Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: tr/kazy.mekml.1' desktop dateien weg

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 22.04.2011, 10:09   #1
silvan
 
tr/kazy.mekml.1' desktop dateien weg - Standard

tr/kazy.mekml.1' desktop dateien weg



Hallo, habe seit dem 17.04.11. den oben genannten Virus.Habe malware durchlaufen lassen und die Schädlichen dateien gelöscht. Wie bekomme ich die Desktop Icons und meine persönlichen Dateien wieder her?
mfg

otl scan:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.04.2011 11:23:19 - Run 2
OTL by OldTimer - Version 3.2.22.3     Folder = c:\Users\silvan\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,08 Gb Total Space | 175,04 Gb Free Space | 60,76% Space Free | Partition Type: NTFS
 
Computer Name: SILVAN-PC | User Name: silvan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - c:\Users\silvan\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Common Files\Siemens\S7IEPG\s7oiehsx.exe (SIEMENS AG)
PRC - C:\Programme\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe (SIEMENS AG)
PRC - C:\Programme\Common Files\Siemens\S7UBTOOX\S7ubTstx.exe (SIEMENS AG)
PRC - C:\Programme\Siemens\Step7\S7BIN\s7hspsvx.exe (SIEMENS AG)
PRC - C:\Programme\Common Files\Siemens\SWS\almsrv\almsrvx.exe (SIEMENS AG)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()
PRC - C:\Programme\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Siemens\SQLANY\dbsrv9.exe (iAnywhere Solutions, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - c:\Users\silvan\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (NMIndexingService) --  File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (s7oiehsx) -- C:\Programme\Common Files\Siemens\S7IEPG\s7oiehsx.exe (SIEMENS AG)
SRV - (S7TraceServiceX) -- C:\Programme\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe (SIEMENS AG)
SRV - (s7hspsvx) -- C:\Programme\Siemens\Step7\S7BIN\s7hspsvx.exe (SIEMENS AG)
SRV - (almservice) -- C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe (SIEMENS AG)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (ETService) -- C:\Programme\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (S7opcsrtx) PROFINET IO RT-Protocol (LLDP) -- C:\Windows\System32\drivers\s7opcsrtx.sys (SIEMENS AG)
DRV - (SNTIE) SIMATIC Industrial Ethernet (ISO) -- C:\Windows\System32\drivers\SNTIE.SYS (SIEMENS AG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (s7snsrtx) -- C:\Windows\System32\drivers\s7snsrtx.sys (SIEMENS AG)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632
 
