09 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.17 10:34:08 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.17 10:34:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.17 10:34:07 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.04.17 10:34:06 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.04.17 10:34:06 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.17 10:34:06 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.04.17 10:34:06 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.04.17 10:34:06 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.04.17 10:34:05 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.17 10:34:05 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.04.17 10:34:04 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.17 10:34:03 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.04.17 10:34:03 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.04.17 10:34:03 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.15 12:16:34 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.15 12:16:33 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.15 12:16:24 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.15 12:16:23 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.15 12:16:11 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.15 12:15:47 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.11 20:55:12 | 000,000,000 | ---D | C] -- C:\Programme\MSECache
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.04.23 00:21:43 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.23 00:21:43 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.23 00:17:05 | 000,000,504 | ---- | M] () -- C:\Windows\tasks\One-Click Tweak.job
[2011.04.23 00:16:53 | 000,000,926 | ---- | M] () -- C:\Users\Pacitus\Desktop\Advanced PC Tweaker.lnk
[2011.04.23 00:16:53 | 000,000,881 | ---- | M] () -- C:\Users\Pacitus\Desktop\Advanced PC Tweaker 1-Click Tweak.lnk
[2011.04.23 00:06:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.23 00:06:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.22 23:42:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.22 16:41:22 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.04.22 15:30:39 | 000,000,150 | -H-- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011.04.22 15:28:12 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\WinMaximizer-Pacitus-Startup.job
[2011.04.22 15:27:30 | 2137,022,464 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.21 15:39:29 | 002,421,015 | ---- | M] () -- C:\Users\Pacitus\Documents\4775960.pdf
[2011.04.21 15:38:45 | 002,269,123 | ---- | M] () -- C:\Users\Pacitus\Documents\4774676.pdf
[2011.04.19 20:09:37 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\EASEUS Data Recovery Wizard 5.0.1 Demo.lnk
[2011.04.19 20:08:51 | 003,856,864 | -H-- | M] (EASEUS ) -- C:\Users\Pacitus\Desktop\EaseusDataRecoveryWizard5.0.1.exe
[2011.04.19 15:13:24 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.19 15:13:24 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.19 15:13:24 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.19 15:13:24 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.18 11:02:46 | 022,127,057 | -H-- | M] () -- C:\Users\Pacitus\Documents\selectionsfromla00gardrich.pdf
[2011.04.18 10:51:58 | 014,141,013 | -H-- | M] () -- C:\Users\Pacitus\Documents\fablesdephedreav00phae.pdf
[2011.04.17 10:34:49 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011.04.17 10:34:49 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011.04.17 10:34:21 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.04.17 10:34:19 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.17 10:34:18 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.04.17 10:34:17 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.17 10:34:17 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.04.17 10:34:17 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.04.17 10:34:17 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.04.17 10:34:16 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.17 10:34:14 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.17 10:34:14 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.04.17 10:34:14 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.04.17 10:34:13 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.04.17 10:34:13 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.17 10:34:13 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.17 10:34:13 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.04.17 10:34:13 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.17 10:34:12 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.17 