Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Kazy/mekl.1 - Bin auch betroffen - Alle Dateien weg

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.04.2011, 00:09   #1
Count89
 
TR/Kazy/mekl.1 - Bin auch betroffen - Alle Dateien weg - Standard

TR/Kazy/mekl.1 - Bin auch betroffen - Alle Dateien weg



Hallo ich habe auch dieses Virus wie oben genannt.
Habe so eine nachricht für Adobe Flash Player gehabt und habe natürlich zulassen gedrückt hab ja nicht gewusst das sowas passieren könnte.
Achso nich das ich es vergesse ich habe jetzt alles was ich an spiele programme D-insterliert hoffe war kein fehler

Würde mich um Hilfe sehr freuen

habe gerade Anti Malware duchgefürht


Anti Malware log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6443

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

26.04.2011 00:43:55
mbam-log-2011-04-26 (00-43-55).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 139475
Laufzeit: 3 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rfxXnMEdlJbla (Trojan.FakeAlert) -> Value: rfxXnMEdlJbla -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\rfxxnmedljbla.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

hab auch OTL schon dürchführen lassen


OTL.Txt logs

Code:
ATTFilter
OTL logfile created on: 26.04.2011 00:58:07 - Run 2
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\*****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452,99 Gb Total Space | 413,52 Gb Free Space | 91,29% Space Free | Partition Type: NTFS
 
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\*****\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\TP-LINK\QSS\jswpbapi.exe (Wireless)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated)
PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - c:\Programme\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
PRC - c:\Programme\Acer Bio Protection\CompPtcVUI.exe (Egis Technology Inc.)
PRC - C:\Programme\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\Acer\Acer PowerSmart Manager\SysHook.dll (Acer Incorporated)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (jswpsapi) -- C:\Programme\TP-LINK\QSS\jswpsapi.exe (Wireless)
SRV - (jswpbapi) -- C:\Programme\TP-LINK\QSS\jswpbapi.exe (Wireless)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (IGBASVC) -- c:\Programme\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (athur) -- C:\Windows\System32\drivers\athur.sys (Atheros Communications, Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (AlfaFF) -- C:\Windows\system32\drivers\AlfaFF.sys (Alfa Corporation)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (CyberLink Corp.)
DRV - (FPSensor) EgisTech-Corp Fingerprint Reader Driver (FPSensor.sys) -- C:\Windows\System32\drivers\FPSensor.sys (Egis)
DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.)
DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.)
DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.)
DRV - (hidshim) -- C:\Windows\System32\drivers\hidshim.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nuvotonhidgeneric) -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys (Nuvoton Technology Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1010&m=aspire_7738
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1010&m=aspire_7738
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1010&m=aspire_7738
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.24 12:37:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.25 02:23:36 | 000,000,000 | ---D | M]
 