 
[2010.06.15 14:52:22 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\silvan\AppData\Roaming\mozilla\Extensions
[2009.06.20 16:08:31 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\silvan\AppData\Roaming\mozilla\Firefox\extensions
[2011.04.21 20:36:00 | 000,000,000 | -H-D | M] ("Ask Toolbar for Firefox") -- C:\Users\silvan\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010.06.15 14:52:51 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\silvan\AppData\Roaming\mozilla\Firefox\Profiles\41zqbzvq.default\extensions
[2011.04.21 20:36:00 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\silvan\AppData\Roaming\mozilla\Firefox\Profiles\41zqbzvq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Performance Center]  File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [S7UB Start] C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe (SIEMENS AG)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\EMACHINES\WR_PopUp\WarReg_PopUp.exe (eMachines)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]  File not found
O4 - HKCU..\Run: [msnmsgr]  File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.21 21:12:39 | 000,000,000 | ---D | C] -- C:\Users\silvan\AppData\Roaming\Malwarebytes
[2011.04.21 21:12:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.21 21:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.21 21:12:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.21 21:12:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.21 21:12:19 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.21 19:11:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.04.17 20:26:25 | 000,000,000 | -H-D | C] -- C:\Users\silvan\Desktop\motorrad
[2011.04.15 21:40:21 | 000,000,000 | -H-D | C] -- C:\Users\silvan\Desktop\auto musik
[2011.04.14 13:20:03 | 000,000,000 | -H-D | C] -- C:\Users\silvan\Desktop\meins 4
[2011.04.14 13:19:58 | 000,000,000 | -H-D | C] -- C:\Users\silvan\Desktop\meins 3
[2011.04.14 13:19:57 | 000,000,000 | -H-D | C] -- C:\Users\silvan\Desktop\K.I.Z - Hahnenkampf
[2011.04.14 13:19:52 | 000,000,000 | -H-D | C] -- C:\Users\silvan\Desktop\3OH3-Streets of Gold
[2011.04.14 13:19:46 | 000,000,000 | -H-D | C] -- C:\Users\silvan\Desktop\Katy_Perry_feat._Kanye_West_-_E.T.__The_Remixes-Promo-CDM-2011-UME
[2011.04.14 13:19:42 | 000,000,000 | -H-D | C] -- C:\Users\silvan\Desktop\Katy Perry - Teenage Dream [Ltd. Edition]
[2011.04.14 13:17:18 | 000,000,000 | -H-D | C] -- C:\Users\silvan\Desktop\Musik
[2009.06.16 14:03:56 | 000,126,976 | -H-- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.22 11:02:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.22 10:55:53 | 000,618,430 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.22 10:55:53 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.22 10:55:53 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.22 10:55:53 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.22 10:49:36 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.22 10:49:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.22 10:49:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.22 10:49:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.22 10:49:11 | 3147,841,536 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.21 21:12:25 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.17 00:44:48 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.04.15 23:05:01 | 000,001,647 | -H-- | M] () -- C:\Users\silvan\Documents\Geschäfte 2010.rtf
[2011.04.15 21:57:33 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMP3.dll
[2011.04.14 09:31:31 | 000,000,754 | -H-- | M] () -- C:\Users\silvan\Documents\ktt protokol teil 2.rtf
[2011.04.14 09:30:56 | 000,000,797 | -H-- | M] () -- C:\Users\silvan\Documents\ktt protokoll teil 12.rtf
[2011.04.14 09:27:28 | 000,000,704 | -H-- | M] () -- C:\Users\silvan\Documents\ktt protokoll teil 11.rtf
[2011.04.14 09:25:54 | 000,000,714 | -H-- | M] () -- C:\Users\silvan\Documents\ktt protokoll teil 10.rtf
[2011.04.14 09:23:50 | 000,000,688 | -H-- | M] () -- C:\Users\silvan\Documents\ktt protokoll teil 9.rtf
[2011.04.14 09:22:48 | 000,000,771 | -H-- | M] () -- C:\Users\silvan\Documents\ktt protokoll teil 8.rtf
[2011.04.14 09:19:24 | 000,000,749 | -H-- | M] () -- C:\Users\silvan\Documents\ktt protokoll teil 7.rtf
[2011.04.14 09:16:04 | 000,000,721 | -H-- | M] () -- C:\Users\silvan\Documents\ktt protokoll teil 6.rtf
[2011.04.14 09:13:52 | 000,000,752 | -H-- | M] () -- C:\Users\silvan\Documents\ktt protokoll teil 5.rtf
[2011.04.14 09:12:17 | 000,000,760 | -H-- | M] () -- C:\Users\silvan\Documents\ktt protokoll teil 3.rtf
[2011.04.14 09:11:52 | 000,000,730 | -H-- | M] () -- C:\Users\silvan\Documents\ktt protokoll teil 4.rtf
[2011.04.14 08:57:58 | 000,000,770 | -H-- | M] () -- C:\Users\silvan\Documents\ktt protokoll teil 1.rtf
[2011.04.14 08:55:26 | 000,000,770 | -H-- | M] () -- C:\Users\silvan\Documents\ktt arbeitsprotokoll vorlage.rtf
[2011.04.14 08:34:21 | 000,001,966 | -H-- | M] () -- C:\Users\silvan\Documents\ktt zeitplan.rtf
[2011.04.14 08:33:39 | 000,002,454 | -H-- | M] () -- C:\Users\silvan\Documents\ktt aufgabenstellung und ziel.rtf
[2011.04.14 08:30:07 | 000,538,483 | -H-- | M] () -- C:\Users\silvan\Documents\KTT Deckblatt.rtf
[2011.04.13 17:56:33 | 000,001,071 | -H-- | M] () -- C:\Users\silvan\Documents\ktt luftverbrauch.rtf