10:34:12 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.17 10:34:12 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.04.17 10:34:12 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.17 10:34:11 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.04.17 10:34:11 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.17 10:34:10 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.17 10:34:10 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.04.17 10:34:10 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.04.17 10:34:09 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.17 10:34:08 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.17 10:34:07 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.17 10:34:07 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.04.17 10:34:06 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.04.17 10:34:06 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.17 10:34:06 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.04.17 10:34:06 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.04.17 10:34:06 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.04.17 10:34:05 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.17 10:34:05 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.04.17 10:34:04 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.17 10:34:03 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.04.17 10:34:03 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.04.17 10:34:03 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.17 10:26:10 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.04.16 10:16:50 | 000,321,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.13 23:06:15 | 000,023,552 | -H-- | M] () -- C:\Users\Pacitus\Documents\Politische Entwicklungslinien nach Cäsars Tod.wps
[2011.04.11 22:41:47 | 000,009,728 | -H-- | M] () -- C:\Users\Pacitus\Documents\Rom Arbeitsblatt 2b.wps
[2011.04.11 22:34:28 | 000,009,216 | -H-- | M] () -- C:\Users\Pacitus\Documents\Rom Arbeitsblatt 2.wps
[2011.04.10 13:00:21 | 001,673,544 | -H-- | M] () -- C:\Users\Pacitus\Documents\Milo.wps
[2011.04.10 12:44:11 | 015,493,087 | -H-- | M] () -- C:\Users\Pacitus\Documents\protanniomilonea00ciceuoft.pdf
[2011.04.09 23:59:32 | 000,070,996 | -H-- | M] () -- C:\Users\Pacitus\Desktop\tropen_und_figuren.pdf
[2011.04.09 23:28:13 | 001,206,582 | -H-- | M] () -- C:\Users\Pacitus\Desktop\hilfsbuch.pdf
[2011.04.09 11:42:04 | 000,181,848 | -H-- | M] () -- C:\Users\Pacitus\Documents\Pro Milone Text.wps
[2011.04.07 19:56:58 | 000,142,848 | -H-- | M] () -- C:\Users\Pacitus\Documents\Rom Figurenkonstellation u Charaktere.wps
[2011.04.07 07:39:41 | 000,012,288 | -H-- | M] () -- C:\Users\Pacitus\Documents\Rom Arbeitsblatt 1.wps
[2011.04.07 07:07:21 | 000,050,176 | -H-- | M] () -- C:\Users\Pacitus\Documents\Rom Caesargegner.wps
[2011.04.06 20:32:32 | 000,032,768 | -H-- | M] () -- C:\Users\Pacitus\Documents\Deponentien Übung.wps
[2011.03.24 22:32:33 | 000,009,216 | -H-- | M] () -- C:\Users\Pacitus\Documents\Geburtstagsliste.wps
[2011.03.24 18:35:12 | 000,009,728 | -H-- | M] () -- C:\Users\Pacitus\Documents\Registriern. Ritterbach.wps
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.04.23 00:17:04 | 000,000,504 | ---- | C] () -- C:\Windows\tasks\One-Click Tweak.job
[2011.04.23 00:16:53 | 000,000,926 | ---- | C] () -- C:\Users\Pacitus\Desktop\Advanced PC Tweaker.lnk
[2011.04.23 00:16:53 | 000,000,881 | ---- | C] () -- C:\Users\Pacitus\Desktop\Advanced PC Tweaker 1-Click Tweak.lnk
[2011.04.21 15:39:29 | 002,421,015 | ---- | C] () -- C:\Users\Pacitus\Documents\4775960.pdf
[2011.04.21 15:38:45 | 002,269,123 | ---- | C] () -- C:\Users\Pacitus\Documents\4774676.pdf
[2011.04.19 20:09:37 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\EASEUS Data Recovery Wizard 5.0.1 Demo.lnk
[2011.04.18 11:02:44 | 022,127,057 | -H-- | C] () -- C:\Users\Pacitus\Documents\selectionsfromla00gardrich.pdf
[2011.04.18 10:51:57 | 014,141,013 | -H-- | C] () -- C:\Users\Pacitus\Documents\fablesdephedreav00phae.pdf
[2011.04.17 10:34:13 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.04.13 23:06:15 | 000,023,552 | -H-- | C] () -- C:\Users\Pacitus\Documents\Politische Entwicklungslinien nach Cäsars Tod.wps
[2011.04.11 22:41:47 | 000,009,728 | -H-- | C] () -- C:\Users\Pacitus\Documents\Rom Arbeitsblatt 2b.wps
[2011.04.11 22:34:28 | 000,009,216 | -H-- | C] () -- C:\Users\Pacitus\Documents\Rom Arbeitsblatt 2.wps
[2011.04.11 20:59:31 | 000,002,080 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
[2011.04.10 12:56:56 | 001,673,544 | -H-- | C] () -- C:\Users\Pacitus\Documents\Milo.wps
[2011.04.10 12:44:10 | 015,493,087 | -H-- | C] () -- C:\Users\Pacitus\Documents\protanniomilonea00ciceuoft.pdf
