| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Kazy.mekml.1' [trojan] / daten wegWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
13.05.2011, 16:48
| #1 |
 | ![TR/Kazy.mekml.1' [trojan] / daten weg - Standard](images/icons/icon1.gif){kind=icon} TR/Kazy.mekml.1' [trojan] / daten weg Punkt 1 . Weiss nicht ob ich es richtig gemacht habe .. Ich hoffe doch =) |
|
13.05.2011, 16:49
| #2 |
| | TR/Kazy.mekml.1' [trojan] / daten weg Punkt 2
__________________Code:
ATTFilter OTL Extras logfile created on: 13.05.2011 17:38:02 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\claudi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76,00 Gb Total Space | 18,16 Gb Free Space | 23,89% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 232,79 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
Drive E: | 148,09 Gb Total Space | 148,00 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Computer Name: CLAUDI-PC | User Name: claudi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1611208305-4044436594-1985091819-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D8D3DB5-1E7C-49F8-A5F3-FCF7FEA74143}" = rport=139 | protocol=6 | dir=out | app=system |
"{1430B45F-9F17-485F-8204-C9134987CDDC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1E6EFC79-2601-48CD-8412-E94F9C150C6A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{210F5A06-DF2C-46CD-8C07-38D2F6E2DD99}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{316599B5-42AB-4CCB-BADC-16FB208D9A12}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4E24379D-90AA-429B-ADD7-7E4819C43BB2}" = lport=445 | protocol=6 | dir=in | app=system |
"{4EC3B61F-0711-4DA8-8A74-DF1E88F18F1E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{50378E7F-822B-4956-8C8D-C1AE5D4A5E60}" = rport=138 | protocol=17 | dir=out | app=system |
"{7542D7FC-C0C5-4C98-92D0-676F175BEBD0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{99B3637B-0516-44ED-94CC-C27DA3846F83}" = lport=138 | protocol=17 | dir=in | app=system |
"{9AADB4BC-0D96-4419-BD1D-08ED557DDC0D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A1392A30-DE9E-463C-87EF-6D031BC9BEEE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BF3CE801-FDC8-46EA-B9FA-F067D8053CA9}" = lport=139 | protocol=6 | dir=in | app=system |
"{D0721B60-CA28-4771-8098-37E7D57E1F8C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D6B417C1-C31D-471A-BDC8-7AE34479691D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D9E016B0-CDEA-45AC-81D8-E92710E921F4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DA6C308D-796B-46B7-8602-6CB3D11F045A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F2A45ACD-4A92-4847-A14F-389C0532E9A6}" = rport=445 | protocol=6 | dir=out | app=system |
"{F36EE01E-0A24-4639-9FC1-39B374A15EA4}" = rport=137 | protocol=17 | dir=out | app=system |
"{F53A8393-6254-43D5-957F-3F067EDF3F3D}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{20D29862-97CE-4633-95D3-A247FCCD17E3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{25207D78-2684-43F5-A46C-05D1BA33E747}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{270DD7B9-07F2-4AB5-B88D-07B3BAA4FF2D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{31DACB2E-0BD4-4DDF-9853-84587A465C51}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{4244372D-152A-4DFE-9AA2-18417E2758D5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{44F9BED5-CE6E-49AB-AD19-3594A640CA11}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{492B1CA9-F43C-400D-9998-380586E5D998}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{799759C8-89E0-4BB0-A79C-BE852AD94BDC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{85ABFA07-E74C-4A65-BDCE-8A5B21E64FED}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{879576D7-DAD7-48E4-B8E7-958C671E8BAF}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{8FC06EF2-58E5-46CB-B674-00F5031FC32B}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{96FDF84E-69D6-4CEA-B2D1-657C6F904C84}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{9E103DBE-1AAB-4FE1-8C75-F21049A0F717}" = dir=in | app=c:\program files\cyberlink\powerdv\powerdv.exe |
"{A5589E58-3262-4629-80EF-6787EAB185D3}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{B7C37002-2A9F-4CC4-94AC-494CB089537E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{BBC6648F-9C14-4E6A-B4E4-F2A47525ADE1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F342F7FC-B765-41B9-8705-D64172B1A869}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{F6117A02-5C29-43AD-BCE2-9019A345B682}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{F980F48E-2A93-4A69-9836-94C6C1762500}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FC5F06FC-B7A6-4CE1-8AC8-CDE426C779B7}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"TCP Query User{0C3318AE-D948-4392-9F7D-0248487C29B2}C:\windows\system32\presentationhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\presentationhost.exe |