[2010.10.01 20:46:23 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2011.04.25 04:11:29 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mxut8b4b.default\extensions
[2010.11.25 03:12:39 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mxut8b4b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.26 16:13:16 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mxut8b4b.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.10.03 04:35:44 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mxut8b4b.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.03.27 21:31:18 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mxut8b4b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.03.26 16:13:15 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mxut8b4b.default\extensions\engine@conduit.com
[2010.10.03 08:23:05 | 000,000,873 | -H-- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\mxut8b4b.default\searchplugins\conduit.xml
[2011.04.19 21:18:58 | 000,000,944 | -H-- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\mxut8b4b.default\searchplugins\icqplugin.xml
[2011.04.25 22:36:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.10.03 04:24:06 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.03 04:24:06 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.03 04:24:06 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.03 04:24:06 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.03 04:24:06 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{63528e68-475d-11e0-9296-00262d6043a3}\Shell - "" = AutoRun
O33 - MountPoints2\{63528e68-475d-11e0-9296-00262d6043a3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{e367679d-01f3-11e0-b2f5-00262d6043a3}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe JLPC00.vbs
O33 - MountPoints2\{e3e07de6-d916-11df-b16e-00262d6043a3}\Shell - "" = AutoRun
O33 - MountPoints2\{e3e07de6-d916-11df-b16e-00262d6043a3}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{ee090917-cd82-11df-af72-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ee090917-cd82-11df-af72-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{fb6742c0-dca4-11df-b657-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fb6742c0-dca4-11df-b657-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\E\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe JLPC00.vbs
O33 - MountPoints2\G\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe JLPC00.vbs
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.26 00:48:08 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2011.04.26 00:38:35 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes
[2011.04.26 00:38:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.26 00:38:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.26 00:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.26 00:38:26 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.26 00:37:48 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\*****\Desktop\mbam-setup-1.50.1.1100.exe
[2011.04.25 02:21:11 | 000,000,000 | -H-D | C] -- C:\Users\*****\AppData\Local\Microsoft Help
[2011.04.14 02:08:04 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.14 02:08:04 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.14 02:07:59 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.14 02:07:59 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.14 02:07:59 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.14 02:07:59 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.14 02:07:59 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.14 02:07:59 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.14 02:07:59 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.14 02:07:59 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.14 02:07:59 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.14 02:07:59 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.14 02:07:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.14 02:07:59 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.14 02:07:59 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.14 02:07:59 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.14 02:07:59 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.14 02:07:59 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.14 02:07:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.14 02:07:52 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.14 02:07:52 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.14 02:07:49 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.14 02:07:48 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.14 02:07:45 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.14 02:07:45 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.10.02 04:26:30 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.26 00:53:45 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.26 00:53:45 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.26 00:53:43 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011.04.26 00:53:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.26 00:53:16 | 3215,908,864 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.26 00:52:27 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.04.26 00:48:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2011.04.26 00:38:30 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.26 00:37:51 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\*****\Desktop\mbam-setup-1.50.1.1100.exe
[2011.04.26 00:30:42 | 000,639,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.26 00:30:42 | 000,604,764 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.26 00:30:42 | 000,131,218 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.26 00:30:42 | 000,108,096 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.25 19:37:22 | 000,297,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.25 08:02:14 | 000,254,792 | -H-- | M] () -- C:\ProgramData\nvModes.001
[2011.04.25 07:46:45 | 000,000,126 | -HS- | M] () -- C:\ProgramData\.zreglib
[2011.04.25 01:04:12 | 000,254,792 | -H-- | M] () -- C:\ProgramData\nvModes.dat
[2011.04.16 03:42:50 | 000,094,720 | -H-- | M] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.07 23:13:21 | 340,393,624 | ---- | M] () -- C:\Windows\MEMORY.DMP
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.26 00:38:30 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.25 09:35:39 | 3215,908,864 | -HS- | C] () -- C:\hiberfil.sys
[2011.03.15 12:52:14 | 000,000,000 | -H-- | C] () -- C:\Users\*****\AppData\Roaming\wklnhst.dat
[2011.01.19 16:43:22 | 000,000,997 | ---- | C] () -- C:\Windows\eReg.dat
[2011.01.09 18:25:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.11.12 02:02:13 | 000,000,093 | -H-- | C] () -- C:\Users\*****\AppData\Local\fusioncache.dat
[2010.10.18 23:49:35 | 000,000,126 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.10.04 14:43:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.10.04 14:43:28 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.10.03 01:40:03 | 000,094,720 | -H-- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.01 20:15:46 | 000,007,808 | -H-- | C] () -- C:\Users\*****\AppData\Local\d3d9caps.dat
[2010.10.01 20:01:53 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2010.10.01 20:01:52 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2010.10.01 20:01:52 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010.10.01 20:01:52 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2010.10.01 19:57:07 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2010.10.01 19:57:07 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2010.10.01 19:57:07 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2010.10.01 19:57:07 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2010.10.01 19:57:07 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2010.10.01 19:57:07 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2010.10.01 19:48:24 | 000,254,792 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2010.10.01 19:47:24 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010.10.01 19:45:33 | 000,254,792 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.03.12 12:47:51 | 000,639,210 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.03.12 12:47:51 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.03.12 12:47:51 | 000,131,218 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.03.12 12:47:51 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.03.12 12:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009.03.12 04:09:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.02.13 02:50:52 | 000,097,792 | ---- | C] () -- C:\Windows\System32\INT15_64.dll
[2009.02.13 02:50:52 | 000,081,920 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2009.02.13 02:50:52 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2009.02.13 02:50:52 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2009.02.13 02:50:04 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2009.02.11 22:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009.02.11 22:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009.02.11 22:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,297,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,604,764 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,108,096 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2010.10.01 20:04:55 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Acer
[2010.10.01 20:25:38 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Acer GameZone Console
[2010.10.03 06:44:15 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\PowerCinema
[2011.03.15 12:52:39 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Template
[2010.10.01 20:47:29 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\TuneUp Software
[2011.04.26 00:52:28 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:C279DE76ADE0A21B