[2011.04.09 23:59:32 | 000,070,996 | -H-- | C] () -- C:\Users\Pacitus\Desktop\tropen_und_figuren.pdf
[2011.04.09 23:28:13 | 001,206,582 | -H-- | C] () -- C:\Users\Pacitus\Desktop\hilfsbuch.pdf
[2011.04.09 11:42:03 | 000,181,848 | -H-- | C] () -- C:\Users\Pacitus\Documents\Pro Milone Text.wps
[2011.04.07 07:39:41 | 000,012,288 | -H-- | C] () -- C:\Users\Pacitus\Documents\Rom Arbeitsblatt 1.wps
[2011.04.07 07:07:20 | 000,050,176 | -H-- | C] () -- C:\Users\Pacitus\Documents\Rom Caesargegner.wps
[2011.04.06 21:13:15 | 000,142,848 | -H-- | C] () -- C:\Users\Pacitus\Documents\Rom Figurenkonstellation u Charaktere.wps
[2011.04.06 19:03:36 | 000,032,768 | -H-- | C] () -- C:\Users\Pacitus\Documents\Deponentien Übung.wps
[2011.03.24 18:35:12 | 000,009,728 | -H-- | C] () -- C:\Users\Pacitus\Documents\Registriern. Ritterbach.wps
[2010.11.15 18:25:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.11.15 16:44:50 | 000,081,110 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009.08.19 22:28:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.19 22:28:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.04.18 11:42:41 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009.04.18 11:42:41 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009.04.18 11:42:41 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009.04.18 11:42:41 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009.04.18 11:42:41 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009.04.18 11:42:41 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009.04.18 11:42:41 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009.04.18 11:42:41 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009.04.18 11:42:41 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009.04.18 11:42:41 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2009.04.18 11:42:41 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009.04.18 11:42:41 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009.04.18 11:42:41 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009.04.18 11:42:41 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009.04.18 11:42:41 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009.04.18 11:42:41 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2009.04.18 11:42:41 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2009.04.18 11:42:41 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009.04.18 11:42:41 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009.01.14 10:58:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.12.16 22:58:54 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2008.12.16 22:50:56 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLgFT.dll
[2008.08.21 19:53:45 | 000,000,680 | -H-- | C] () -- C:\Users\Pacitus\AppData\Local\d3d9caps.dat
[2008.07.10 15:27:08 | 000,001,639 | ---- | C] () -- C:\Windows\wininit.ini
[2008.07.10 15:23:01 | 000,000,326 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008.01.22 15:36:37 | 000,162,304 | -H-- | C] () -- C:\Users\Pacitus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.17 20:34:42 | 000,005,972 | -H-- | C] () -- C:\Users\Pacitus\AppData\Roaming\wklnhst.dat
[2007.07.04 19:12:44 | 000,111,045 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007.05.31 13:14:00 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2007.05.31 12:49:06 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007.05.31 12:01:22 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007.02.27 22:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.12.14 08:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.12.14 08:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006.11.02 17:33:31 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,321,208 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002.05.16 01:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll
[2002.05.04 15:19:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\avisynthEx.dll
[2002.04.21 20:30:14 | 000,151,552 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2002.04.19 16:23:26 | 000,106,137 | ---- | C] () -- C:\Windows\System32\libpostproc.dll
[2002.04.19 15:51:04 | 000,211,760 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2002.04.02 00:16:30 | 000,454,656 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
[2002.04.02 00:16:14 | 000,118,784 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2002.04.02 00:15:40 | 000,011,264 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2002.02.21 18:41:20 | 000,157,184 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2001.06.22 13:06:02 | 000,167,936 | ---- | C] () -- C:\Windows\System32\MPEG2DEC.dll