"TCP Query User{225C5713-6EF2-4974-897C-7E9D91F0E99A}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"TCP Query User{410C82D6-E7F1-4BC3-8C97-237CB7DCECCC}C:\program files\gamespy arcade\aphex.exe" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"TCP Query User{4EC0BFB9-4602-4BDC-9875-B7AF52A2D493}C:\program files\egames\mahjongg master 5\mjm5.exe" = protocol=6 | dir=in | app=c:\program files\egames\mahjongg master 5\mjm5.exe |
"TCP Query User{6542C9B2-35B3-452D-A40E-5066B9491341}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{E41548DC-B941-4D5E-BD4B-B9B328F2DBEA}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{26EB8226-07D7-423B-B223-2211236AF6FE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{2DD19D4C-7B4B-4188-B00F-400FB8F36550}C:\program files\egames\mahjongg master 5\mjm5.exe" = protocol=17 | dir=in | app=c:\program files\egames\mahjongg master 5\mjm5.exe |
"UDP Query User{43D65C2F-189A-4FD8-967A-5CE1E3C1E262}C:\program files\gamespy arcade\aphex.exe" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"UDP Query User{722C3052-5B1E-4F4B-A890-0E6A1F68DF4C}C:\windows\system32\presentationhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\presentationhost.exe |
"UDP Query User{8BA92DD3-0CAF-48AD-B704-8091A1938664}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{A2A1B29C-ED41-4F60-B6EC-A59007B6A386}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Hama Wireless LAN Adapter
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = WebCam
"{4C3EF687-803F-4825-B815-04AE32DDEB41}" = YAVIDO
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AFCF8B-3C53-49A2-8456-E637021B1031}" = Nero 8 Essentials
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.1 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B804C424-B66D-447A-84BD-C6B88C392C3A}" = PowerDV
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C87BC0B7-2BB8-49D1-8CE0-EB0410EF0938}" = SystemDiagnostics
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3621EAA-00D6-4791-97BF-7E8EE3437BF2}" = Visualizer Photo Resize
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{EB863CFD-6889-47B0-9D79-492DE0D07EE7}" = OSDInstall
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe
"Deep Paint" = Deep Paint
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Audio Converter_is1" = Free Audio Converter version 1.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.2.5 Standard
"MahJongg Master 5_is1" = MahJongg Master 5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Obscure2" = Obscure 2
"Picasa 3" = Picasa 3
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 19.04.2010 09:37:01 | Computer Name = claudi-PC | Source = NormanNPT | ID = 131073
Description =
Error - 19.04.2010 10:37:08 | Computer Name = claudi-PC | Source = NormanNPT | ID = 131073
Description =
Error - 19.04.2010 11:37:11 | Computer Name = claudi-PC | Source = NormanNPT | ID = 131073
Description =
Error - 19.04.2010 14:49:03 | Computer Name = claudi-PC | Source = NormanNPT | ID = 131073
Description =
Error - 19.04.2010 15:50:29 | Computer Name = claudi-PC | Source = NormanNPT | ID = 131073
Description =
Error - 19.04.2010 16:50:00 | Computer Name = claudi-PC | Source = NormanNPT | ID = 131073
Description =
Error - 19.04.2010 17:50:04 | Computer Name = claudi-PC | Source = NormanNPT | ID = 131073
Description =
Error - 19.04.2010 18:50:08 | Computer Name = claudi-PC | Source = NormanNPT | ID = 131073
Description =
Error - 19.04.2010 19:50:14 | Computer Name = claudi-PC | Source = NormanNPT | ID = 131073
Description =
Error - 19.04.2010 20:50:26 | Computer Name = claudi-PC | Source = NormanNPT | ID = 131073
Description =
[ System Events ]
Error - 12.05.2011 05:33:42 | Computer Name = claudi-PC | Source = DCOM | ID = 10005
Description =
Error - 12.05.2011 05:33:42 | Computer Name = claudi-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 12.05.2011 05:33:42 | Computer Name = claudi-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 12.05.2011 05:33:42 | Computer Name = claudi-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 12.05.2011 05:33:42 | Computer Name = claudi-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 12.05.2011 11:24:54 | Computer Name = claudi-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 13.05.2011 06:52:24 | Computer Name = claudi-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 13.05.2011 06:59:30 | Computer Name = claudi-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 13.05.2011 07:54:00 | Computer Name = claudi-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 13.05.2011 um 12:59:46 unerwartet heruntergefahren.