[2011.03.30 10:43:13 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2011.03.24 20:33:39 | 000,001,509 | -H-- | M] () -- C:\Users\silvan\Documents\streetfighter projekt.rtf
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.21 21:12:25 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.14 09:30:56 | 000,000,797 | -H-- | C] () -- C:\Users\silvan\Documents\ktt protokoll teil 12.rtf
[2011.04.14 09:27:28 | 000,000,704 | -H-- | C] () -- C:\Users\silvan\Documents\ktt protokoll teil 11.rtf
[2011.04.14 09:25:54 | 000,000,714 | -H-- | C] () -- C:\Users\silvan\Documents\ktt protokoll teil 10.rtf
[2011.04.14 09:23:50 | 000,000,688 | -H-- | C] () -- C:\Users\silvan\Documents\ktt protokoll teil 9.rtf
[2011.04.14 09:22:48 | 000,000,771 | -H-- | C] () -- C:\Users\silvan\Documents\ktt protokoll teil 8.rtf
[2011.04.14 09:19:24 | 000,000,749 | -H-- | C] () -- C:\Users\silvan\Documents\ktt protokoll teil 7.rtf
[2011.04.14 09:16:04 | 000,000,721 | -H-- | C] () -- C:\Users\silvan\Documents\ktt protokoll teil 6.rtf
[2011.04.14 09:13:52 | 000,000,752 | -H-- | C] () -- C:\Users\silvan\Documents\ktt protokoll teil 5.rtf
[2011.04.14 09:11:52 | 000,000,730 | -H-- | C] () -- C:\Users\silvan\Documents\ktt protokoll teil 4.rtf
[2011.04.14 09:09:36 | 000,000,760 | -H-- | C] () -- C:\Users\silvan\Documents\ktt protokoll teil 3.rtf
[2011.04.14 08:57:15 | 000,000,754 | -H-- | C] () -- C:\Users\silvan\Documents\ktt protokol teil 2.rtf
[2011.04.14 08:50:13 | 000,000,770 | -H-- | C] () -- C:\Users\silvan\Documents\ktt protokoll teil 1.rtf
[2011.04.14 08:42:13 | 000,000,770 | -H-- | C] () -- C:\Users\silvan\Documents\ktt arbeitsprotokoll vorlage.rtf
[2011.04.13 17:56:33 | 000,001,071 | -H-- | C] () -- C:\Users\silvan\Documents\ktt luftverbrauch.rtf
[2011.04.13 17:38:25 | 000,001,966 | -H-- | C] () -- C:\Users\silvan\Documents\ktt zeitplan.rtf
[2011.04.13 17:15:39 | 000,002,454 | -H-- | C] () -- C:\Users\silvan\Documents\ktt aufgabenstellung und ziel.rtf
[2011.04.13 16:52:56 | 000,538,483 | -H-- | C] () -- C:\Users\silvan\Documents\KTT Deckblatt.rtf
[2010.12.15 18:08:30 | 000,000,510 | -H-- | C] () -- C:\Windows\WORDPAD.INI
[2010.06.15 14:52:08 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2010.05.19 20:33:38 | 000,626,636 | ---- | C] () -- C:\Windows\System32\drivers\fw_5711.bin
[2010.03.08 21:17:34 | 000,417,792 | -H-- | C] () -- C:\Windows\System32\sn_regbase.dll
[2010.01.04 19:36:59 | 000,307,200 | -H-- | C] () -- C:\Windows\System32\AscSQLite.dll
[2009.12.13 18:58:34 | 000,000,049 | -H-- | C] () -- C:\Windows\NeroDigital.ini
[2009.11.19 15:27:34 | 000,018,432 | -H-- | C] () -- C:\Windows\System32\ep5711k.dll
[2009.11.19 15:27:26 | 000,021,504 | -H-- | C] () -- C:\Windows\System32\ep5711j.dll
[2009.11.13 22:20:17 | 000,000,118 | -H-- | C] () -- C:\Windows\System32\MRT.INI
[2009.09.25 22:12:59 | 000,000,032 | -H-- | C] () -- C:\Windows\CD-Start.INI
[2009.09.25 22:04:35 | 000,000,032 | -H-- | C] () -- C:\Windows\CD_Start.INI
[2009.09.11 18:39:06 | 000,001,494 | -H-- | C] () -- C:\Users\silvan\AppData\Roaming\wklnhst.dat
[2009.06.16 14:03:58 | 000,053,248 | -H-- | C] () -- C:\Windows\System32\dossec.dll
[2009.05.01 13:12:43 | 000,000,000 | -H-- | C] () -- C:\Users\silvan\AppData\Roaming\AVSMediaPlayer.m3u
[2009.05.01 13:09:15 | 000,524,288 | -H-- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.05.01 13:09:15 | 000,139,264 | -H-- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.01 09:10:42 | 000,466,976 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox2.dat
[2009.05.01 08:49:12 | 002,802,720 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2009.04.30 22:53:45 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009.04.30 00:22:17 | 000,157,184 | -H-- | C] () -- C:\Users\silvan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.30 00:19:54 | 000,017,089 | -H-- | C] () -- C:\Users\silvan\AppData\Roaming\UserTile.png
[2009.02.24 22:48:46 | 000,487,424 | -H-- | C] () -- C:\Windows\System32\INT15.dll
[2008.12.15 11:11:14 | 000,979,785 | ---- | C] () -- C:\Windows\System32\drivers\fpga5711.bin
[2008.08.15 10:16:26 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008.08.15 10:16:26 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008.08.15 10:16:25 | 000,495,376 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008.08.15 10:16:25 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.08.15 03:41:29 | 000,001,694 | -H-- | C] () -- C:\Windows\RtDefLvl.ini
[2008.08.15 01:14:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.08.15 01:14:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.08.15 00:53:34 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008.08.15 00:53:34 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008.08.15 00:53:34 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008.01.21 09:15:58 | 000,618,430 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.01.21 04:24:14 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,295,208 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2005.06.10 09:46:52 | 000,049,152 | RH-- | C] () -- C:\Windows\System32\FDT100.dll
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1999.07.16 15:37:56 | 000,136,704 | -H-- | C] () -- C:\Windows\System32\TDCTRL.dll
 