========== LOP Check ==========

[2011.04.19 16:10:38 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\BitTorrent
[2011.04.23 00:32:25 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\DNA
[2010.11.15 16:47:07 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\Leadertech
[2010.12.30 00:54:55 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\Local
[2007.12.17 20:34:43 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\Template
[2011.04.19 16:31:10 | 000,000,000 | -H-D | M] -- C:\Users\Pacitus\AppData\Roaming\UseNeXT
[2011.04.23 00:17:05 | 000,000,504 | ---- | M] () -- C:\Windows\Tasks\One-Click Tweak.job
[2011.04.21 01:10:40 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.04.22 15:28:12 | 000,000,312 | ---- | M] () -- C:\Windows\Tasks\WinMaximizer-Pacitus-Startup.job

========== Purity Check ==========



< End of report >
Alt 06.05.2011, 21:11   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
kazy.mekl Trojaner - Standard

kazy.mekl Trojaner


Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________

__________________
Alt 06.05.2011, 22:33   #3
Pacitus
 
kazy.mekl Trojaner - Standard

kazy.mekl Trojaner


Hallo Arne,

danke für deine schnelle Antwort.Hier die Dateien:OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 23.04.2011 00:27:41 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Public
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,25 Gb Total Space | 51,83 Gb Free Space | 36,44% Space Free | Partition Type: NTFS
Drive D: | 6,80 Gb Total Space | 1,70 Gb Free Space | 25,02% Space Free | Partition Type: NTFS
 
Computer Name: PACITUS-PC | User Name: Pacitus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{453127B5-B1BF-411E-AE30-B6E997BDF2ED}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F4C50519-F9E3-429B-B08D-EA90373F54A3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{253AA02D-3D99-4EDC-BFFB-DC217F5DF4AD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2D1AB1DF-3385-4D11-904E-77561DF9467E}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{30124AC4-69D2-4205-A58C-E53721219272}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{A850EECB-9815-4344-B1A4-0A905D758CC3}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{C0FF74E6-9EA2-490E-A41E-37C601778822}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{CF9A2E6A-632A-42BF-ABE4-2DC6294835EB}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"{E7CCBFC9-2816-46E6-8B36-9B1A2DB949B3}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"TCP Query User{31090036-AA79-41BE-A9C1-301888EE5DE9}C:\users\pacitus\appdata\local\temp\13719520174120.exe" = protocol=6 | dir=in | app=c:\users\pacitus\appdata\local\temp\13719520174120.exe | 
"TCP Query User{6E37D929-5246-4F4A-93B1-5DBD14C14621}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{9701A4E7-A8E7-4E70-805B-AB3746301A66}C:\users\pacitus\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\pacitus\program files\dna\btdna.exe | 
"TCP Query User{A56E1E1D-FE62-4102-B711-907FE747B6E1}C:\users\pacitus\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\pacitus\program files\dna\btdna.exe | 
"TCP Query User{A954BFDC-AF9C-4782-9781-4FD1933B0225}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"TCP Query User{AE362D25-D8BA-4A5A-8C11-985E05999825}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{1F433D26-CA95-4AF9-BCFC-48E8CBA16B40}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{21A4D0E6-5156-41D6-B498-8EABEE916571}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{4D69AD6A-517C-4A3D-B1BB-83DDEADD4D5C}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"UDP Query User{7382518E-4744-43C2-B1B3-B8AAFE29D2BD}C:\users\pacitus\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\pacitus\program files\dna\btdna.exe | 
"UDP Query User{897A21C1-896D-4BD3-BD18-F2CA5C373B26}C:\users\pacitus\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\pacitus\program files\dna\btdna.exe | 
"UDP Query User{ECA75CE3-BEF6-4862-8BF1-4C109E682B39}C:\users\pacitus\appdata\local\temp\13719520174120.exe" = protocol=17 | dir=in | app=c:\users\pacitus\appdata\local\temp\13719520174120.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 23
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 G2
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43101CA0-2A93-4482-83E9-E735F00FAAC2}" = CleverTrainer-Desktop Tool
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.2
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{584B0895-8EF3-4175-8E80-1B68BFA04636}" = HP Help and Support
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{66C1DD9B-02D8-4A31-B54C-FE8DC76F25D4}" = HP User Guides 0078
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{782F20EF-AEB4-4062-9614-750FE8FD2542}" = Vokabeltrainer-Update 3.0.32
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Search-Results Toolbar
"{8CC5F040-44F2-4FB7-9720-47F53F96D180}" = MSCU for Microsoft Vista
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B76A76EB-BCCA-4625-9C4C-1FFAE19E4772}" = ESU for Microsoft Vista
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe  1.6.43.1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F077A0AA-7D76-4A39-881E-0BAB00AF6F6E}" = Langenscheidt Vokabeltrainer 3.0 Englisch (OEM)
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced PC Tweaker_is1" = Advanced PC Tweaker v4.2
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Caesar 3" = Caesar 3
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045_SprtHDzm" = HDAUDIO Soft Data Fax Modem with SmartCP
"Digitale Bibliothek 4" = Digitale Bibliothek 4
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EASEUS Data Recovery Wizard 5.0.1 Demo_is1" = EASEUS Data Recovery Wizard 5.0.1 Demo
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"lvdrivers_11.90" = Logitech QuickCam-Treiberpaket
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"NimoCorp" = Nimo Codecs Pack v5.0 (Remove Only)
"RealPlayer 12.0" = RealPlayer
"Sierra-Dienstprogramme" = Sierra-Dienstprogramme
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"tulox" = tulox
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 1.1.7
"voxlatina" = Vox Latina - Vokabeltrainer Latein 1.0
"wbtooltb" = Webblog
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 17.12.2009 11:51:57 | Computer Name = Pacitus-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung explorer.exe, Version 6.0.6001.18164, Zeitstempel
 0x4907e242, fehlerhaftes Modul libavcodec.dll, Version 0.0.0.0, Zeitstempel 0x3cbfbe5a,
 Ausnahmecode 0xc0000094, Fehleroffset 0x00008235,  Prozess-ID 0x11b0, Anwendungsstartzeit
 01ca7f30c0eda148.
 