< End of report >
         
Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 26.04.2011 00:58:07 - Run 2
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\*****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452,99 Gb Total Space | 413,52 Gb Free Space | 91,29% Space Free | Partition Type: NTFS
 
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0069DED1-D382-4AC1-923E-FFCAC9088C58}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{12F14E36-2CE6-4CA1-9027-4C9874A5B886}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1FA57EBB-6F65-4D79-8654-115A1F295FEA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2CC479EE-21F4-4AA4-973F-58A08B589617}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3C4D808C-F41A-4D78-A0CB-E15B72DAC656}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{445C5BFE-698E-4632-9815-333E95E1749F}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{47FE9C45-3E72-4270-9977-A5496420EDDD}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{566AF3F9-4AB8-4C69-BB13-C8022031F073}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{667A7367-AAFD-40D9-89DC-D055A786BE3D}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{68154A7B-0B4C-40B2-B500-8B84FB03CAA8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6A65C736-4A4D-4CF3-9AF2-D8FD034470A6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{70E58824-D5C0-48E8-BB35-82531998309F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{75EECBF5-AE88-490C-BCB6-099B1E3C558A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{76C4B2FD-A99F-4744-AA82-DCD6808487B5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{80FA43AF-E244-4FE9-9CAF-FF14AFFA8985}" = rport=139 | protocol=6 | dir=out | app=system | 
"{859A38BB-6B32-4CE8-A9DD-41838A958980}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A34F5FFB-40EB-497A-9DC1-FC38F8259F9F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AAC3F1C2-CB73-44CA-9793-A54E6863FD39}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{BF34E340-6891-4C41-A014-FBD8E680D29B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C2298F70-2EEE-4563-A5F3-E98DD720AFE3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C8413065-DD80-4D7F-B516-874BFCB345A9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C8A69E61-F257-4357-BC9D-2175B9E98995}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E0832C23-A8BD-497B-AC02-261ED1054E63}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{E7189E86-1BD3-4B89-95A4-31E160337096}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{EB1AF874-62B2-4C61-8509-7CEA2074893E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F8DE469E-6624-44FC-B4D4-0FDBC6E4A985}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D3D98F-1459-461B-9D16-0832CC86CF3F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{0AD63CA4-E4FB-4FCB-9EE2-9E7B8D955EB7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{0EDE2E52-638B-4354-B8FE-6821D4F83E2F}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{15BDE910-C418-4C4C-8EDF-9E17E82081EF}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{1E4BF842-D111-4BD7-A95E-E552AE39E9A9}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{4402DD63-92A1-4298-B39C-DF3856A5C25E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{44313369-55A3-4DAD-880E-2106C1031AB1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{458E820A-E78B-4442-AB69-70D86C226EB1}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | 
"{5211482B-3670-4CEA-8798-5A4E781329C8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{6E3A109D-AC1A-485F-800A-32582D09EFA8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{763F5E67-36E2-44FA-B037-B18A2F7547F6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{872CB79E-99AB-4D05-93AA-96478211B807}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | 