Error - 13.05.2011 07:54:34 | Computer Name = claudi-PC | Source = Service Control Manager | ID = 7034
Description =
< End of report >
Code:
ATTFilter OTL logfile created on: 13.05.2011 17:38:02 - Run 3 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\claudi\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 76,00 Gb Total Space | 18,16 Gb Free Space | 23,89% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 232,79 Gb Free Space | 99,96% Space Free | Partition Type: NTFS Drive E: | 148,09 Gb Total Space | 148,00 Gb Free Space | 99,94% Space Free | Partition Type: NTFS Computer Name: CLAUDI-PC | User Name: claudi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.27 13:29:09 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.24 22:08:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\claudi\Desktop\OTL.exe PRC - [2011.03.17 15:15:38 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.11.06 22:55:40 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.04.16 23:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2010.01.14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.03.14 10:48:00 | 001,085,440 | ---- | M] (Hama GmbH & Co KG) -- C:\Programme\Hama\Common\RaUI.exe PRC - [2008.02.29 14:13:12 | 000,307,200 | ---- | M] (Fujitsu Siemens Computers) -- C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe PRC - [2008.02.26 03:23:34 | 000,443,968 | ---- | M] (Google Inc.) -- C:\Programme\Picasa2\PicasaMediaDetector.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.09.20 16:32:50 | 000,561,152 | ---- | M] (C&E) -- C:\Programme\C&E\OSD\osd.exe PRC - [2007.06.04 15:20:38 | 000,065,536 | ---- | M] () -- C:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe PRC - [2007.05.10 17:10:06 | 004,468,736 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006.11.22 18:31:26 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe ========== Modules (SafeList) ========== MOD - [2011.04.24 22:08:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\claudi\Desktop\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.04.27 13:29:09 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.17 15:15:38 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2008.12.13 18:54:33 | 000,104,944 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2008.02.29 14:13:12 | 000,307,200 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.09.03 17:01:50 | 000,053,248 | ---- | M] () [Auto | Stopped] -- C:\Programme\C&E\OSD\OsdService\OsdService.exe -- (OsdService) SRV - [2007.06.04 15:20:38 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe -- (FSCLBaseUpdaterService) SRV - [2006.11.02 14:36:18 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\iprip.dll -- (iprip) ========== Driver Services (SafeList) ========== DRV - [2011.05.05 14:24:08 | 000,011,264 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\uzm2mzyy.sys -- (uzm2mzyy) DRV - [2011.03.17 15:15:38 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.26 14:04:45 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.09.01 08:19:18 | 009,825,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.05.11 11:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.13 13:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.12.08 18:08:54 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2008.12.08 18:08:54 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2008.05.27 13:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ahcix86s.sys -- (ahcix86s) DRV - [2007.09.24 12:09:10 | 000,464,384 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73) DRV - [2007.09.04 16:20:00 | 000,005,120 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Programme\C&E\OSD\OsdService\cebuffer.sys -- (CEBFilter) DRV - [2007.08.31 16:18:06 | 000,004,608 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Programme\C&E\OSD\OsdService\ceio.sys -- (CEIO) DRV - [2007.08.31 14:22:26 | 000,007,168 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Programme\C&E\OSD\OsdService\kbfiltr.sys -- (cKBFilter) DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID) DRV - [2007.06.01 16:10:38 | 000,753,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonCam.sys -- (Cam5603D) DRV - [2007.05.23 23:26:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5) DRV - [2007.04.30 13:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.04.04 05:57:00 | 000,046,592 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir) DRV - [2007.02.25 06:14:00 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.01.30 09:31:52 | 000,210,224 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Si3531.sys -- (Si3531) DRV - [2006.11.22 18:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2006.10.18 13:20:00 | 000,005,504 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiRemFil.sys -- (SiRemFil) DRV - [2004.11.01 10:21:00 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.06 19:52:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.06 19:52:47 | 000,000,000 | ---D | M] [2008.09.28 21:52:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\claudi\AppData\Roaming\mozilla\Extensions [2011.05.06 19:30:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\claudi\AppData\Roaming\mozilla\Firefox\Profiles\r120y33r.default\extensions [2009.09.03 20:11:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\claudi\AppData\Roaming\mozilla\Firefox\Profiles\r120y33r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.02.22 07:57:26 | 000,000,681 | ---- | M] () -- C:\Users\claudi\AppData\Roaming\Mozilla\Firefox\Profiles\r120y33r.default\searchplugins\ask.xml [2010.07.05 22:23:20 | 000,002,385 | ---- | M] () -- C:\Users\claudi\AppData\Roaming\Mozilla\Firefox\Profiles\r120y33r.default\searchplugins\askcom.xml [2010.04.04 18:02:24 | 000,000,873 | ---- | M] () -- C:\Users\claudi\AppData\Roaming\Mozilla\Firefox\Profiles\r120y33r.default\searchplugins\conduit.xml [2009.03.15 08:31:05 | 000,001,632 | ---- | M] () -- C:\Users\claudi\AppData\Roaming\Mozilla\Firefox\Profiles\r120y33r.default\searchplugins\live-search.xml [2011.04.29 15:00:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.04.29 15:00:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2008.10.18 17:20:28 | 000,000,000 | ---D | M] (BearShare MediaBar) -- C:\Programme\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} File not found (No name found) -- [2008.10.11 13:26:51 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2011.04.29 15:00:51 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2011.05.06 19:52:44 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2011.04.29 15:00:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2006.09.26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll [2011.05.06 19:52:46 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.05.06 19:52:46 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2011.05.06 19:52:46 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.05.06 19:52:46 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.05.06 19:52:46 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.05.06 19:52:46 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( ) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NPCTray] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OSD] C:\Programme\C&E\OSD\osd.exe (C&E) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKCU..\Run: [recinfo] c:\RecInfo\recinfo.exe (fsc) O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet) O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} hxxp://messenger.zone.msn.com/binary/MJSS.cab69309.cab () O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 78.42.43.62 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\claudi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\claudi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{534430e6-4595-11e0-9df0-00030d806c6d}\Shell - "" = AutoRun O33 - MountPoints2\{534430e6-4595-11e0-9df0-00030d806c6d}\Shell\AutoRun\command - "" = G:\KODAK_Software_Downloader.exe O33 - MountPoints2\{bcc0a432-9718-11de-a4a7-00030d97cd5f}\Shell\AutoRun\command - "" = G:\Menu.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.13 16:34:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2011.05.13 12:58:34 | 000,000,000 | --SD | C] -- C:\claudipertra.exe [2011.05.13 12:57:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011.05.10 22:14:01 | 000,000,000 | ---D | C] -- C:\Users\claudi\AppData\Roaming\gtk-2.0 [2011.05.10 22:13:51 | 000,000,000 | ---D | C] -- C:\Users\claudi\.thumbnails [2011.05.10 22:12:36 | 000,000,000 | ---D | C] -- C:\Users\claudi\bilder\Documents\gegl-0.0 [2011.05.10 22:12:36 | 000,000,000 | ---D | C] -- C:\Users\claudi\.gimp-2.6 [2011.05.10 22:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Hemisphere [2011.05.10 19:40:33 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\claudi\Desktop\aswMBR.exe [2011.05.07 20:12:57 | 000,000,000 | ---D | C] -- C:\_OTL [2011.05.04 18:19:07 | 000,000,000 | ---D | C] -- C:\Users\claudi\Desktop\avz4 [2011.05.04 16:11:56 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2011.05.03 21:17:16 | 000,000,000 | ---D | C] -- C:\Users\claudi\bilder\Documents\DVDVideoSoft [2011.04.30 15:02:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011.04.29 22:53:54 