Error - 17.12.2009 11:52:51 | Computer Name = Pacitus-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung explorer.exe, Version 6.0.6001.18164, Zeitstempel
 0x4907e242, fehlerhaftes Modul libavcodec.dll, Version 0.0.0.0, Zeitstempel 0x3cbfbe5a,
 Ausnahmecode 0xc0000094, Fehleroffset 0x00008235,  Prozess-ID 0x940, Anwendungsstartzeit
 01ca7f30e0ca6618.
 
Error - 17.12.2009 11:54:10 | Computer Name = Pacitus-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung explorer.exe, Version 6.0.6001.18164, Zeitstempel
 0x4907e242, fehlerhaftes Modul libavcodec.dll, Version 0.0.0.0, Zeitstempel 0x3cbfbe5a,
 Ausnahmecode 0xc0000094, Fehleroffset 0x00008235,  Prozess-ID 0x838, Anwendungsstartzeit
 01ca7f3106ba5018.
 
Error - 17.12.2009 12:00:30 | Computer Name = Pacitus-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung explorer.exe, Version 6.0.6001.18164, Zeitstempel
 0x4907e242, fehlerhaftes Modul libavcodec.dll, Version 0.0.0.0, Zeitstempel 0x3cbfbe5a,
 Ausnahmecode 0xc0000094, Fehleroffset 0x00008235,  Prozess-ID 0x500, Anwendungsstartzeit
 01ca7f3131335c18.
 
Error - 17.12.2009 12:21:37 | Computer Name = Pacitus-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b14e, fehlerhaftes Modul libavcodec.dll, Version 0.0.0.0, Zeitstempel 0x3cbfbe5a,
 Ausnahmecode 0xc0000094, Fehleroffset 0x00008235,  Prozess-ID 0x478, Anwendungsstartzeit
 01ca7f3500750a28.
 