"{887502F7-B963-4CD7-90C8-6D32F7E57387}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{A4ED40AA-37FE-4B9D-85B4-865AAED6C760}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{AF0D2822-A570-4A1D-9BEE-450492264848}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B9C80FB7-0378-44B6-A0C0-11A60C3DC1F7}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{BEA626B6-140C-4DC4-AD06-572D004D03BF}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{BEBE12C7-C25F-4A71-A453-1C6D230CFAA8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{CEEADCE0-523F-45F8-BDAE-F5122A328643}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D07A5D93-3C9C-4225-BD22-4D117444327F}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{D3DCF119-3522-4FAD-ACA9-760D9028FFB5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FFF1C6CF-74A4-47EB-8B46-2026BB531277}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | 
"TCP Query User{63212298-E5B7-4E0F-928A-174EF1EB78F8}C:\program files\activision\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - black ops\blackops.exe | 
"TCP Query User{6E89FF0F-3979-483C-BD9F-C5B2C50BDA24}C:\program files\activision\call of duty - black ops\blackopsmp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - black ops\blackopsmp.exe | 
"TCP Query User{75E57E50-E0A6-4284-AC9D-892884678D92}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{C528461F-8B5E-465B-BDA3-FDD0F7AF9818}C:\users\*****\desktop\*****\image\dead space ii clonedvd\dead space 2\dead space 2\deadspace2.exe" = protocol=6 | dir=in | app=c:\users\*****\desktop\*****\image\dead space ii clonedvd\dead space 2\dead space 2\deadspace2.exe | 
"TCP Query User{CB0A8271-1A2B-49D6-853C-73762FED1BB5}C:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\der herr der ringe online\lotroclient.exe | 
"TCP Query User{EE4A9A48-8139-4742-9C81-5BCF4E0000C8}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{0079BC4C-05F9-415D-B6B6-7E7F4F05206B}C:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\der herr der ringe online\lotroclient.exe | 
"UDP Query User{03210AEE-8744-4014-B826-CA0A17FA2440}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{716CF143-72A0-4086-A2DF-977D06444095}C:\program files\activision\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - black ops\blackops.exe | 
"UDP Query User{AB4731CE-2313-4716-A527-AD38E1FF6F21}C:\program files\activision\call of duty - black ops\blackopsmp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - black ops\blackopsmp.exe | 
"UDP Query User{AB60F894-DE0F-4F91-BDB1-489FF7F00FFE}C:\users\*****\desktop\*****\image\dead space ii clonedvd\dead space 2\dead space 2\deadspace2.exe" = protocol=17 | dir=in | app=c:\users\*****\desktop\*****\image\dead space ii clonedvd\dead space 2\dead space 2\deadspace2.exe | 
"UDP Query User{ACB80FB1-1393-4F09-9F62-9805F11D5239}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{153898EE-EECA-471E-8E33-C8485EA84C07}" = QSS Installation Program
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{302E9B7B-2B6A-4C29-9A02-9F2110649779}" = Nuvoton EC Generic HID Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{565A39D6-4FB0-4F35-A2AC-0DC66ACC3520}" = Fingerprint Solution
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5A2F371F-8B5D-46B4-833C-0612B065BEC7}" = GameShadow
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{7A2A107B-9695-423F-9462-8F17C178BD35}" = TP-LINK Wireless Client Utility
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"AC3Filter" = AC3Filter (remove only)
"Acer Screensaver" = Acer ScreenSaver
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{565A39D6-4FB0-4F35-A2AC-0DC66ACC3520}" = Acer Bio Protection
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"NVIDIA Drivers" = NVIDIA Drivers
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         

Alt 27.04.2011, 20:01   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Kazy/mekl.1 - Bin auch betroffen - Alle Dateien weg - Standard

TR/Kazy/mekl.1 - Bin auch betroffen - Alle Dateien weg



Zitat:
Art des Suchlaufs: Quick-Scan
Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________