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.04.29 22:53:54 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.04.29 22:53:54 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.04.29 22:50:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.04.29 22:50:15 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.04.29 15:00:48 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.04.29 15:00:48 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.04.29 15:00:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.04.29 15:00:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.04.29 14:58:55 | 016,770,848 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\claudi\Desktop\jre-6u25-windows-i586-s.exe [2011.04.29 14:25:17 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2011.04.29 14:25:17 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2011.04.29 14:25:07 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.04.25 22:44:18 | 000,000,000 | ---D | C] -- C:\Users\claudi\Music [2011.04.25 20:49:33 | 000,000,000 | R--D | C] -- C:\Users\claudi\bilder [2011.04.24 22:08:01 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\claudi\Desktop\OTL.exe [2011.04.24 21:27:48 | 000,000,000 | ---D | C] -- C:\Users\claudi\AppData\Roaming\Malwarebytes [2011.04.24 21:27:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.24 21:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.24 21:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.24 21:27:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.24 21:27:27 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.24 16:43:54 | 000,368,128 | ---- | C] (Avira GmbH) -- C:\Users\claudi\Desktop\removaltool-win32-de.exe [2011.04.24 15:16:26 | 000,000,000 | ---D | C] -- C:\Users\claudi\AppData\Roaming\Avira [2011.04.15 15:46:21 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.15 15:46:21 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.15 15:45:44 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.15 15:45:44 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.15 15:45:13 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.15 15:45:08 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.15 15:45:08 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.15 15:45:06 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.15 15:44:58 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.15 15:44:58 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.15 15:44:58 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.15 15:44:58 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.15 15:44:57 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.15 15:44:57 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll ========== Files - Modified Within 30 Days ========== [2011.05.13 17:05:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.13 16:30:42 | 000,004,305 | ---- | M] () -- C:\Users\claudi\Desktop\avz4.zip.zip [2011.05.13 15:54:01 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.13 15:54:01 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.13 13:54:12 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.13 13:54:04 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.05.13 13:53:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.13 13:53:49 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2011.05.13 12:57:33 | 004,348,041 | R--- | M] () -- C:\Users\claudi\Desktop\claudipertra.exe.exe [2011.05.12 23:15:26 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.05.12 20:50:49 | 001,006,778 | ---- | M] () -- C:\Users\claudi\Desktop\rkill.com [2011.05.12 11:36:01 | 000,631,670 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.12 11:36:01 | 000,598,506 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.12 11:36:01 | 000,128,034 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.12 11:36:01 | 000,105,340 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.11 22:01:25 | 060,379,336 | ---- | M] () -- C:\Users\claudi\Desktop\MUNDO NOVO - APITA O COMBOIO.zip [2011.05.10 22:40:17 | 000,001,503 | ---- | M] () -- C:\Users\claudi\.recently-used.xbel [2011.05.10 19:40:33 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\claudi\Desktop\aswMBR.exe [2011.05.10 18:40:11 | 000,075,264 | ---- | M] () -- C:\Users\claudi\Desktop\SystemLook.exe [2011.05.10 16:05:39 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.05.10 15:41:23 | 000,260,322 | ---- | M] () -- C:\Windows\KernelMessage [2011.05.05 14:24:08 | 000,011,264 | ---- | M] () -- C:\Windows\System32\drivers\uzm2mzyy.sys [2011.05.04 18:18:22 | 006,175,589 | ---- | M] () -- C:\Users\claudi\Desktop\avz4.zip [2011.05.04 16:11:47 | 001,110,476 | ---- | M] () -- C:\Users\claudi\Desktop\7z920.exe [2011.05.02 20:43:36 | 000,301,568 | ---- | M] () -- C:\Users\claudi\Desktop\50edjmkh.exe [2011.05.01 16:20:57 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe [2011.05.01 16:20:57 | 000,089,088 | ---- | M] () -- C:\Users\claudi\Desktop\mbr.exe [2011.04.30 17:19:15 | 279,927,816 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.04.29 15:00:21 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.04.29 15:00:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.04.29 15:00:20 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.04.29 15:00:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.04.29 14:59:02 | 016,770,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\claudi\Desktop\jre-6u25-windows-i586-s.exe [2011.04.29 14:38:53 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE [2011.04.25 22:56:31 | 000,054,272 | ---- | M] () -- C:\Users\claudi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.25 13:40:46 | 000,000,731 | ---- | M] () -- C:\Users\claudi\Desktop\Windows Media Center-Verknüpfungen.lnk [2011.04.25 13:18:37 | 000,504,657 | ---- | M] () -- C:\Users\claudi\Desktop\unhide.exe [2011.04.24 22:08:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\claudi\Desktop\OTL.exe [2011.04.24 21:27:31 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.24 16:51:11 | 049,849,560 | ---- | M] () -- C:\Users\claudi\Desktop\avira_antivir_personal_de(2).exe [2011.04.24 16:43:54 | 000,368,128 | ---- | M] (Avira GmbH) -- C:\Users\claudi\Desktop\removaltool-win32-de.exe [2011.04.24 15:07:14 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.04.17 19:36:46 | 000,296,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2011.05.13 16:30:05 | 000,004,305 | ---- | C] () -- C:\Users\claudi\Desktop\avz4.zip.zip [2011.05.12 20:50:45 | 001,006,778 | ---- | C] () -- C:\Users\claudi\Desktop\rkill.com [2011.05.11 22:01:03 | 060,379,336 | ---- | C] () -- C:\Users\claudi\Desktop\MUNDO NOVO - APITA O COMBOIO.zip [2011.05.10 22:40:17 | 000,001,503 | ---- | C] () -- C:\Users\claudi\.recently-used.xbel [2011.05.10 18:40:11 | 000,075,264 | ---- | C] () -- C:\Users\claudi\Desktop\SystemLook.exe [2011.05.07 20:23:50 | 004,348,041 | R--- | C] () -- C:\Users\claudi\Desktop\claudipertra.exe.exe [2011.05.06 20:36:10 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys [2011.05.06 19:52:48 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.05.04 18:18:13 | 006,175,589 | ---- | C] () -- C:\Users\claudi\Desktop\avz4.zip [2011.05.04 16:19:22 | 000,011,264 | ---- | C] () -- C:\Windows\System32\drivers\uzm2mzyy.sys [2011.05.04 16:11:45 | 001,110,476 | ---- | C] () -- C:\Users\claudi\Desktop\7z920.exe [2011.05.02 20:43:33 | 000,301,568 | ---- | C] () -- C:\Users\claudi\Desktop\50edjmkh.exe [2011.05.01 16:30:24 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe [2011.05.01 16:20:57 | 000,089,088 | ---- | C] () -- C:\Users\claudi\Desktop\mbr.exe [2011.04.30 15:02:29 | 279,927,816 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.04.29 22:53:54 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.04.29 22:53:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.04.29 22:53:54 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.04.29 22:53:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.04.29 22:53:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.04.29 14:38:52 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2011.04.25 13:40:46 | 000,000,731 | ---- | C] () -- C:\Users\claudi\Desktop\Windows Media Center-Verknüpfungen.lnk [2011.04.25 13:18:37 | 000,504,657 | ---- | C] () -- C:\Users\claudi\Desktop\unhide.exe [2011.04.24 21:27:31 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.24 16:50:46 | 049,849,560 | ---- | C] () -- C:\Users\claudi\Desktop\avira_antivir_personal_de(2).exe [2009.12.26 19:32:56 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.12.26 19:32:46 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.12.26 19:06:27 | 000,000,680 | ---- | C] () -- C:\Users\claudi\AppData\Local\d3d9caps.dat [2009.09.24 15:47:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.24 15:47:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.06.04 03:02:03 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.06.04 03:00:46 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.06.04 02:59:45 | 000,000,036 | ---- | C] () -- C:\Users\claudi\AppData\Roaming\swk.ini [2009.05.17 22:17:15 | 000,753,456 | ---- | C] () -- C:\Windows\System32\drivers\BisonCam.sys [2009.05.17 22:17:15 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini [2009.03.25 13:37:12 | 000,000,990 | ---- | C] () -- C:\Users\claudi\AppData\Local\RT73_{87462210-6BAB-41E4-BCFE-7A325C0077FE}_wsc [2009.03.25 13:31:42 | 000,000,786 | ---- | C] () -- C:\Users\claudi\AppData\Local\RT73_{1648D51E-22F3-4CC0-ADCB-D396F8916B2A}_prof [2009.03.21 22:17:04 | 000,000,835 | ---- | C] () -- C:\Users\claudi\AppData\Local\RT73_{1648D51E-22F3-4CC0-ADCB-D396F8916B2A}_sta [2009.03.21 22:15:04 | 000,000,990 | ---- | C] () -- C:\Users\claudi\AppData\Local\RT73_{1648D51E-22F3-4CC0-ADCB-D396F8916B2A}_wsc [2009.03.21 21:58:47 | 000,000,990 | ---- | C] () -- C:\Users\claudi\AppData\Local\RT73_{D154123F-0D6E-4382-9FDD-A5FF90C32AA3}_wsc [2009.03.21 21:58:41 | 000,000,827 | ---- | C] () -- C:\Users\claudi\AppData\Local\RT73_{D154123F-0D6E-4382-9FDD-A5FF90C32AA3}_sta [2009.03.21 21:58:37 | 000,000,805 | ---- | C] () -- C:\Users\claudi\AppData\Local\RT73_{D154123F-0D6E-4382-9FDD-A5FF90C32AA3}_prof [2009.03.08 20:56:23 | 000,000,440 | ---- | C] () -- C:\Users\claudi\AppData\Roaming\wklnhst.dat [2008.12.08 18:08:54 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2008.12.08 18:08:54 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2008.09.14 12:23:00 | 000,027,430 | ---- | C] () -- C:\Users\claudi\AppData\Roaming\nvModes.001 [2008.09.14 00:36:07 | 000,027,430 | ---- | C] () -- C:\Users\claudi\AppData\Roaming\nvModes.dat [2008.09.13 18:03:00 | 000,054,272 | ---- | C] () -- C:\Users\claudi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.09.12 21:06:50 | 000,031,007 | ---- | C] () -- C:\Users\claudi\AppData\Roaming\UserTile.png [2008.09.11 21:07:38 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.09.11 21:03:17 | 000,000,238 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini [2008.08.07 09:43:22 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2008.02.29 14:13:14 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2008.01.21 09:15:58 | 000,631,670 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,128,034 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,296,064 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,598,506 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,105,340 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2002.05.13 11:16:19 | 000,356,352 | ---- | C] () -- C:\Windows\System32\xvid.dll [1998.07.06 00:00:00 | 000,064,512 | ---- | C] () -- C:\Windows\System32\MSCC2DE.DLL ========== LOP Check ========== [2010.09.19 21:10:15 | 000,000,000 | ---D | M] -- C:\Users\claudi\AppData\Roaming\DVDVideoSoftIEHelpers [2011.05.10 22:40:17 | 000,000,000 | ---D | M] -- C:\Users\claudi\AppData\Roaming\gtk-2.0 [2009.08.25 06:12:41 | 000,000,000 | ---D | M] -- C:\Users\claudi\AppData\Roaming\LimeWire [2008.09.12 21:06:50 | 000,000,000 | ---D | M] -- C:\Users\claudi\AppData\Roaming\PeerNetworking [2010.03.02 21:16:51 | 000,000,000 | ---D | M] -- C:\Users\claudi\AppData\Roaming\PhotoFiltre [2009.03.08 20:56:24 | 000,000,000 | ---D | M] -- C:\Users\claudi\AppData\Roaming\Template [2009.02.24 19:30:07 | 000,000,000 | ---D | M] -- C:\Users\claudi\AppData\Roaming\Zylom [2011.05.12 23:15:27 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
|
13.05.2011, 16:51
| #3 |
| | TR/Kazy.mekml.1' [trojan] / daten weg Punkt 3
__________________Da ist markiert. Fujitsu Siemens computers ECOSettings Und bei dem anderen. Kennwort ist erforderlich (empfohlen) |
|
13.05.2011, 16:55
| #4 | |
| /// Malwareteam / Visitor  | TR/Kazy.mekml.1' [trojan] / daten wegZitat:
__________________ [°¿°] Ciao, Petra |
|
13.05.2011, 16:56
| #5 |
| | TR/Kazy.mekml.1' [trojan] / daten weg Hmm oke.. Und wie funktioniert das  |
|
13.05.2011, 18:09
| #6 |
| | TR/Kazy.mekml.1' [trojan] / daten weg Irgendwie funktioniert da gar nichts.. Ich kann diese minidump dateien weder öffnen noch als zip datei packen.. Jedes mal kommt etwas auf englisch sowas wie ich hätte dazu nicht die berrechtigung..So verstehe ich es zumindestens. |
|
| Themen zu TR/Kazy.mekml.1' [trojan] / daten weg |
| .exe, aktion, avgntflt.sys, busse, conduit, datei, daten, daten weg, excel.exe, forum, gefunde, google chrome, heute, hoffe, immer wieder, install.exe, intranet, location, loszuwerden, microsoft office word, neues, nvlddmkm.sys, office 2007, oldtimer, picasa, plug-in, presentationhost.exe, programm, saver, sched.exe, searchplugins, security update, shell32.dll, shortcut, sicht, start menu, systems, thema, tr/kazy.mekml.1, troja, trojan, unerwünschtes, unerwünschtes programm, verschwunden, virus, zugriff |
![TR/Kazy.mekml.1' [trojan] / daten weg](iconimages/plagegeister-aller-art-deren-bekaempfung/tr-kazy-mekml-1-trojan-daten-weg_ltr.gif)
Hybrid-Darstellung