Error - 17.12.2009 12:38:26 | Computer Name = Pacitus-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b14e, fehlerhaftes Modul libavcodec.dll, Version 0.0.0.0, Zeitstempel 0x3cbfbe5a,
 Ausnahmecode 0xc0000094, Fehleroffset 0x00008235,  Prozess-ID 0x968, Anwendungsstartzeit
 01ca7f375893ceb8.
 
Error - 17.12.2009 12:38:36 | Computer Name = Pacitus-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b14e, fehlerhaftes Modul libavcodec.dll, Version 0.0.0.0, Zeitstempel 0x3cbfbe5a,
 Ausnahmecode 0xc0000094, Fehleroffset 0x00008235,  Prozess-ID 0xa4c, Anwendungsstartzeit
 01ca7f375ccc7ef8.
 
Error - 17.12.2009 12:43:34 | Computer Name = Pacitus-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung explorer.exe, Version 6.0.6001.18164, Zeitstempel
 0x4907e242, fehlerhaftes Modul libavcodec.dll, Version 0.0.0.0, Zeitstempel 0x3cbfbe5a,
 Ausnahmecode 0xc0000094, Fehleroffset 0x00008235,  Prozess-ID 0x143c, Anwendungsstartzeit
 01ca7f32280e2748.
 
Error - 17.12.2009 17:16:02 | Computer Name = Pacitus-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b14e, fehlerhaftes Modul libavcodec.dll, Version 0.0.0.0, Zeitstempel 0x3cbfbe5a,
 Ausnahmecode 0xc0000094, Fehleroffset 0x00008235,  Prozess-ID 0x140c, Anwendungsstartzeit
 01ca7f5e1f92f6f8.
 
Error - 17.12.2009 17:16:08 | Computer Name = Pacitus-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b14e, fehlerhaftes Modul libavcodec.dll, Version 0.0.0.0, Zeitstempel 0x3cbfbe5a,
 Ausnahmecode 0xc0000094, Fehleroffset 0x00008235,  Prozess-ID 0x78c, Anwendungsstartzeit
 01ca7f5e2549bbb8.
 
[ System Events ]
Error - 22.04.2011 15:56:02 | Computer Name = Pacitus-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.04.2011 15:56:08 | Computer Name = Pacitus-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.04.2011 15:56:13 | Computer Name = Pacitus-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.04.2011 15:56:19 | Computer Name = Pacitus-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.04.2011 15:56:24 | Computer Name = Pacitus-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.04.2011 15:56:30 | Computer Name = Pacitus-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.04.2011 15:56:36 | Computer Name = Pacitus-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.04.2011 15:56:41 | Computer Name = Pacitus-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.04.2011 15:56:46 | Computer Name = Pacitus-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 22.04.2011 15:56:52 | Computer Name = Pacitus-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
 
< End of report >
--- --- ---


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6422

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

23.04.2011 03:00:13
mbam-log-2011-04-23 (03-00-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 119511
Laufzeit: 1 Stunde(n), 7 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
__________________
Alt 07.05.2011, 14:28   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
kazy.mekl Trojaner - Standard

kazy.mekl Trojaner


Ist das das einzige Log von Malwarebytes? Wieviele Scans hast du damit gemacht?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.05.2011, 17:12   #5
Pacitus
 
kazy.mekl Trojaner - Standard

kazy.mekl Trojaner


Ich habe 2 Dateien nacheinander gepostet, das ist aber alles an scans, was ich gemacht habe.
Gruß
Pacitus


Alt 07.05.2011, 17:49   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
kazy.mekl Trojaner - Standard

kazy.mekl Trojaner


Ich hab danach gefragt wie oft du Malwarebytes hast durchlaufen lassen.
__________________
--> kazy.mekl Trojaner