========== LOP Check ==========
 
[2009.04.30 00:53:13 | 000,000,000 | -H-D | M] -- C:\Users\silvan\AppData\Roaming\InterVideo
[2009.09.25 22:15:34 | 000,000,000 | -H-D | M] -- C:\Users\silvan\AppData\Roaming\Mobipocket
[2009.04.30 00:19:54 | 000,000,000 | -H-D | M] -- C:\Users\silvan\AppData\Roaming\PeerNetworking
[2009.08.02 17:50:09 | 000,000,000 | -H-D | M] -- C:\Users\silvan\AppData\Roaming\Sony
[2009.05.02 21:03:02 | 000,000,000 | -H-D | M] -- C:\Users\silvan\AppData\Roaming\Teleca
[2009.09.17 17:26:37 | 000,000,000 | -H-D | M] -- C:\Users\silvan\AppData\Roaming\Template
[2009.10.12 20:03:58 | 000,000,000 | -H-D | M] -- C:\Users\silvan\AppData\Roaming\TubeBox
[2011.04.22 10:48:03 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\silvan\Documents\Transporter 3.avi:TOC.WMV
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A696643D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:9B52F176
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:4BB26BE9
 
< End of report >
         
--- --- ---


OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 22.04.2011 11:23:19 - Run 2
OTL by OldTimer - Version 3.2.22.3     Folder = c:\Users\silvan\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,08 Gb Total Space | 175,04 Gb Free Space | 60,76% Space Free | Partition Type: NTFS
 