__________________

Antwort

Themen zu TR/Kazy/mekl.1 - Bin auch betroffen - Alle Dateien weg
adblock, alternate, antivir, autorun, avgntflt.sys, avira, bho, black, c:\windows\system32\rundll32.exe, call of duty, dateien weg, defender, error, excel.exe, firefox, flash player, format, home, install.exe, installation, launch, location, locker, logfile, malware, microsoft office word, mozilla, mywinlocker, nvlddmkm.sys, oldtimer, realtek, registry, rundll, saver, sched.exe, searchplugins, security, shell32.dll, software, sptd.sys, start menu, svchost.exe, udp, usb, virus, vista, wscript.exe



Ähnliche Themen: TR/Kazy/mekl.1 - Bin auch betroffen - Alle Dateien weg


  1. More for you... auch ich bin betroffen
    Log-Analyse und Auswertung - 22.10.2012 (5)
  2. Suchmaschinenumleitung (Google) alle Browser betroffen!
    Plagegeister aller Art und deren Bekämpfung - 17.05.2012 (1)
  3. TR/Kazy.mekl.1 und Kazy3281 und Windows Recovery spinnt rum...
    Log-Analyse und Auswertung - 16.07.2011 (23)
  4. kazy.mekl Trojaner
    Log-Analyse und Auswertung - 10.05.2011 (27)
  5. TR/Kazy.mekl.1 und Meldung "WTR Loader funktioniert nicht mehr"
    Log-Analyse und Auswertung - 07.05.2011 (23)
  6. tr/kazy.mekml.1 leider hats mich auch betroffen
    Log-Analyse und Auswertung - 06.05.2011 (26)
  7. Ich habe auch TR/Kazy/mekl.1
    Plagegeister aller Art und deren Bekämpfung - 06.05.2011 (1)
  8. TR/Kazy/mekl.1 - alles ist weg
    Plagegeister aller Art und deren Bekämpfung - 04.05.2011 (17)
  9. TR/Kazy.mekl.1 ebendfalls bei mir...
    Log-Analyse und Auswertung - 02.05.2011 (9)
  10. TR/Kazy.mekl.1 und Meldung "WTR Loader funktioniert nicht mehr"
    Log-Analyse und Auswertung - 02.05.2011 (21)
  11. TR/kazy.mekml.1 auch ich bin betroffen, bitte um Hilfe
    Log-Analyse und Auswertung - 01.05.2011 (6)
  12. TR/Kazy/mekl.1 - Auch mich hats erwischt - Alle Dateien weg
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (25)
  13. Festplatten-Fehlermeldungen, Desktop schwarz, Dateien verschwunden, wohl auch TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (7)
  14. TR/Kazy/mekl.1 habe ich auch :(
    Plagegeister aller Art und deren Bekämpfung - 27.04.2011 (14)
  15. TR/Kazy.mekml.1 Auch ich bin betroffen. Eingabe OTL?
    Plagegeister aller Art und deren Bekämpfung - 26.04.2011 (2)
  16. TR/Kazy.mekml.1 hat auch mich betroffen ;) ich kämpfe gegen an!
    Plagegeister aller Art und deren Bekämpfung - 25.04.2011 (1)
  17. Sind bei Virenbefall alle Dateitypen sofort betroffen?
    Plagegeister aller Art und deren Bekämpfung - 26.08.2010 (1)

Zum Thema TR/Kazy/mekl.1 - Bin auch betroffen - Alle Dateien weg - Hallo ich habe auch dieses Virus wie oben genannt. Habe so eine nachricht für Adobe Flash Player gehabt und habe natürlich zulassen gedrückt hab ja nicht gewusst das sowas passieren - TR/Kazy/mekl.1 - Bin auch betroffen - Alle Dateien weg...
Archiv
Du betrachtest: TR/Kazy/mekl.1 - Bin auch betroffen - Alle Dateien weg auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.