Alt 07.05.2011, 19:38   #7
Pacitus
 
kazy.mekl Trojaner - Standard

kazy.mekl Trojaner


Einmal nur.
Gruß
Pacitus

Alt 07.05.2011, 19:49   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
kazy.mekl Trojaner - Standard

kazy.mekl Trojaner


Zitat:
23.04.2011 03:00:13
Dann mach bitte ein Update mit MBAM und einen neuen Vollscan, der letzte ist ja schon über 2 Wochen her.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.05.2011, 19:57   #9
Pacitus
 
kazy.mekl Trojaner - Standard

kazy.mekl Trojaner


Vollscan gerade gestartet,bis später

Alt 07.05.2011, 20:22   #10
Pacitus
 
kazy.mekl Trojaner - Standard

kazy.mekl Trojaner


Vollscan gerade gestartet,bis später

Alt 07.05.2011, 22:24   #11
Pacitus
 
kazy.mekl Trojaner - Standard

kazy.mekl Trojaner


Hier die logfiles des vollscans.



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6526

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

07.05.2011 23:21:35
mbam-log-2011-05-07 (23-21-35).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 293739
Laufzeit: 2 Stunde(n), 26 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 07.05.2011, 22:51   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
kazy.mekl Trojaner - Standard

kazy.mekl Trojaner


Du hast Malwarebytes jetzt also mehrere Male ausgeführt und es wurde niemals was gefunden?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.05.2011, 11:59   #13
Pacitus
 
kazy.mekl Trojaner - Standard

kazy.mekl Trojaner


Hi,

hab gestern spät nachts den vollscan pausiert, heute dann aber nochmals malware aktualisiert u den vollscan durchgeführt. hier die logdateien.

hier noch ein virus in Qurantäne;
Anbieter:Rogue. Agent.SA
Datum: 23.04.2011
Kategorie: Registry Value
Objekt:HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\Window...

Gruß und danke schonmal für die Hilfe!
Pacitus


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6530

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

08.05.2011 12:50:48
mbam-log-2011-05-08 (12-50-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 293780
Laufzeit: 2 Stunde(n), 29 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 08.05.2011, 14:16   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
kazy.mekl Trojaner - Standard

kazy.mekl Trojaner


Das beantwortet nun garnicht meine Frage...
Ich wollte wissen, ob Malwarebytes nun bisher nie was gefunden hat? Mehrere Male hast du es ja jetzt ausgeführt und da war niemals ein Fund bei?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.05.2011, 17:39   #15
Pacitus
 
kazy.mekl Trojaner - Standard

kazy.mekl Trojaner


Hallo Arne,

malwarebytes hat vor 14 tagen und auch später nix gefunden ,soweit ich weiß hier nun noch der 1. otl-scan(den habe ich leider noch gar nicht gepostet), danach waren die eigenen Dateien zwar wieder sichtbar, aber nicht zu öffnen.

All processes killed
========== OTL ==========
No active process named FpoJEykxWu.exe was found!
Error: No service named AppMgmt was found to stop!
Service\Driver key AppMgmt not found.
File File not found not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
File C:\Dokumente und Einstellungen\Computerfuxx\Desktop\Windows Recovery.lnk not found.
File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18145076r not found.
File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18145076 not found.
File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18145076 not found.
File C:\Dokumente und Einstellungen\Computerfuxx\Anwendungsdaten\mdbu.bin not found.
========== FILES ==========
File\Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FpoJEykxWu.exe not found.
File\Folder C:\Dokumente und Einstellungen\Computerfuxx\Startmenü\Programme\Windows Recovery not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Pacitus
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Pacitus
->Temp folder emptied: 271962007 bytes
->Temporary Internet Files folder emptied: 353259662 bytes
->Java cache emptied: 16651788 bytes
->FireFox cache emptied: 47507335 bytes
->Google Chrome cache emptied: 6658255 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 81920 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12676459 bytes
RecycleBin emptied: 422903406 bytes

Total Files Cleaned = 1.079,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04232011_005539

Files\Folders moved on Reboot...
File move failed. C:\Users\Pacitus\AppData\Local\Temp\ehmsas.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\logishrd\LVPrcInj03.dll not found!