Computer Name: SILVAN-PC | User Name: silvan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{91E16396-BCC0-44C3-8873-A13739560E43}" = lport=4410 | protocol=6 | dir=in | name=automation license management | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B4366F0-F06D-4269-B5A0-264889231E14}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{0BEFB5F8-A1ED-49E8-A825-DEBAA0CA2D99}" = protocol=17 | dir=in | app=c:\program files\siemens\step7\s7inf\s7usiapx.exe | 
"{1294B9AE-7641-4406-A97B-9B301A0AD229}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{1F150D4E-3AF4-4AA9-9704-BE9995E88DB0}" = protocol=6 | dir=in | app=c:\windows\system32\s7otbxsx.exe | 
"{2B62C7C2-D0AC-4F8B-958D-17B76FDED352}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{374C3D4C-2629-4237-860A-F25C12B3CEBE}" = protocol=17 | dir=in | app=c:\program files\common files\siemens\sqlany\dbsrv9.exe | 
"{45F1E089-69A9-4593-AF4D-C8E9C343039C}" = protocol=6 | dir=in | app=c:\program files\common files\siemens\sqlany\dbsrv9.exe | 
"{462C9AA6-F140-40FB-BAF7-D2F50B141F75}" = protocol=17 | dir=in | app=c:\program files\siemens\step7\s7bin\s7tgtopx.exe | 
"{53D3A220-3C14-43F9-8465-CBEE43FA6249}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{833221D9-1738-4248-BF27-2C3A57432711}" = protocol=6 | dir=in | app=c:\program files\siemens\step7\s7inf\s7usiapx.exe | 
"{9E39A4AD-F179-42BD-85BD-56EE72C6EC49}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{A9D9A915-C200-406C-B2C9-9734F1FE939C}" = protocol=6 | dir=in | app=c:\program files\common files\siemens\sqlany\dbeng9.exe | 
"{B1AFDFF1-34B3-4ADE-AF85-EEF24E97DCE9}" = protocol=17 | dir=in | app=c:\windows\system32\s7otbxsx.exe | 
"{B5B0ECE9-FD02-4271-B592-E695F28988A0}" = protocol=6 | dir=in | app=c:\program files\siemens\step7\s7bin\s7tgtopx.exe | 
"{E0D6C147-CCCD-494D-AA4A-49ACD2BF3BBF}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{E4346B05-9C8A-42AB-833C-0BC0AEB1CDE0}" = protocol=17 | dir=in | app=c:\program files\common files\siemens\sqlany\dbeng9.exe | 
"{E4F77FD7-16D6-4ABD-A18B-C13CCE8A3581}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{F61BC81C-24A4-4E45-AD2B-B83A233D9121}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"TCP Query User{65F94EB8-58D8-43C8-9B3B-5732EBEEE9EC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{74D94887-A26D-4BF0-A73A-6C5ED96E4E15}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{134A51EB-1BBB-4249-BAF5-494C3D186A06}" = PKZIP Server for Windows 12.40.0008
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20AB57C7-FED7-4394-8166-A409DEA20253}" = TubeBox!
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A723249-F182-4FB5-B6FA-FB756B43055C}" = SIMATIC S7-Web2PLC
"{5A723249-F182-4FB5-B6FA-FB756B43055C}Web2PLC" = SIMATIC S7-Web2PLC V1.0  
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = eMachines ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}" = eMachines
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110305887}" = Diner Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111265347}" = Luxor
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113537610}" = Build-a-lot
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113772953}" = Amazing Adventures The Lost Tomb
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11386547}" = Farm Frenzy
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CD0B297-122D-4718-9CE1-B72E796F7B21}" = Sony Ericsson Media Manager 1.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B3372270-9C79-42D7-BF46-00755A0C1A87}" = SIMATIC  STEP 7
"{B3372270-9C79-42D7-BF46-00755A0C1A87}STEP7" = SIMATIC  STEP 7 V5.5  
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{C111BA56-9ACF-42FD-92D6-ED75618AB22E}" = SIMATIC S7-PCT
"{C111BA56-9ACF-42FD-92D6-ED75618AB22E}S7PCT" = SIMATIC S7-PCT V2.1  
"{C6DA0296-91D1-4926-BC53-6E21BD80FCA5}" = Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{E85D273D-7191-4232-99C8-FA1703A384D1}" = Siemens Automation License Manager
"{E85D273D-7191-4232-99C8-FA1703A384D1}LicenseManager" = Siemens Automation License Manager V5.0 + SP1  
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Ask Toolbar_is1" = Ask Toolbar
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Media Player_is1" = AVS Media Player 3.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Bilder-CD Fachkunde Metall_is1" = Bilder-CD Fachkunde Metall, 55. Auflage - Einzellizenz
"DraftBoard" = DraftBoard Pocket
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.2
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"LManager" = Launch Manager
"LOGO!Soft Comfort V6.1" = LOGO!Soft Comfort V6.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Power Commander 3 Usb_is1" = Power Commander Control Center 3.2.0 (Test Build 1)
"RAR File Open Knife - Free Opener" = RAR File Open Knife - Free Opener
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualCloneDrive" = VirtualCloneDrive
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.04.2011 13:48:15 | Computer Name = silvan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.04.2011 13:28:21 | Computer Name = silvan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.04.2011 12:26:44 | Computer Name = silvan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.04.2011 13:35:23 | Computer Name = silvan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.04.2011 14:30:48 | Computer Name = silvan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.04.2011 10:35:21 | Computer Name = silvan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.04.2011 10:55:39 | Computer Name = silvan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.04.2011 13:34:42 | Computer Name = silvan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.04.2011 10:19:05 | Computer Name = silvan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.04.2011 10:29:17 | Computer Name = silvan-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 21.04.2011 14:16:50 | Computer Name = silvan-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 21.04.2011 14:43:37 | Computer Name = silvan-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 21.04.2011 14:48:42 | Computer Name = silvan-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 22.04.2011 04:34:45 | Computer Name = silvan-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 22.04.2011 04:34:45 | Computer Name = silvan-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 22.04.2011 04:34:45 | Computer Name = silvan-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 22.04.2011 04:34:45 | Computer Name = silvan-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 22.04.2011 04:34:45 | Computer Name = silvan-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 22.04.2011 04:34:45 | Computer Name = silvan-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 22.04.2011 04:49:22 | Computer Name = silvan-PC | Source = HTTP | ID = 15016
Description = 
 