Registry entries deleted on Reboot...

Ich hoffe, du weißt weiterhin Rat!
Antwort
Seite 1 von 2 1 2

Themen zu kazy.mekl Trojaner
.dll, adblock, antivir, autorun, avgntflt.sys, avira, bho, computer, data recovery, defender, desktop, error, explorer, firefox, format, google, home, launch, location, logfile, microsoft office word, mozilla, oldtimer, plug-in, realtek, registry, safer networking, scan, searchplugins, security, security scan, softonic, software, start menu, symantec, trojane, trojaner, vista


« AntiVir Fund: TR/Kazy.mekml.1 | Nachwirkungen von Win7 Antivir 2011 »


Ähnliche Themen: kazy.mekl Trojaner


  1. Gen:Variant.Kazy.88735 (B) ; TR/Kazy.88735.3 ; Artemis!F1ED8568AD5F ; TROJ_GEN.RCBH1IM
    Log-Analyse und Auswertung - 01.11.2012 (1)
  2. Deutsche Post Mail-Attacke - Live Platinum Trojaner + Kazy Trojaner
    Log-Analyse und Auswertung - 02.10.2012 (5)
  3. Mehrere Viren - kazy.mekml1, kazy.20967, crypt.zpack.gen,... Win Vista
    Plagegeister aller Art und deren Bekämpfung - 25.10.2011 (3)
  4. TR/Kazy.mekl.1 und Kazy3281 und Windows Recovery spinnt rum...
    Log-Analyse und Auswertung - 16.07.2011 (23)
  5. TR/Kazy.mekml.1 ; 'TR/FakeSysdef.A.621 ; 'TR/Kazy.22847'..
    Log-Analyse und Auswertung - 15.05.2011 (33)
  6. Kazy.mekml1 und TR/Kazy.22376.3
    Log-Analyse und Auswertung - 14.05.2011 (7)
  7. TR/Kazy.mekl.1 und Meldung "WTR Loader funktioniert nicht mehr"
    Log-Analyse und Auswertung - 07.05.2011 (23)
  8. Ich habe auch TR/Kazy/mekl.1
    Plagegeister aller Art und deren Bekämpfung - 06.05.2011 (1)
  9. TR/Kazy/mekl.1 - alles ist weg
    Plagegeister aller Art und deren Bekämpfung - 04.05.2011 (17)
  10. TR/Kazy.mekl.1 ebendfalls bei mir...
    Log-Analyse und Auswertung - 02.05.2011 (9)
  11. TR/Kazy.mekl.1 und Meldung "WTR Loader funktioniert nicht mehr"
    Log-Analyse und Auswertung - 02.05.2011 (21)
  12. Trojaner kazy.mekml.1 Avira meldet Trojaner schwarzer Bildschirm nichts geht mehr
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (22)
  13. TR/Kazy/mekl.1 - Auch mich hats erwischt - Alle Dateien weg
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (25)
  14. Trojaner kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 30.04.2011 (22)
  15. TR/Kazy/mekl.1 - Bin auch betroffen - Alle Dateien weg
    Plagegeister aller Art und deren Bekämpfung - 27.04.2011 (1)
  16. TR/Kazy/mekl.1 habe ich auch :(
    Plagegeister aller Art und deren Bekämpfung - 27.04.2011 (14)
  17. Osterei: TR/Kazy.mekml.1 und TR/Kazy.20364
    Log-Analyse und Auswertung - 25.04.2011 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema kazy.mekl Trojaner - Hallo zusammen, hab mir den Kazy.mekl eingefangen,leider nicht die erste Forenregel beachtet und die Schritte unternommen,die einem anderen User empfohlen wurden.Bin, was Computer angeht, leider unbedarft... Ich bitte Euch um - kazy.mekl Trojaner...
Archiv
Du betrachtest: kazy.mekl Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129