 
< End of report >
         
--- --- ---


habe mit unhide alles wieder hergestellt, woher weiss ich nun dass der virus weg ist?
mfg

Alt 25.04.2011, 14:25   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tr/kazy.mekml.1' desktop dateien weg - Standard

tr/kazy.mekml.1' desktop dateien weg



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________

__________________

Antwort

Themen zu tr/kazy.mekml.1' desktop dateien weg
alternate, askbar, avgntflt.sys, dateien, dateien weg, desktop, emachines, icons, igoogle, install.exe, intranet, launch, location, malware, oldtimer, persönliche, persönlichen, saver, sched.exe, schädliche, schädlichen, shell32.dll, shortcut, start menu, tr/kazy.mekml.1, unhide



Ähnliche Themen: tr/kazy.mekml.1' desktop dateien weg


  1. Windows Vista: Kazy.mekml.1 , Festplattenschaden, Dateien weg
    Log-Analyse und Auswertung - 01.12.2013 (25)
  2. TR/Kazy.mekml.1 (Windows System alert + schwarzer Desktop)
    Log-Analyse und Auswertung - 23.05.2011 (1)
  3. Tr/Kazy.mekml.1 Desktop leer
    Log-Analyse und Auswertung - 22.05.2011 (7)
  4. TR/Kazy.mekml.1 - Grad der Infizierung nach Löschung zweier Trojaner-Exe-Dateien
    Log-Analyse und Auswertung - 17.05.2011 (17)
  5. TR/Kazy.mekml.1 Festplatten-Fehlermeldungen, Desktop schwarz, Dateien verschwunden
    Log-Analyse und Auswertung - 12.05.2011 (13)
  6. TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt!
    Log-Analyse und Auswertung - 02.05.2011 (18)
  7. TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt
    Log-Analyse und Auswertung - 02.05.2011 (27)
  8. TR/Kazy.mekml.1, Festplatte beschädigt, Dateien nicht sichtbar
    Log-Analyse und Auswertung - 29.04.2011 (7)
  9. TR/Kazy.mekml.1 eigefangen, Desktop schwarz, Dateien versteckt :(
    Log-Analyse und Auswertung - 29.04.2011 (6)
  10. Festplatten-Fehlermeldungen, Desktop schwarz, Dateien verschwunden, wohl auch TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (7)
  11. TR/Kazy.mekml.1 - Dateien verschwunden,
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (1)
  12. TR/Kazy.mekml.1 , Eigene Dateien weg, Desktop futsch,....
    Log-Analyse und Auswertung - 28.04.2011 (1)
  13. TR/Kazy.mekml.1 (Eigene Datein unsichtbar, Festplattenfehler, Desktop schwarz...)
    Plagegeister aller Art und deren Bekämpfung - 27.04.2011 (9)
  14. tr kazy.mekml.1 - dateien wieder sichtbar machen
    Plagegeister aller Art und deren Bekämpfung - 23.04.2011 (9)
  15. TR/Kazy.mekml.1 Festplatten-Fehlermeldungen, Desktop schwarz, Dateien verschwunden
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (12)
  16. TR/kazy.mekml, Festplatte beschädigt, Dateien weg
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (11)
  17. TR/Kazy.mekml.1: Festplatten-Fehlermeldungen, Desktop schwarz, Dateien verschwunden
    Mülltonne - 21.04.2011 (1)

Zum Thema tr/kazy.mekml.1' desktop dateien weg - Hallo, habe seit dem 17.04.11. den oben genannten Virus.Habe malware durchlaufen lassen und die Schädlichen dateien gelöscht. Wie bekomme ich die Desktop Icons und meine persönlichen Dateien wieder her? mfg - tr/kazy.mekml.1' desktop dateien weg...
Archiv
Du betrachtest: tr/kazy.mekml.1' desktop dateien weg auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.